GoFuckYourself.com - Adult Webmaster Forum - View Single Post - GFY Installing Malware

halfpint · 05-11-2010, 12:03 PM

here is some more info on helping you to get rid of this shit

Look for these entries and Remove them These might not be the same on your comp but they will be simillar

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5555

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [flquqogp] C:\Documents and Settings\xxxx\Local Settings\Application Data\iwtnxrmxj\lkceppetssd.exe

O4 - HKLM\..\Run: [asam] C:\Documents and Settings\Administrator\Local Settings\Application Data\asam.exe

O4 - HKLM\..\Run: [ixbdhntx] C:\Documents and Settings\Administrator\Local Settings\Application Data\lbakdayih\tlduisstssd.exe

O4 - HKLM\..\Run: [fjscgslq] C:\Documents and Settings\xxxxx\Local Settings\Application Data\wjogyytnf\wmcjfdbtssd.exe

O4 - HKCU\..\Run: [flquqogp] C:\Documents and Settings\xxxx\Local Settings\Application Data\iwtnxrmxj\lkceppetssd.exe

O4 - HKCU\..\Run: [asam] C:\Documents and Settings\xxxx\Local Settings\Application Data\asam.exe

O4 - HKCU\..\Run: [fjscgslq] C:\Documents and Settings\xxxx\Local Settings\Application Data\wjogyytnf\wmcjfdbtssd.exe

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - Adobe - Adobe Acrobat: Create PDF file, edit PDF file, convert PDF to word, convert PDF to doc

O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thi...wnloadCtrl.cab

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

After you remove these download hijackthis 2.04,

Then run CCleaner and make sure all entries are checked and then run the registry cleaner

Run Cleanup!

Then go to start, run, type msconfig and press enter. Go to the Startup tab, click disable all, then recheck your antivirus entry, then reboot

Reboot back into safemode

Then run Combofix, Malwarebytes, Microsoft Security Essentials, Remove all infections found with malwarebytes and MSE.

05-11-2010, 12:03 PM
halfpint GFY's Halfpint Industry Role: Join Date: Jun 2007 Location: UK Posts: 15,223	here is some more info on helping you to get rid of this shit Look for these entries and Remove them These might not be the same on your comp but they will be simillar R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5555 R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [flquqogp] C:\Documents and Settings\xxxx\Local Settings\Application Data\iwtnxrmxj\lkceppetssd.exe O4 - HKLM\..\Run: [asam] C:\Documents and Settings\Administrator\Local Settings\Application Data\asam.exe O4 - HKLM\..\Run: [ixbdhntx] C:\Documents and Settings\Administrator\Local Settings\Application Data\lbakdayih\tlduisstssd.exe O4 - HKLM\..\Run: [fjscgslq] C:\Documents and Settings\xxxxx\Local Settings\Application Data\wjogyytnf\wmcjfdbtssd.exe O4 - HKCU\..\Run: [flquqogp] C:\Documents and Settings\xxxx\Local Settings\Application Data\iwtnxrmxj\lkceppetssd.exe O4 - HKCU\..\Run: [asam] C:\Documents and Settings\xxxx\Local Settings\Application Data\asam.exe O4 - HKCU\..\Run: [fjscgslq] C:\Documents and Settings\xxxx\Local Settings\Application Data\wjogyytnf\wmcjfdbtssd.exe O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - Adobe - Adobe Acrobat: Create PDF file, edit PDF file, convert PDF to word, convert PDF to doc O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thi...wnloadCtrl.cab O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) After you remove these download hijackthis 2.04, Then run CCleaner and make sure all entries are checked and then run the registry cleaner Run Cleanup! Then go to start, run, type msconfig and press enter. Go to the Startup tab, click disable all, then recheck your antivirus entry, then reboot Reboot back into safemode Then run Combofix, Malwarebytes, Microsoft Security Essentials, Remove all infections found with malwarebytes and MSE. __________________ Get FREE website listings on Cryptocoinshops.net Last edited by halfpint; 05-11-2010 at 12:07 PM..