Need help - hijacked by my123.com

[dckm]

Hi Guestolo,

 http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' /> Please find my attached hjt and SReng log.
Thanks.

[guestolo]

Can you do the following please
I want to try another method of removing this pest
It's a chinese removal tool

Download My123Killer.exe by Rising and save too desktop

• Double click on My123Killer.exe on your desktop
  
• If you receive a prompt to install language pack, select NO
• Click the SCAN button and allow it to scan
  
• When scanning is complete click the clean/disinfect button
  

Reboot the computer afterwards

Can you post a fresh hijackthis log and a new log from SReng please

[dckm]

Hi,

Thanks for the prompt reply. Apparently, the my123killer toos did not detect any virus after running. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' />
Anyway I continue to generate the logs for you. Please see attachment.
Thanks.

[guestolo]

Can you try another tool please
It's in chinese, but hopefully you can help interput it for me
I'm not affiliated with this tool at all, but I uploaded it as a zip file instead of .rar

From the bottom of this reply box download>>save
m1v25.zip
UNZIP it to your desktop and then double click on m1v25.exe

From what I see you must run the first button on the bottom left if infection is found
Can you interput it for me[attachment=1809:m1v25.zip]

[dckm]

Hi,

Can't seems unzip it. Kept getting error, "invalid or corrupted".

[guestolo]

Are you using XP's built in tool to try and unzip it
Or do you have something like IZArc or Winzip installed?

Here's the original download location
http://dl.360safe.com/m1v25.rar

Let me know if you can extract that download

[dckm]

Thanks. I manage to download now.
Yes you are right, the bottom left button is to "Clean".
From the log of the program (below), I make out something like it's pointing to 2 files:

Ç¿Á¦×¨É±¹¤¾ß!
ÖØÒªÌáʾ³ÌÐò½«Áгö¿ÉÒɵÄÇý¶¯³ÌÐò,ÆäÖпÉÄÃ
œÂ°Ã¼ÂºÂ¬Ã•Ã½Â³Â£ÂµÃ„Çý¶¯Îļþ!
ÇëÔÚÈ·ÈÏËùÓÐÁгöÎļþ¶¼ÊDz¡¶¾ÎļþʱÔÙµã»÷
Çå³ý°´Å¥.

·¢ÏÖ²¡¶¾ÎļþCWINDOWSsystem32driversqrxerljk.sys
·¢ÏÖ²¡¶¾ÎļþCWINDOWSsystem32driversltjzgirv.sys

Yeah! I reboot and the probelm is solved.
Attached my latest HJT log.

Thanks fot he big help. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'\' />

[guestolo]

Very sorry for the delay, I had trouble accessing the forum
Can you post a fresh hijackthis log please, I want to ensure nothing has changed
We still have a bit of cleaning to do also

[virusvictim]

I removed my123.com last night using my123killer2.exe, but after i removed it. I can not access the internet at all..... http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' />
So becareful before u removed it, make sure it's safe to do so.

[guestolo]

Loss of internet connection has been happening with the removal tools from this bad guy
A good idea, ahead of time is to have a copy of LSPFix or Winsock fix
If your running XP SP2, a run command can restore it

Anyways, Since the original posters problems appear to be resolved and has not returned, I'll lock this topic