re: Spyware problems Friday, May 27, 2005 at 3:10 pm Windows XP Annoyances Discussion Forum Posted by MrCharlie (4141 messages posted) We are making good progress. Press Control-Alt-Del to enter the Task Manager. Click on the Processes tab and end the following processes if listed: appap32.exe Exit the Task Manager when finished Close [color=blue]ALL[/color] programs down, leaving [color=blue]ONLY[/color] HijackThis running. Place a check against the following items: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qyztn.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qyztn.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\qyztn.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qyztn.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qyztn.dll/sp.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qyztn.dll/sp.html#37049 R3 - Default URLSearchHook is missing O2 - BHO: Class - {FF5B4CBC-CE93-4290-8860-69D7C23478BE} - C:\WINDOWS\system32\mfcue32.dll O4 - HKLM\..\Run: [appap32.exe] C:\WINDOWS\system32\appap32.exe O4 - HKLM\..\RunOnce: [apihv.exe] C:\WINDOWS\apihv.exe O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\d3rl32.exe" /s (file missing) Click on Fix Checked and exit HijackThis. Delete these files: C:\WINDOWS\system32\appap32.exe C:\WINDOWS\system32\qyztn.dll C:\WINDOWS\system32\d3rl32.exe C:\WINDOWS\system32\mfcue32.dll C:\WINDOWS\apihv.exe Run AboutBuster. Reboot and post a fresh HijackThis log and we'll take another look. MrC ---------------------------------------------------------------------------------- Just so you'll know why I'm saying that it will take several steps to get this hijacker. You can take a look at ThisPost , he has the same variant as you, which is a new variant of this hijacker. You can see the amount of files he had to delete and the number of steps it took. AboutBuster usually does a great job on deleting the files installed by the hijacker, but because it's so new, AboutBuster hasn't been updated yet to take care of this variant. O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) MrC Written in response to: re: Spyware problems (Vincent: Friday, May 27, 2005 at 2:51 pm) Responses to this message: re: Spyware problems (Vincent: Friday, May 27, 2005 at 3:31 pm) All messages in this thread [show all] Spyware problems (Vincent: Fri, May 27, 2005, 10:39 am) re: Spyware problems (David: Fri, May 27, 2005, 10:56 am) re: Spyware problems (MrCharlie: Fri, May 27, 2005, 11:06 am) re: Spyware problems (Vincent: Fri, May 27, 2005, 11:22 am) re: Spyware problems (MrCharlie: Fri, May 27, 2005, 11:49 am) re: Spyware problems (Vincent: Fri, May 27, 2005, 1:19 pm) re: Spyware problems (MrCharlie: Fri, May 27, 2005, 1:56 pm) re: Spyware problems (Vincent: Fri, May 27, 2005, 2:51 pm) re: Spyware problems (MrCharlie: Fri, May 27, 2005, 3:10 pm) re: Spyware problems (Vincent: Fri, May 27, 2005, 3:31 pm) re: Spyware problems (MrCharlie: Fri, May 27, 2005, 3:59 pm) re: Spyware problems (Vincent: Fri, May 27, 2005, 4:18 pm) re: Spyware problems (MrCharlie: Fri, May 27, 2005, 4:43 pm) re: Spyware problems (Vincent: Fri, May 27, 2005, 4:53 pm) re: Spyware problems (MrCharlie: Fri, May 27, 2005, 5:41 pm) Reply or follow-up to this message Search this forum Start a new thread on a different subject Report abuse of the forum Return to the Windows XP Discussion Forum