Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > OT: Help with Trojan Horse

Reply
Thread Tools

OT: Help with Trojan Horse

 
 
Kelvin
Guest
Posts: n/a
 
      06-05-2005
Hi.
My PC has picked up a Trojan Horse,
These are some of the details.
Trojan Horse Startpage.19J
Browser window starts on "about:blank"
and I'm also getting "Windows\Temp\SE.DLL
Tried Hijack This but no luck so far.
I'm using the free version of AVG and it says
it is healed.
Any advice please on how to get rid of this.
Cheers.


 
Reply With Quote
 
 
 
 
Pennywise@DerryMaine.Gov
Guest
Posts: n/a
 
      06-05-2005
On "Kelvin" <(E-Mail Removed)> wrote:

|>Hi.
|>My PC has picked up a Trojan Horse,
|>These are some of the details.
|>Trojan Horse Startpage.19J
|>Browser window starts on "about:blank"
|>and I'm also getting "Windows\Temp\SE.DLL
|>Tried Hijack This but no luck so far.

Why? http://hijackthis.de/en

|>I'm using the free version of AVG and it says
|>it is healed.
|>Any advice please on how to get rid of this.
|>Cheers.
|>


--
 
Reply With Quote
 
 
 
 
Ionizer
Guest
Posts: n/a
 
      06-05-2005
"Kelvin" <(E-Mail Removed)> wrote in message
news:d7v0po$10i$(E-Mail Removed)...
> Hi.
> My PC has picked up a Trojan Horse,
> These are some of the details.
> Trojan Horse Startpage.19J
> Browser window starts on "about:blank"
> and I'm also getting "Windows\Temp\SE.DLL
> Tried Hijack This but no luck so far.
> I'm using the free version of AVG and it says
> it is healed.
> Any advice please on how to get rid of this.
> Cheers.


Be very careful with HijackThis.

I recently had to deal with an about:blank problem on a friend's
computer and received some helpful advice in the TomCoyote forums.
Several tools were recommended to me in this thread:
http://forums.tomcoyote.org/index.php?showtopic=32650 You'll see
towards the end of the thread that I ultimately wasn't able to solve the
problem on that particular computer, but I don't think it was due to the
tools recommended to me- the girls who used that computer were busily
deleting things at random between my visits.

Regards,
Ian.


 
Reply With Quote
 
Kelvin
Guest
Posts: n/a
 
      06-05-2005

"Ionizer" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "Kelvin" <(E-Mail Removed)> wrote in message
> news:d7v0po$10i$(E-Mail Removed)...
> > Hi.
> > My PC has picked up a Trojan Horse,
> > These are some of the details.
> > Trojan Horse Startpage.19J
> > Browser window starts on "about:blank"
> > and I'm also getting "Windows\Temp\SE.DLL
> > Tried Hijack This but no luck so far.
> > I'm using the free version of AVG and it says
> > it is healed.
> > Any advice please on how to get rid of this.
> > Cheers.

>
> Be very careful with HijackThis.
>
> I recently had to deal with an about:blank problem on a friend's
> computer and received some helpful advice in the TomCoyote forums.
> Several tools were recommended to me in this thread:
> http://forums.tomcoyote.org/index.php?showtopic=32650 You'll see
> towards the end of the thread that I ultimately wasn't able to solve the
> problem on that particular computer, but I don't think it was due to the
> tools recommended to me- the girls who used that computer were busily
> deleting things at random between my visits.
>
> Regards,
> Ian.


Hi Ian and thanks for your reply.
I have also tried AdAware SE and CWShredder
and I've also put 98SE over the top of the existing
one, in the hope that it would sort out the registry.
I've just seen your reference to "About:Buster"
I will look for that and try it.
I would not be able to go as far as you did on your friend's
PC as I am not too confident on the Dos methods that
were mentioned. Would a format of C:\ solve the problem.
Cheers.
Kel.



 
Reply With Quote
 
Kelvin
Guest
Posts: n/a
 
      06-05-2005

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On "Kelvin" <(E-Mail Removed)> wrote:
>
> |>Hi.
> |>My PC has picked up a Trojan Horse,
> |>These are some of the details.
> |>Trojan Horse Startpage.19J
> |>Browser window starts on "about:blank"
> |>and I'm also getting "Windows\Temp\SE.DLL
> |>Tried Hijack This but no luck so far.
>
> Why? http://hijackthis.de/en
>
> |>I'm using the free version of AVG and it says
> |>it is healed.
> |>Any advice please on how to get rid of this.
> |>Cheers.
> |>


>> Why?

No idea.
Took a few other things out, but the original
offender remains.
Kel.





 
Reply With Quote
 
pcbutts1
Guest
Posts: n/a
 
      06-05-2005
Save a copy of your hijackthis log and copy and paste it here so it can be
looked at.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
Sharpvision simply the best http://www.seedsv.com



"Kelvin" <(E-Mail Removed)> wrote in message
news:d7v2lq$6n0$(E-Mail Removed)...
>
> "Ionizer" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> "Kelvin" <(E-Mail Removed)> wrote in message
>> news:d7v0po$10i$(E-Mail Removed)...
>> > Hi.
>> > My PC has picked up a Trojan Horse,
>> > These are some of the details.
>> > Trojan Horse Startpage.19J
>> > Browser window starts on "about:blank"
>> > and I'm also getting "Windows\Temp\SE.DLL
>> > Tried Hijack This but no luck so far.
>> > I'm using the free version of AVG and it says
>> > it is healed.
>> > Any advice please on how to get rid of this.
>> > Cheers.

>>
>> Be very careful with HijackThis.
>>
>> I recently had to deal with an about:blank problem on a friend's
>> computer and received some helpful advice in the TomCoyote forums.
>> Several tools were recommended to me in this thread:
>> http://forums.tomcoyote.org/index.php?showtopic=32650 You'll see
>> towards the end of the thread that I ultimately wasn't able to solve the
>> problem on that particular computer, but I don't think it was due to the
>> tools recommended to me- the girls who used that computer were busily
>> deleting things at random between my visits.
>>
>> Regards,
>> Ian.

>
> Hi Ian and thanks for your reply.
> I have also tried AdAware SE and CWShredder
> and I've also put 98SE over the top of the existing
> one, in the hope that it would sort out the registry.
> I've just seen your reference to "About:Buster"
> I will look for that and try it.
> I would not be able to go as far as you did on your friend's
> PC as I am not too confident on the Dos methods that
> were mentioned. Would a format of C:\ solve the problem.
> Cheers.
> Kel.
>
>
>



 
Reply With Quote
 
Kelvin
Guest
Posts: n/a
 
      06-05-2005

"pcbutts1" <(E-Mail Removed)> wrote in message
news:mmEoe.16$(E-Mail Removed)...
> Save a copy of your hijackthis log and copy and paste it here so it can be
> looked at.
>
> --
>
>
> The best live web video on the internet http://www.seedsv.com/webdemo.htm
> Sharpvision simply the best http://www.seedsv.com
>
>
>
> "Kelvin" <(E-Mail Removed)> wrote in message
> news:d7v2lq$6n0$(E-Mail Removed)...
> >
> > "Ionizer" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> >> "Kelvin" <(E-Mail Removed)> wrote in message
> >> news:d7v0po$10i$(E-Mail Removed)...
> >> > Hi.
> >> > My PC has picked up a Trojan Horse,
> >> > These are some of the details.
> >> > Trojan Horse Startpage.19J
> >> > Browser window starts on "about:blank"
> >> > and I'm also getting "Windows\Temp\SE.DLL
> >> > Tried Hijack This but no luck so far.
> >> > I'm using the free version of AVG and it says
> >> > it is healed.
> >> > Any advice please on how to get rid of this.
> >> > Cheers.
> >>
> >> Be very careful with HijackThis.
> >>
> >> I recently had to deal with an about:blank problem on a friend's
> >> computer and received some helpful advice in the TomCoyote forums.
> >> Several tools were recommended to me in this thread:
> >> http://forums.tomcoyote.org/index.php?showtopic=32650 You'll see
> >> towards the end of the thread that I ultimately wasn't able to solve

the
> >> problem on that particular computer, but I don't think it was due to

the
> >> tools recommended to me- the girls who used that computer were busily
> >> deleting things at random between my visits.
> >>
> >> Regards,
> >> Ian.

> >
> > Hi Ian and thanks for your reply.
> > I have also tried AdAware SE and CWShredder
> > and I've also put 98SE over the top of the existing
> > one, in the hope that it would sort out the registry.
> > I've just seen your reference to "About:Buster"
> > I will look for that and try it.
> > I would not be able to go as far as you did on your friend's
> > PC as I am not too confident on the Dos methods that
> > were mentioned. Would a format of C:\ solve the problem.
> > Cheers.
> > Kel.
> >



Logfile of HijackThis v1.99.1
Scan saved at 04:10:25, on 05/06/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADSUBTRACT\ADSUB.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\HACK TRACER\HTTRAY.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\DOWNLOADS\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyServer = http=AdSubtract:4444
O2 - BHO: (no name) - {00C0E506-D503-11D9-9C63-EF1703F11B2F} -
C:\WINDOWS\SYSTEM\KNOG.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O18 - Filter: text/html - {00C0E505-D503-11D9-9C63-EF17F3238558} -
C:\WINDOWS\SYSTEM\KNOG.DLL
O18 - Filter: text/plain - {00C0E505-D503-11D9-9C63-EF17F3238558} -
C:\WINDOWS\SYSTEM\KNOG.DLL




 
Reply With Quote
 
pcbutts1
Guest
Posts: n/a
 
      06-05-2005
Have HijackThis fix the following lines


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\TEMP\se.dll/spage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\TEMP\se.dll/spage.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {00C0E506-D503-11D9-9C63-EF1703F11B2F} -
C:\WINDOWS\SYSTEM\KNOG.DLL

O18 - Filter: text/html - {00C0E505-D503-11D9-9C63-EF17F3238558} -
C:\WINDOWS\SYSTEM\KNOG.DLL

O18 - Filter: text/plain - {00C0E505-D503-11D9-9C63-EF17F3238558} -
C:\WINDOWS\SYSTEM\KNOG.DLL




--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
Sharpvision simply the best http://www.seedsv.com



"Kelvin" <(E-Mail Removed)> wrote in message
news:d7v4ia$3u9$(E-Mail Removed)...
>
>> Logfile of HijackThis v1.99.1

> Scan saved at 04:10:25, on 05/06/05
> Platform: Windows 98 SE (Win9x 4.10.2222A)
> MSIE: Internet Explorer v5.50 (5.50.4134.0600)
>
> Running processes:
> C:\WINDOWS\SYSTEM\KERNEL32.DLL
> C:\WINDOWS\SYSTEM\MSGSRV32.EXE
> C:\WINDOWS\SYSTEM\SPOOL32.EXE
> C:\WINDOWS\SYSTEM\MPREXE.EXE
> C:\WINDOWS\SYSTEM\mmtask.tsk
> C:\WINDOWS\SYSTEM\RNAAPP.EXE
> C:\WINDOWS\SYSTEM\TAPISRV.EXE
> C:\WINDOWS\EXPLORER.EXE
> C:\WINDOWS\SYSTEM\SYSTRAY.EXE
> C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
> C:\WINDOWS\SYSTEM\WMIEXE.EXE
> C:\PROGRAM FILES\ADSUBTRACT\ADSUB.EXE
> C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
> C:\PROGRAM FILES\HACK TRACER\HTTRAY.EXE
> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
> C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
> C:\WINDOWS\SYSTEM\PSTORES.EXE
> C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
> C:\WINDOWS\SYSTEM\DDHELP.EXE
> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
> C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
> C:\WINDOWS\DESKTOP\DOWNLOADS\HIJACK THIS\HIJACKTHIS.EXE
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
> res://C:\WINDOWS\TEMP\se.dll/spage.html
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
> about:blank
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://www.wanadoo.co.uk/
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
> res://C:\WINDOWS\TEMP\se.dll/spage.html
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
> about:blank
> R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> about:blank
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> about:blank
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
> about:blank
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
> about:blank
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
> Settings,ProxyServer = http=AdSubtract:4444
> O2 - BHO: (no name) - {00C0E506-D503-11D9-9C63-EF1703F11B2F} -
> C:\WINDOWS\SYSTEM\KNOG.DLL
> O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
> O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
> O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
> O18 - Filter: text/html - {00C0E505-D503-11D9-9C63-EF17F3238558} -
> C:\WINDOWS\SYSTEM\KNOG.DLL
> O18 - Filter: text/plain - {00C0E505-D503-11D9-9C63-EF17F3238558} -
> C:\WINDOWS\SYSTEM\KNOG.DLL
>
>
>
>



 
Reply With Quote
 
Kelvin
Guest
Posts: n/a
 
      06-05-2005

"pcbutts1" <(E-Mail Removed)> wrote in message
news:I0Foe.24738$(E-Mail Removed) om...
> Have HijackThis fix the following lines
>
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
> res://C:\WINDOWS\TEMP\se.dll/spage.html
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
> about:blank
>
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
> res://C:\WINDOWS\TEMP\se.dll/spage.html
>
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
> about:blank
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> about:blank
>
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> about:blank
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =

about:blank
>
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP =

about:blank
>
> O2 - BHO: (no name) - {00C0E506-D503-11D9-9C63-EF1703F11B2F} -
> C:\WINDOWS\SYSTEM\KNOG.DLL
>
> O18 - Filter: text/html - {00C0E505-D503-11D9-9C63-EF17F3238558} -
> C:\WINDOWS\SYSTEM\KNOG.DLL
>
> O18 - Filter: text/plain - {00C0E505-D503-11D9-9C63-EF17F3238558} -
> C:\WINDOWS\SYSTEM\KNOG.DLL


Nice one !
That seems to have done the trick.
First attempt, they came back.
Second attempt, all gone and my
regular start page has returned!
Thanks very much indeed for your help.
All the best to you.
Kel.




 
Reply With Quote
 
pcbutts1
Guest
Posts: n/a
 
      06-05-2005
You're Welcome.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
Sharpvision simply the best http://www.seedsv.com



"Kelvin" <(E-Mail Removed)> wrote in message
news:d7v9a1$7kv$(E-Mail Removed)...
>
> "pcbutts1" <(E-Mail Removed)> wrote in message
> news:I0Foe.24738$(E-Mail Removed) om...
>> Have HijackThis fix the following lines
>>
>>
>> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
>> res://C:\WINDOWS\TEMP\se.dll/spage.html
>>
>> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
>> about:blank
>>
>> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
>> res://C:\WINDOWS\TEMP\se.dll/spage.html
>>
>> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
>> about:blank
>>
>> R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
>> about:blank
>>
>> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
>> about:blank
>>
>> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =

> about:blank
>>
>> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP =

> about:blank
>>
>> O2 - BHO: (no name) - {00C0E506-D503-11D9-9C63-EF1703F11B2F} -
>> C:\WINDOWS\SYSTEM\KNOG.DLL
>>
>> O18 - Filter: text/html - {00C0E505-D503-11D9-9C63-EF17F3238558} -
>> C:\WINDOWS\SYSTEM\KNOG.DLL
>>
>> O18 - Filter: text/plain - {00C0E505-D503-11D9-9C63-EF17F3238558} -
>> C:\WINDOWS\SYSTEM\KNOG.DLL

>
> Nice one !
> That seems to have done the trick.
> First attempt, they came back.
> Second attempt, all gone and my
> regular start page has returned!
> Thanks very much indeed for your help.
> All the best to you.
> Kel.
>
>
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help removing Trojan Horse Exploit-Mht Redir.gen Ken_Stabler12 Computer Support 6 09-11-2005 01:53 AM
Trojan Horse: Backdoor Antilam. Help! christl Computer Support 2 01-21-2005 03:52 PM
Trojan Horse Dropper.Small.8.AA help needed removal gorf Computer Support 3 12-13-2004 09:03 PM
Trojan Horse help please Fitzy_bhoy Computer Support 25 02-04-2004 08:26 PM
Trojan Horse...Help needed Fitzy_bhoy Computer Support 2 08-27-2003 11:50 PM



Advertisments