Post by: putridmist on February 22, 2005, 12:53:01 PM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> I'm new to this forum, I've looked around for a good forum to register and use often to fix and use my computer.Recently, I came across this Dialer, and I think its a dialer, called Website Viewer with the files:
In the "Website Viewer" folder
'127036' - Connects to the modem.
'127036' - The icon.
'127036' - BAN.file 13kb.
'127036' - dlr.file 79kb.
In my program files
'SEXXX' - exe...
and a shortcut of above, in the desktop.
Now, it could be that something stupid and annoying as this came in to my computer because, and I admit my careless surfing habits, and my crazy download habits.
But weirdly enough, even AFTER I've formatted, its BACK.
I hope someone can help me. I've searched the web and this site is the only site that actually has atleast ONE person who has the same problem as me. Thank you and God bless
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> The following is my Hijack Log:
Logfile of HijackThis v1.99.1
Scan saved at pm 12:59:57, on 2005-02-22
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\winagent.exe
C:\WINDOWS\System32\jpzu.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WebSiteViewer\127036.dlr
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\smss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijack\hijackthis.exe
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O3 - Toolbar: 라디오(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\winagent.exe /i
O4 - HKLM\..\Run: [RSPC Driver] jpzu.exe
O4 - HKLM\..\Run: [smss] C:\WINDOWS\smss.exe
O4 - HKLM\..\RunServices: [RSPC Driver] jpzu.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RSPC Driver] jpzu.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 (http://\"http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{77D30D9A-0A93-4E0E-B9EA-16FBDE2DEBA4}: NameServer = 206.47.244.104 206.47.244.12
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
I've just formatted my computer and I've installed MSN7 beta and drivers only... but still I seem to get these XXX things again. Also, I'm concerned about the payment, I heard that dialers bill you.
/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' /> (If there are words that you can't read, it could mean that it was in Korean, because my os is korean
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> )Thank you.
Post by: guestolo on February 23, 2005, 12:23:10 AM
Copy the whole contents of the Quote box to notepad, not including the word quote
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg
Save this file on the desktop, well need this later, don't run it yet
Quote
REGEDIT4
[-HKEY_CURRENT_USER\Software\WebSiteViewer]
NEXT:
Download and Install the free version of Ad-Aware SE Personal 1.05 (http://\"http://www.lavasoftusa.com/support/download/\")
Ensure you have this version or the paid version
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Ensure it's updated, DON'T run a scan yet
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
RESTART your Computer in SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=4#_Section4\") by tapping the F8 key as the system is booting or use the alternate method explained in the link
In SAFE MODE
Find and delete these files or folders if they exist
C:\WINDOWS\winagent.exe <--this file
C:\WINDOWS\System32\jpzu.exe <--file
C:\WINDOWS\smss.exe <--this file, only in the Windows folder, don't touch the one in the System32 folder
C:\Program Files\WebSiteViewer <--this folder
Do a disk cleanup in safe mode
START>>Run>>type in
cleanmgr
Hit OK
Ensure temp and temp Internet files are selected
Double click on fix.reg and allow to Merge to the registry
Do another scan with Hijackthis and put a check next to these entries:
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\winagent.exe /i
O4 - HKLM\..\Run: [RSPC Driver] jpzu.exe
O4 - HKLM\..\Run: [smss] C:\WINDOWS\smss.exe
O4 - HKLM\..\RunServices: [RSPC Driver] jpzu.exe
O4 - HKCU\..\Run: [RSPC Driver] jpzu.exe
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Open Ad-Aware
Perform a Full system scan
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button
RESTART your computer to Normal mode to finish the cleaning process
Post back with a fresh hijackthis log afterwards
Post by: Guest on February 24, 2005, 03:29:49 AM
after I enabled "do not connect to the internet using modem"
in my internet options, and used giant anti-spyware, the problem is gone! thank you for your help.
I'm sure a new problem will arise that will indeed make me check this forum again. THANK YOU
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: Guest on February 24, 2005, 03:31:02 AM