Solve : home seach?

1.	Solve : home seach?
Answer» andrewj......you still have those trojans ....... I do not understand why you can't delete them...... Are you sure your using hijackthis correctly ? Do you have msn messenger ? dl65 i'm using it correctly as far as i can tell. i don't get it either, but this isn't the first time that has happened. i don't have msn messenger. i don't know what other than to start all over, and reinstall everything. andrewj......really strange ....can you not go to the location that is spelled out .......and delete them . hijackthis will remove them .....are you certain you marked everything ...because when I see your log the trojans are still there ....... Did you set your HOME page as your main as well as the assistant in the settings in hijackthis ? let us know dl65 andrewj.......How about .......running hijackthis again ...... only this time E mail it directly to me and I will prepare a step by step manual for you ....This will save the Forum a bit of bandwidth ....... I would also like you to D/L and run .......Antispyware .... http://www.download.com/3302-8022_4-10353596.html dl65 Hello I'm curious as to whether this issue has been resolved? I have a few comments I wish to share... Why on earth are you getting the user to remove the Windows Update file? There is no way to tell this is a trojan without first knowing the Operating System. There is no of knowing the Operating System because this information has not been included in the posts. Probably XP, but that cannot be assumed HJT cannot make backups of fixed entries because it is in a compressed folder. The hijacker: these CoolWebSearch entries require a lot more attention than simply fixing them with HJT. There are programs freely available that specifically deal with it. There is a rogue 023 Service entry at the very bottom of the Log. There is also another rogue entry, being the 04 running from local settings/temp. Internet Optimizer has been listed by Symantec as Adware. All of the "safe sites" NEED to be removed. There is a possibility that some will resist removal. All malicious files need to be removed from the computer. Chances of reinfection are high if the files still exist. The user does have Messenger because it is clearly in the Log. Quote Are you sure your using hijackthis correctly ? In my honest opinion, I think you need to be asking yourself the same QUESTION. I don't mean to come here to flame or spam the board, that is far from my intentions. But you really should learn how to deal with a HijackThis Log yourself before advising other people on what to remove. No offence, but it's a golden rule Mere_Mortal......Nice to see you join us......You seem to know a lot about the hijacker ........ "Why on earth are you getting the user to remove the Windows Update file? There is no way to tell this is a trojan without first knowing the Operating System. There is no of knowing the Operating System because this information has not been included in the posts. Probably XP, but that cannot be assumed " The user is using WinXP with SP1 ....... As far as ..... wuauclt.exe ........ yes your correct about it being a win update file .......but have you seen this .... http://www.auditmypc.com/process/wuauclt.asp , As far as .....C:\Program Files\Messenger\msmsgs.exe , yes I saw that as well however the user says he didnt have it . ( He may not realise that its there ) , All of the "safe sites" need to be removed. There is a possibility that some will resist removal. Again there where a number of these which were in fact ( not good ) The user has removed them and it was suggested that he look carefully at each of the ones remaining . Internet Optimizer ..... optimize.exe ........is considered a Users Choice . "All malicious files need to be removed from the computer. Chances of reinfection are high if the files still exist. " Again we are in complete agreement ..... Quote: Are you sure your using hijackthis correctly ? "In my honest opinion, I think you need to be asking yourself the same question. " I am certainly not the expert on using hijackthis that you seem to be .......Could we have missed an rogue entry .....absolutely ....we're only human...... As a referance to removing unwanted entries , I use .... http://www.spywareinfo.com/~merijn/downloads.html ....I believe that merijn has done a tremendous amount of work re the hijacker ......... and also use ........ http://computercops.biz/HijackThis.html I would trust that you will continue to visit this SITE and offer your expertise in assisting the good people who come here seeking assistance. Have a good one , dl65 Heh...maybe I was a little harsh jumping at you like that. But it's nice you see you know the meaning of constructive criticism I must have missed where the OS is stated. So I'm just as BAD then Oh FYI, all but one of the 015 websites are covered by IE-Spyads (and as a result are on my IE resitricted sites list). Indeed, CCSP & SWI are the ones I thank for my knowing what I do Take it easy.

Answer»

andrewj......you still have those trojans .......
I do not understand why you can't delete them......
Are you sure your using hijackthis correctly ?

Do you have msn messenger ?

dl65 i'm using it correctly as far as i can tell. i don't get it either, but this isn't the first time that has happened. i don't have msn messenger. i don't know what other than to start all over, and reinstall everything. andrewj......really strange ....can you not go to the location that is spelled out .......and delete them .

hijackthis will remove them .....are you certain you marked everything ...because when I see your log the trojans are still there .......
Did you set your HOME page as your main as well as the assistant in the settings in hijackthis ?

let us know

dl65

andrewj.......How about .......running hijackthis again ......
only this time E mail it directly to me and I will prepare a step by step manual for you ....This will save the Forum a bit of bandwidth .......
I would also like you to D/L and run .......Antispyware ....
http://www.download.com/3302-8022_4-10353596.html

dl65 Hello

I'm curious as to whether this issue has been resolved?

I have a few comments I wish to share...

Why on earth are you getting the user to remove the Windows Update file? There is no way to tell this is a trojan without first knowing the Operating System.
There is no of knowing the Operating System because this information has not been included in the posts. Probably XP, but that cannot be assumed
HJT cannot make backups of fixed entries because it is in a compressed folder.
The hijacker: these CoolWebSearch entries require a lot more attention than simply fixing them with HJT. There are programs freely available that specifically deal with it.
There is a rogue 023 Service entry at the very bottom of the Log.
There is also another rogue entry, being the 04 running from local settings/temp.
Internet Optimizer has been listed by Symantec as Adware.
All of the "safe sites" NEED to be removed. There is a possibility that some will resist removal.
All malicious files need to be removed from the computer. Chances of reinfection are high if the files still exist.
The user does have Messenger because it is clearly in the Log.

Quote

Are you sure your using hijackthis correctly ?

In my honest opinion, I think you need to be asking yourself the same QUESTION.

I don't mean to come here to flame or spam the board, that is far from my intentions. But you really should learn how to deal with a HijackThis Log yourself before advising other people on what to remove.

No offence, but it's a golden rule Mere_Mortal......Nice to see you join us......You seem to know a lot about the hijacker ........

"Why on earth are you getting the user to remove the Windows Update file? There is no way to tell this is a trojan without first knowing the Operating System.

There is no of knowing the Operating System because this information has not been included in the posts. Probably XP, but that cannot be assumed "
The user is using WinXP with SP1 .......
As far as ..... wuauclt.exe ........ yes your correct about it being a win update file .......but have you seen this ....
http://www.auditmypc.com/process/wuauclt.asp ,

As far as .....C:\Program Files\Messenger\msmsgs.exe ,
yes I saw that as well however the user says he didnt have it . ( He may not realise that its there ) ,

All of the "safe sites" need to be removed. There is a possibility that some will resist removal. Again there where a number of these which were in fact ( not good )
The user has removed them and it was suggested that he look carefully at each of the ones remaining .

Internet Optimizer ..... optimize.exe ........is considered a Users Choice .

"All malicious files need to be removed from the computer. Chances of reinfection are high if the files still exist. " Again we are in complete agreement .....

Quote:
Are you sure your using hijackthis correctly ?

"In my honest opinion, I think you need to be asking yourself the same question. "

I am certainly not the expert on using hijackthis that you seem to be .......Could we have missed an rogue entry .....absolutely ....we're only human......
As a referance to removing unwanted entries , I use ....
http://www.spywareinfo.com/~merijn/downloads.html ....I believe that merijn has done a tremendous amount of work re the hijacker .........
and also use ........ http://computercops.biz/HijackThis.html

I would trust that you will continue to visit this SITE and offer your expertise in assisting the good people who come here seeking assistance.

Have a good one ,

dl65

Heh...maybe I was a little harsh jumping at you like that. But it's nice you see you know the meaning of constructive criticism

I must have missed where the OS is stated. So I'm just as BAD then

Oh FYI, all but one of the 015 websites are covered by IE-Spyads (and as a result are on my IE resitricted sites list).

Indeed, CCSP & SWI are the ones I thank for my knowing what I do

Take it easy.

Solve : home seach?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment