Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

PLEASE HELP MY INTERNET CHANGES!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

PLEASE HELP MY INTERNET CHANGES!

Unread postby Nick15 » April 23rd, 2005, 11:08 am

Please help me this spyware keeps coming down called DerBiz.com it installs itself and then comes up a grey screen saying do you accept terms and conditions and even though i click on no it still installs and takes over my internet explorer to DerBiz the worrying thing is that it is a premium number so we have to pay every time we go on it. Another thing is i cant get rid of it because i uninstall it but it coming back. PLEASE HELP ME! :(
Nick15
Active Member
 
Posts: 7
Joined: April 23rd, 2005, 11:00 am
Advertisement
Register to Remove

Unread postby 'KotaGuy » April 23rd, 2005, 12:13 pm

Hi Nick15 and welmcome to Malware Removal.

I'm 'KotaGuy and I will be happy to help you with your problem.

Need you to download a tool first. Download HijackThis. Extract(unzip) it to its own folder(eg: C:\Program Files\HJT\HijackThis.exe) so it can create the backups it needs to.

Run the program and press the "Do a System Scan and save a Logfile" button. The log will open up in notepad. Copy/paste the complete contents of the log into a reply in this thread.

Thanks!
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby Nick15 » April 23rd, 2005, 4:51 pm

Its not worked
Nick15
Active Member
 
Posts: 7
Joined: April 23rd, 2005, 11:00 am

Unread postby 'KotaGuy » April 23rd, 2005, 4:55 pm

Sorry about that. Seems my link is bad. Have to change that :P

Try here.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Help

Unread postby Nick15 » April 24th, 2005, 3:17 pm

Plz help me sum1 i dnt no how 2 show my logfile im not a computer geniuse! plz help :!:
Nick15
Active Member
 
Posts: 7
Joined: April 23rd, 2005, 11:00 am

Unread postby 'KotaGuy » April 24th, 2005, 3:54 pm

Run HijackThis. Press the "Do a System scan and save a Log file" button. When the log file opens up, hit Ctrl+A to hilite the whole document. Hit Ctrl+C to copy it. In your reply, press Ctrl+V to paste it in the text field.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Sorry

Unread postby Nick15 » April 25th, 2005, 11:19 am

Im sorry to keep bothering you but still it has not worked the zip has not worked i mean. :(
Nick15
Active Member
 
Posts: 7
Joined: April 23rd, 2005, 11:00 am

Unread postby 'KotaGuy » April 25th, 2005, 11:43 am

Edit: Deleted by 'KG Ignore this post.
Last edited by 'KotaGuy on April 25th, 2005, 12:06 pm, edited 1 time in total.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby ChrisRLG » April 25th, 2005, 11:58 am

Try the self extrating program from the downloads page at the top og this forum, that does not need a zip program to extract - or the exe version.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby 'KotaGuy » April 25th, 2005, 12:05 pm

Or do as ChrisRLG said... download from here

Forgot you had it hosted here, Chris... again :P

You won't need to unzip this one Nick15... just save it to its own folder. The link I provided is to the program itself.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby Nick15 » April 25th, 2005, 12:58 pm

MY LOGFILE
Logfile of HijackThis v1.99.1
Scan saved at 17:53:47, on 25/04/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\System32\svchost.exe
C:\winnt\system32\dxnllsc.exe
C:\WINNT\system32\internat.exe
C:\winnt\system32\calc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bt.com/btbroadbandstart
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bt.com/btbroadbandstart
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Windows Compliant] winole.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [switp] C:\WINNT\switpa.exe
O4 - HKLM\..\Run: [BBDial] C:\Program Files\BT Voyager 105 ADSL Modem\BT Broadband.exe
O4 - HKLM\..\Run: [svchost] C:\WINNT\system32\svmhost.exe
O4 - HKLM\..\Run: [dxnllsc] c:\winnt\system32\dxnllsc.exe
O4 - HKLM\..\Run: [etbrun] C:\winnt\system32\eliteozi32.exe
O4 - HKLM\..\RunServices: [Windows Compliant] winole.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: RoadAngel USB.lnk = C:\Program Files\RoadAngelUSB\RoadAngelUSB.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .fdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} (007installer Control) - http://download.007guard.com/msnnames/msnnames.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) - http://installs.hotbar.com/installs/hbt ... btools.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{11C81078-8EB5-42F3-856B-1B96C190BC19}: NameServer = 194.74.65.68 194.72.9.38
O17 - HKLM\System\CS1\Services\Tcpip\..\{11C81078-8EB5-42F3-856B-1B96C190BC19}: NameServer = 194.74.65.68 194.72.9.38
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. (Netbios Helper) - Unknown owner - C:\WINNT\system32\nbthelp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Nick15
Active Member
 
Posts: 7
Joined: April 23rd, 2005, 11:00 am

Unread postby 'KotaGuy » April 25th, 2005, 2:38 pm

Thanks for posting the log Nick15!

Print this out for reference during the fix.

Download and install CCleaner. Don't run it yet.

Download CWShredder. Save it to its own folder. Run the program, update it. Press the Fix button.

Download LQFix. Save it to your desktop. Don't run it yet.

Make sure no files are hidden. To do this:

1. Double-click on the My Computer icon.
2. Select the Tools menu and click Folder Options.
3. After the new window appears select the View tab.
4. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
5. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
6. Remove the checkmark from the checkbox labeled Hide protected operating system files.
7. Press the Apply button and then the OK button and shutdown My Computer.

Boot into Safe Mode. To do this:

1. Reboot your computer.
2. Tap the F8 button as your computer is booting to bring you to the Advanced Options Menu.
3. Select Safe Mode and press Enter.

Double click the LQFix.bat file I had you save to your Desktop.

When its done, reboot Windows normally and post a new HijackThis log please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby ChrisRLG » May 10th, 2005, 6:51 pm

Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 300 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware