Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

security2k host

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

security2k host

Unread postby steve1ph2 » September 14th, 2005, 2:56 am

seems my pc is playing host to the security2k crap. iv read the previous post and hijack log. my highjack log is some what shorter but does have the 2k crap entries. same try in reparing, nortons, spybot, luke ect. i havent tried the solution decribed in the other post because i too do not have the media access folder in programs folder and feel like thats a part of the chain i need to have to be successfull. does it matter? i do have web access on another pc. thanks.
steve1ph2
Active Member
 
Posts: 12
Joined: September 14th, 2005, 2:19 am
Advertisement
Register to Remove

Re: security2k host

Unread postby Perculator » September 14th, 2005, 3:14 am

just post a hijack this log here please, and i wil fix your problems
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

Unread postby steve1ph2 » September 14th, 2005, 3:21 am

ok i just moved the notedpad log to this pc.
steve1ph2
Active Member
 
Posts: 12
Joined: September 14th, 2005, 2:19 am

Unread postby steve1ph2 » September 14th, 2005, 3:26 am

Scan saved at 2:11:07 AM, on 9/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\shnlog.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\intmon.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Documents and Settings\Dane\Desktop\new tools\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.security2k.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.security2k.net/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.security2k.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.security2k.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.security2k.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.security2k.net/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.security2k.net/
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hp70DB.tmp
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 7566259422
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
steve1ph2
Active Member
 
Posts: 12
Joined: September 14th, 2005, 2:19 am

Unread postby Perculator » September 14th, 2005, 4:03 am

Please read these instructions carefully. You may want to print them. Copy the text to a Notepad file and save it to your desktop! We will need the file later.
Be sure to follow ALL instructions!



Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

***

Please download the trial version of ewido security suite.

    Install ewido security suite
    When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

    Launch ewido, there should be an icon on your desktop double-click it.
    The program will prompt you to update click the OK button

    The program will now go to the main screen
You will need to update ewido to the latest definition files.
    On the left hand side of the main screen click update
    Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed, close Ewido for now.

***

If you have not already installed Ad-Aware SE 1.06, please download and install AdAware SE 1.06.
Check Here on how setup and use it - please make sure you update it first.



Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml

***

Open HijackThis
Place a check against each of the following, making sure you get them all and not any others by mistake:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.security2k.net/search.php?qq=%1

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.security2k.net/bar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.security2k.net/search.php?qq=%1

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.security2k.net/search.php?qq=%1

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.security2k.net/search.php?qq=%1

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.security2k.net/search.php?qq=%1

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.security2k.net/


Close all programs leaving only HijackThis running.
Click on Fix Checked when finished and exit HijackThis.

***

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.
Post me the contents of the smitfiles.txt log as you post back.

***

Open Ad-aware and do a full scan. Remove all it finds.

***

Now open Ewido Security Suite:
    * Click on scanner
    * Click Complete System Scan and the scan will begin.
    * During the scan it will prompt you to clean files, click OK
    * When the scan is finished, look at the bottom of the screen and click the Save report button.
    * Save the report to your desktop

Reboot your computer.

***

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

***

Reboot back into Windows post a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.



If you are not having connection to the internet download smitrem and put it on removable media install it on the sick computer run it in safe mode then restart your computer and check if you can get to the internet now post the outcome of the smitfiles.txt and a fresh hijack this log
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

Unread postby steve1ph2 » September 14th, 2005, 4:19 am

im out of time tonight but i will do what you said tommorow. thanks a mill. thanks for helping me and everybody else. ill post and let you know how it went. thanks again.
steve1ph2
Active Member
 
Posts: 12
Joined: September 14th, 2005, 2:19 am

Unread postby Perculator » September 14th, 2005, 5:46 am

steve1ph2 wrote:im out of time tonight but i will do what you said tommorow. thanks a mill. thanks for helping me and everybody else. ill post and let you know how it went. thanks again.


no problem i'll see your post when it gets there. :lol:
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

Unread postby steve1ph2 » September 14th, 2005, 3:59 pm

these steps and programs you suggested worked. i did get the security crap to go away. now my problem is windows update will not work. it will go to the update page but the page is blank. same when i try to download the msn 9 dial up page is blank. also i tried to install flash player from macromedia`s site but the install pop up will not show. yahoo and other pages show fine. any suggestions? fixing go to work will be back later. thanks. cant uninstall msn from the add/remove when i click uninstall the msn interface will popup but with the boarder showing only. nothing inside the boarder will show.
steve1ph2
Active Member
 
Posts: 12
Joined: September 14th, 2005, 2:19 am

Unread postby Perculator » September 14th, 2005, 5:13 pm

Like i asked in my fix

post a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

scan reports

Unread postby steve1ph2 » September 15th, 2005, 1:03 am

Scan saved at 11:47:45 PM, on 9/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Dane\Desktop\new tools\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 7566259422
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe


ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:08:43 PM, 9/14/2005
+ Report-Checksum: A2445A57

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
C:\Documents and Settings\Dane\Desktop\new tools\nero\(Crack) Nero 6.3.0.3 Keygen.zip/Keygen.exe -> TrojanDropper.Delf.gi : Cleaned with backup
C:\Documents and Settings\Dane\Desktop\new tools\WinZIP.v9.0.Final.zip/rp_winzipv90_kg_fix.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\popuper.exe_tobedeleted -> Trojan.Puper.aw : Cleaned with backup
C:\WINDOWS\system32\intmonp.exe_tobedeleted -> Spyware.PSGuard : Cleaned with backup
C:\WINDOWS\system32\shnlog.exe_tobedeleted -> Spyware.Hijacker.Generic : Cleaned with backup


::Report End
smitRem log file
version 2.3

by noahdfear

The current date is: Wed 09/14/2005
The current time is: 12:08:24.91

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

intmonp.exe
ole32vbs.exe
msole32.exe
hp***.tmp
shnlog.exe
intmon.exe
hhk.dll
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

sites.ini
popuper.exe


~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

CLEAN! :)
steve1ph2
Active Member
 
Posts: 12
Joined: September 14th, 2005, 2:19 am

Unread postby steve1ph2 » September 16th, 2005, 10:34 am

hi, iv just about got everything working like it should the only thing i havent got to work is the xp update. when going thru the control panel to update windows will take me to the update page and says done but the page is blank. anysuggestions?
steve1ph2
Active Member
 
Posts: 12
Joined: September 14th, 2005, 2:19 am

Unread postby Perculator » September 16th, 2005, 2:14 pm

Yes a few

let's try this first

go to
start
run

and type
sfc /scannow


mind the space after sfc

windows will now check for corrupt files

let me know if it worked
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

Unread postby steve1ph2 » September 17th, 2005, 11:45 am

perculator, tried the sfc /scannow still getting a blank update page. the system is clean and then some. i finally got nortons and all the anti spyware back on the pc, updated and ran a few times. they`er not finding anything now. the machine is running real nice except the update prob. all the other web sites are showing with no problem. thanks.
steve1ph2
Active Member
 
Posts: 12
Joined: September 14th, 2005, 2:19 am

Unread postby Perculator » September 18th, 2005, 10:22 am

Try this - with all browser windows closed.
Go to
Start
Run

and copy and paste each of the following, hitting ok after each:


regsvr32 softpub.dll
regsvr32 wintrust.dll
regsvr32 initpki.dll
regsvr32 dssenh.dll
regsvr32 rsaenh.dll
regsvr32 gpkcsp.dll
regsvr32 sccbase.dll
regsvr32 slbcsp.dll
regsvr32 cryptdlg.dll


Reboot the computer
Then try to access the sites that were giving you problems again.

Now tell me everything is working real fine again :lol:
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

Unread postby steve1ph2 » September 18th, 2005, 10:29 pm

Perculator wrote:Try this - with all browser windows closed.
Go to
Start
Run

and copy and paste each of the following, hitting ok after each:


regsvr32 softpub.dll
regsvr32 wintrust.dll
regsvr32 initpki.dll
regsvr32 dssenh.dll
regsvr32 rsaenh.dll
regsvr32 gpkcsp.dll
regsvr32 sccbase.dll
regsvr32 slbcsp.dll
regsvr32 cryptdlg.dll


Reboot the computer
Then try to access the sites that were giving you problems again.

Now tell me everything is working real fine again :lol:
i finally ended up doing what you said before i got back to this post which was reregistering the exployer files. plus when i did get the update page to come up it found some other unregistered stuff and did it auto. everything is working fine now thanks again. fyi to everybody, i did have to turn off zone alarm on my other pc on the network. which i totaly was not suspecting cause all five of my pc`s run thru the router not the pc with zone alarm on it. thanks again...
steve1ph2
Active Member
 
Posts: 12
Joined: September 14th, 2005, 2:19 am
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 330 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware