Wonderin if any1 knows how to fix this prob. been readin the forum and tried the suggestionz but still it remainz.
A hijacked browser changed to http:\thenewsearch.com\search.html, i got hijackthis, spybot s&d,n avast but it still managed to get through, bit slack on the updates i guess. avast says infected with the virus win32 trojano-141 but read it was not a virus but a hijacked browser
Running Windows XP
Here is the log file determined by hijackthis
Logfile of HijackThis v1.98.2
Scan saved at 12:05:34 AM, on 27/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
and after fixing,
reboot, and then please move the file
C:\WINDOWS\System32\winupd.exe
into a password-protected ZIP- or RAR-archive
and email it to
virus (at) avast.com
==========================================================================
THESE ITEMS ARE NOT NEEDED TO LOAD AT BOOTTIME FOR
THE SYSTEM TO WORK, IT IS RECOMMENDED TO REMOVE THEM:
me again, sorry to be a burden but I have to ask if I have to run hijackthis in f8 safemode or is it enough to run it in normal mode – I ran it in normal and seemed to work fine
I have moved the file c:\windows\system32\winupd.exe in a password protected ZIP as asked should be attached
I also changed my homepage (someone suggested), I reboot and all is well my chosen homepage is there, I run hijackthis and again no probs
I come unstuck tho when I run avast to search for virus/s it says that I have a virus in my computer, run hijackthis but the items for hijack homepage is not there –is there something I should know or should I ignore
Quote from: onlyme1984 on August 27, 2004, 04:49:50 AM
winupd.exe in a password protected ZIP as asked should be attached
when I run avast to search for virus/s it says that I have a virus in my computer,
Quotes from:whocares, Avast Evangelist
August 27, 2004, 11:32:19 AM
Hi, @1) attached ? to the mail to AVAST, I hope
@2) WHAT virus is detected WHERE in WHICH file ?
Please more details → Read “VirusRemoval” again, please
August 26, 2004, 02:33:35 PM »
and after fixing,
reboot, and then please move the file
C:\WINDOWS\System32\winupd.exe
into a password-protected ZIP- or RAR-archive
and email it to
virus (at) avast.com
My Apologies I must of misinterpreted your message. But I thought u wanted me to do the above and move the file C:\WINDOWS\System32\winupd.exe into a zip file and email it to you after the hijackthis fix, I thought I attached this file to the email I last sent.
The virus that avast keeps warning me of is win32 trojano-141 and gives me a file of c:\xd\dr.exe. The homepage I chose comes up alright now after the hijackthis fix you guys suggested (thanx heaps for that). It is just when I run avast virus\s scan that the warning of the virus resurfaces. Should I ignore the scanning warning or is there something I missed and should know about?
this was quite all right, except that “I” am not virus (at) avast (dot) com , but just a regular user here…
I misunderstood you too, thought you wanted to attach it here on the board…
Anyways…:
[EDIT]
you should DEACTIVATE system RESTORE, too , before going any further with Cleaning, especially if there is/was a trojan/hijacker avast doesn’t recognize yet (this winupd.exe I mean)
[/EDIT]
The file “dr.exe” you mention does sound suspicious, please scan it Online with KAV, RAV & Trend (avast resident shield must be paused for this),
or scan it with Escan in SafeMode
→ for Links to the scanners, please see “Virusremoval”
→ if they also detect this,
try moving the file to quarantine with avast in SafeMode, or via a boot-time scan
or move it manually yourself…
if none other scanner detects anythign in “dr.exe”, please submit it to avast, this time stating you suspect a false positive…
Also please post a new hijackthis-Log
P.S.: Also please enter
TROJANO-141
into the board-search above, there are some other topics on it, which might help you