General discussion

Locked

How do I get rid of ....hp.uti?

By capri ·
Apparently I have been struck with a virus or at the least a Trojan (specifically Download.Trojan and Trojan.Byte.Verify. I have run Norton A/V and deleted the files identified in quarantine, but it keeps appearing as my home page in IE. IE is not working properly either. I get an error message which I can bypass only by moving the dialog box to the side of the screen and ignoring it. However, my surfing does not reach every screen I'm trying to access. HELP!

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by tigers7612 In reply to How do I get rid of ....h ...

before you deleted the quaratine files did you turn off system restore? if you did not i suggest try that first.

Collapse -

by capri In reply to How do I get rid of ....h ...

Thanks for your response; I should have included that I'm running Win98SE, and don't have System Restore. I have downloaded and run HiJackThis.exe and have deleted several suspicious files but not sure I have defeated the enemy yet!

Collapse -

by TABComputers2002 In reply to How do I get rid of ....h ...

What's the error msg your getting? Re-run Hijackthis, and post the results. There're might be more there that needs removing

Tim

Collapse -

by capri In reply to How do I get rid of ....h ...

All seems to be OK right now but I re-ran HiJackThis and here's the log. If you see anything that seems suspicious (from your experience), please share. Looks OK to me. I do appreciate all the responses!

Collapse -

by capri In reply to How do I get rid of ....h ...

Guess it would help if I included the log
Here's half of it...the other half in next comment.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\SYSTEM\USBMonit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE
O4 - HKLM\..\Run: [DBMS] C:\WINDOWS\DRIVERS\DBMS.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [ASDISK] C:\WINDOWS\JAVA\CLASSES\ASDISK.EXE

Collapse -

by capri In reply to How do I get rid of ....h ...

Last half of the log...

O4 - HKLM\..\Run: [jopa] C:\WINDOWS\SYSTEM\SYSSTARTUP.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [jopa] C:\WINDOWS\SYSTEM\SYSSTARTUP.EXE
O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll
O4 - Startup: WinDO Auto Startup.lnk = C:\WINDO\WINDO.EXE
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - User Startup: WinDO Auto Startup.lnk = C:\WINDO\WINDO.EXE
O4 - User Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: ComcastHSI (HKCU)
O9 - Extra button: Help (HKCU)
O9 - Extra button: Support (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mfg: C:\PROGRA~1\INTERN~1\PLUGINS\npmirage.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E09**62EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

Collapse -

by wlbowers In reply to How do I get rid of ....h ...

Turn off system restore if it is used in your os.

Download, update, and run the following.

Your Antivirus Software

Spybot:
http://tinyurl.com/ziar

Ad-Aware:
http://tinyurl.com/tek5

CWshredder:
http://tinyurl.com/2bzef
Or
http://tinyurl.com/2k642
Look for the file in English CWShredder.exe

Hijack This:
http://mjc1.com/mirror/hjt/

Hijack This is useful in that it shows what is currently loading on startup. You must know what is good and what is bad. Once you check it and fix it is gone. So be sure.

Run Your Antivirus again

I have had to boot into safe mode and run these.

Good Luck Lee

Back to Desktop Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums