I got a variant of that before, twice, while searching for pr0n!
:lol I just stick to newsgroups, p2p, and usenet now.
AHEM! Anyway, here's what ya do.
1. Get Ad-aware. Update it.
2. Get Spybot: Search and Destroy. Update it.
3. Get HijackThis v1.97.. Not sure where to get this as I don't remember the site. Just get it.
Someone posted this in an answer to help someone else out. Look below
===================
Being your first post - I get the honour and privilege of welcoming you
to our corner of the world where spyware has met it's match - Welcome.
Just so that you know you are not being ignored - I will handle this case
for you but I need to ask for your patience while I review the log
Please keep an eye on this message for a resolution shortly.
--------------------
Clean
Ad-Aware | CoolWeb Shredder | HijackThis | Spybot | X-Cleaner
Prevent
IE-Spyad | MVP HOSTS File | SpywareBlaster
Protect
AVG AntiVirus | Trend Micro VirusScan | TrojanScan | Zonealarm Firewall
Informational
How did I get infected? | How to use Ad-Aware | How to use CoolWeb
Shredder | How to use Spybot
PGPhantomPosted: May 20 2004, 01:28 PM
Humble Helper
Group: Trusted Advisor
Posts: 97
Member No.: 197
Joined: 16-May 04
Please close all programs, run HijackThis and delete the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http:/./your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http:/./your-searcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http:/./your-searcher.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http:/./your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http:/./your-searcher.com/index.htm
O4 - HKLM\..\Run: [winupd] D:\WINDOWS\System32\winupd.exe
O4 - HKLM\..\Run: [System Service] D:\WINDOWS\System32\msrexe.exe
O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet
Explorer\IEengine.exe
O16 - DPF: {11111111-1111-1111-1111-111111111123} -
file://c:\Recycled\1.exe
Please reboot into safe mode - How do I boot into "Safe" mode?
Please cleanup temporary files etc. Browse to and select all contents in
the following folders (Windows may be WINNT or WIN98 etc.), and delete
(Make sure to delete the sub-folders, but not the Temp folders
themselves!):
C:\Windows\Temp (all contents)
C:\Documents and Settings\<Your Profile>\Local Settings\Temporary
Internet Files (all contents) <=This will delete all your cached
internet content including cookies. This is recommended and strongly
suggested.
C:\Documents and Settings\<Your Profile>\Local Settings\Temp (all
contents)
C:\Documents and Settings\<Any other users Profile>\Local
Settings\Temporary Internet Files [/color](all contents)
C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp
(all contents)
Empty your "Recycle Bin".
D:\WINDOWS\System32\winupd.exe
D:\WINDOWS\System32\msrexe.exe
C:\Program Files\Internet Explorer\IEengine.exe
Reboot again and log in normally.
Please go to Microsoft Windows Update and download all critical updates
for your system. This is imperative. Specifically Windows XP SP1 and IE
Securiy Updates.
Repost a new HijackThis log into this message for further review.
====================
The same probably applies. You should be able to tell what doesn't belong. Just remove what doesn't belong and immediately reboot into safe mode, meaning, don't open up any folders or anything before you reboot. Then follow the rest of the safe mode instructions.
Hope that helps.
