TheTechGuide Forum

General Category => Tech Clinic => Topic started by: dckm on November 18, 2006, 11:43:00 PM

Title: Need help - hijacked by my123.com
Post by: dckm on November 18, 2006, 11:43:00 PM

Hi Guestolo,

 /rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' /> Please find my attached hjt and SReng log.
Thanks.

Title: Need help - hijacked by my123.com
Post by: guestolo on November 19, 2006, 12:24:46 AM

Can you do the following please
I want to try another method of removing this pest
It's a chinese removal tool

Download My123Killer.exe by Rising (http://\"http://download.rising.com.cn/zsgj/My123Killer.exe\") and save too desktop

• Double click on My123Killer.exe on your desktop
  
• If you receive a prompt to install language pack, select NO
• Click the SCAN button and allow it to scan
  
• When scanning is complete click the clean/disinfect button
  

Reboot the computer afterwards

Can you post a fresh hijackthis log and a new log from SReng please

Title: Need help - hijacked by my123.com
Post by: dckm on November 19, 2006, 03:04:09 AM

Hi,

Thanks for the prompt reply. Apparently, the my123killer toos did not detect any virus after running. /huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' />
Anyway I continue to generate the logs for you. Please see attachment.
Thanks.

Title: Need help - hijacked by my123.com
Post by: guestolo on November 19, 2006, 10:39:39 AM

Can you try another tool please
It's in chinese, but hopefully you can help interput it for me
I'm not affiliated with this tool at all, but I uploaded it as a zip file instead of .rar

From the bottom of this reply box download>>save
m1v25.zip
UNZIP it to your desktop and then double click on m1v25.exe

From what I see you must run the first button on the bottom left if infection is found
Can you interput it for me[attachment=1809:m1v25.zip]

Title: Need help - hijacked by my123.com
Post by: dckm on November 19, 2006, 11:25:50 AM

Hi,

Can't seems unzip it. Kept getting error, "invalid or corrupted".

Title: Need help - hijacked by my123.com
Post by: guestolo on November 19, 2006, 11:38:23 AM

Are you using XP's built in tool to try and unzip it
Or do you have something like IZArc or Winzip installed?

Here's the original download location
http://dl.360safe.com/m1v25.rar (http://\"http://dl.360safe.com/m1v25.rar\")

Let me know if you can extract that download

Title: Need help - hijacked by my123.com
Post by: dckm on November 19, 2006, 12:08:24 PM

Thanks. I manage to download now.
Yes you are right, the bottom left button is to "Clean".
From the log of the program (below), I make out something like it's pointing to 2 files:

Ç¿Á¦×¨É±¹¤¾ß!
ÖØÒªÌáʾ³ÌÐò½«Áгö¿ÉÒɵÄÇý¶¯³ÌÐò,ÆäÖпÉÄÃ
œÂ°Ã¼ÂºÂ¬Ã•Ã½Â³Â£ÂµÃ„Çý¶¯Îļþ!
ÇëÔÚÈ·ÈÏËùÓÐÁгöÎļþ¶¼ÊDz¡¶¾ÎļþʱÔÙµã»÷
Çå³ý°´Å¥.

·¢ÏÖ²¡¶¾ÎļþCWINDOWSsystem32driversqrxerljk.sys
·¢ÏÖ²¡¶¾ÎļþCWINDOWSsystem32driversltjzgirv.sys

Yeah! I reboot and the probelm is solved.
Attached my latest HJT log.

Thanks fot he big help. /wink.gif\' class=\'bbc_emoticon\' alt=\';)\' />

Title: Need help - hijacked by my123.com
Post by: guestolo on November 21, 2006, 07:56:53 PM

Very sorry for the delay, I had trouble accessing the forum
Can you post a fresh hijackthis log please, I want to ensure nothing has changed
We still have a bit of cleaning to do also

Title: Need help - hijacked by my123.com
Post by: virusvictim on November 28, 2006, 05:49:10 PM

I removed my123.com last night using my123killer2.exe, but after i removed it. I can not access the internet at all..... /mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' />
So becareful before u removed it, make sure it's safe to do so.

Title: Need help - hijacked by my123.com
Post by: guestolo on November 29, 2006, 11:31:45 PM

Loss of internet connection has been happening with the removal tools from this bad guy
A good idea, ahead of time is to have a copy of LSPFix or Winsock fix
If your running XP SP2, a run command can restore it

Anyways, Since the original posters problems appear to be resolved and has not returned, I'll lock this topic