Hijack!!(Adwre.InternetOptimizr.SysPr otect.Ezula.Adlogix.Generic)and on! (RESOLVED)

**Lloyd** · 08-05-2006

I think I messed up! Everything was going according to plan. I ran the ewido saved the log file. then ran the BFU, worked perfectly- seen the blue bar going across- then saved that log file. Then ran Hijack and saw one file that just said (file missing) so i checked and cleared that. Then ran hijack again and didn't see anything familiar to me to be a virus. Then here's where i messed up i think.

I looked at the log file from bfu and noticed that the file i asked you about (userinit) was a virus or at least there was an infection in it or something, so i just did a regular computer search and located two files : userinit.exe and (userinit.dll or user.exe-1 of the 2) and I deleted them!!! I now know that I shouldv'e waited to ask you but I was trying to get that damned virus! But the problem is now that when I went to restart the computer to go out of safe mode I accidentally hit switch users, I don't know if that done it or the premature deletion of those aforementioned files. But the computer now just loads up til the Log on screen where it says "Welcome" and you pick a user- Administrator. But when you click on administrator it goes to load - says underneath administrator " loading personal settings. ." like its going to start up . . . then "saving personal settings. ." like you just logged off. Then it stays on the Welcome screen.

I don't know if you can help me with this or not but I know you can at least point me in the right direction to. I'm sorry I messed things up. I will never do that again. Please let me know what if anything at all I can do. Or at least anything short of a complete re-insallation of xp? - like is there a way I can pop-in an auto-execuatable cd right as the computer is trying to log in and then place that file in its right place. or someway that I can put that file in the computer in DOS mode and reboot or whatever.

Please help!!! I know I messed up!
Thank You for being so understandable and patient with me. Thank You.

**VopThis** · 08-05-2006

Can you get back into SAFE MODE? See if the files you deleted are still in the 'Recycle Bin'. If so, right click on each file of interest and select 'Restore'. You need to get them ALL back.

ADDITIONALLY,

You may also find some additional suggestions here:

http://forums.microsoft.com/MSDN/Sho...60706&SiteID=1

LASTLY,

If you have a Windows XP disc (CD), set the bios to boot from CDROM first and try a repair install.

How to run a repair-install

**Lloyd** · 08-05-2006

Ahhh. Ok. will do.
I already tried to get into windows in safe mode but it still locks me out with the same problem, only letting me go to the welcome screen. But thanx, I will try to do a repair install, but with my xp cd (will that work?), because DELL only gave my sister the cd's to install drivers for her monitor and printer and that was it! I told her to call and get the windows cd and they told her she has to pay 4 it now, I only told her not to pay for it because i said they should have given it to her already when she purchased the computer but now their giving her the run around. . . in any case I will go over there with my disk (hope that works) Thank You. and again im sorry for the delay in progress with this idiotic move by me. But I will post a log once I have completed doing that. Thank You again.

**VopThis** · 08-05-2006

I will try to do a repair install, but with my xp cd (will that work?)
...........
I will go over there with my disk (hope that works)

That could, and likely, make matters worse. With Dell, you need to use OEM provided media, ONLY. Or review the Dell forums for discussions on this matter. When you buy Dell, there is an inexpensive option to pay for the CDs when purchasing your computer.

**Lloyd** · 08-05-2006

Oh ok didn't know that. Im gonna have to wait til she gets the xp cd from dell then before I can continue?
I've taken a look at some of the sites from that other link and couldn't get the same results because the people had extra or different hard drives that they could hook up to their computers to get to the safe mode or something like that. But I will get back to you as soon as possible on this but I have to wait unitil my sister gets out of work to let her know that she has to get the xp disk specific to her Service tag or express service code then.

Thank you. Hope your day is going bye very well, because you deserve only the best of days!
Thanx again for all you help

**Lloyd** · 12-05-2006

Hi everyone reading this,
I'm still waiting to get over to my sisters. A lot has happened over this past week keeping me from getting to that computer, one of which was that someone from NewYork just totalled my car when they crashed into me, but lifes-life and all's well, at least I didn't get hurt at all!

But as soon as I get the chance to get over there to her house I will post you on the details of the goings on.

Thanks for being so patient with me.

**Lloyd** · 14-05-2006

Ok I went over there and she went and did a complete reinstall before I got there. Thanks for all your help anyway.Now she has a new but obvious problem, that she has driver files missing. Like the sound driver file and an ethernet controller file for her westell 6100. i've tried to get links on these briefly but they only ended up coming back dead.
If anyone can help point in the right direction to get that computer restored back to fully operation conditions it'd be greatly appreciated thanx.
BTW
Is there a program that I can run to see what type of sound card is in the computer to actually look for the correct file I need anyway?

**VopThis** · 14-05-2006

Good to see that everyone is on the road to mending.

has driver files missing. Like the sound driver file and an ethernet controller file for her westell 6100.

If everything on that PC was provided by DELL, you can enter the 'Service Tag' and it will provide access to a complete record of installed components and ALL needed related driver downloads. Some drivers are provided OEM to DELL - that means that they are not likely to be directly available to the public for download:

http://supportapj.dell.com/support/t...=gen&~lt=popup

Is there a program that I can run to see what type of sound card is in the computer to actually look for the correct file I need anyway?

If you still require more info on particular devices and loaded software, try the following personal PC auditing tool:

http://www.snapfiles.com/reviews/Bel...or/belarc.html

Try looking in categories: 'multimedia' or 'other devices'.

**Lloyd** · 15-05-2006

Thank You again VOP.
Everythings up and running. thanx for the links, they were exactly what was needed. Well I didn't need to use the belarc but it looks like a very useful tool especially so that that can be printed out and stored for later use if need be.

Thank You.

So just to re-itterate alls well

I will post 1 more time on this thread after a couple of days just to let you know everything stayed well, Thanks Again for all your help!

**VopThis** · 15-05-2006

To help avoid serious infection again, please look carefully at this post for some excellent preventative measures. Prevention must be made the first line of defense to improve upon.

ONLY ONCE you are as clean as possible from any needed cleanup steps - As a final cleanup step (after serious infection), it may be advisable to Reset and Re-enable your System Restore to remove any bad files that MAY have been backed up by Windows . The files in System Restore are protected to prevent any programs changing them. And, this is the only complete way to clean these files: (You will lose all previous restore points which could likely be infected, anyway.)

PLEASE NOTE: you will need to log into your computer with an account that has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account. Accordingly and of further note; it can be very unsafe to run with admin rights on any PC that you browse the Internet with.

(Windows XP)

FOLDER LOCATION: c:\System Volume Information\_restore….

To Turn OFF System Restore.

Click the Start button.
Right-click My Computer, and then click Properties.
On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
Click Apply.

REBOOT.

To Turn ON System Restore.

Follow the steps in the previous section, but in step 3, uncheck Turn off System Restore or Turn off System Restore on all drives. Then click OK.
Create new System Restore points.

(Windows ME)

FOLDER LOCATION: c:\_RESTORE\TEMP\….

See the following link for instructions:
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

To reduce the re-infection potential for malware and protect your PC against spyware, here are a few helpful suggestions:

Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft . This will patch many of the security holes through which attackers can gain access to your computer . You CANNOT complete this update using an alternate browser – you must use Internet Explorer.
http://v5.windowsupdate.microsoft.com/v5co...t.aspx?ln=en-us
http://www.microsoft.com/windows/ie/default.asp
- http://www.securityfocus.com/news/11273
  If you surf to questionable (blockable) parts of the Web, you could encounter sites that compromise your PC without any user interaction. In experiments [reported Aug 2005], Microsoft identified 752 specific addresses owned by 287 Web sites that contain programs able to install themselves on a completely unpatched Windows XP system. Also, be aware that the WinXP Service Pack 2 was an update that focused almost exclusively on security. Also reported was that a fully patched Windows XP SP2 system cannot be compromised by any such discovered rogue Web sites.
Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching (using a real-time AV tool only one at a time), there are some good free Antivirus programs that are decent, including AVG and Avast!.
AVG: http://free.grisoft.com/doc/1
Avast: http://www.avast.com/eng/avast_4_home.html
In addition to using Ad-aware, consider using another free malware scanning/removal program :
Adaware SE: http://www.download.com/Ad-Aware-SE-Person...ubj=dl&tag=top5
Spybot S&D: http://www.download.com/Spybot-Search-Dest...tml?tag=lst-0-1
Microsoft Windows Defender beta 2 : http://www.download.com/Microsoft-Wi...ml?tag=lst-0-1
Consider using a free firewall if you are not already using one (use only one firewall at a time – normally you will need to disable the MS firewall). Some good free ones (for incoming and added outgoing traffic protection) are:
Kerio Personal Firewall: http://www.sunbelt-software.com/Kerio.cfm
*** After 30 days, Kerio shuts down selected features, but will continue to run in 'free' mode.
Zone Alarm: http://www.zonelabs.com/store/content/company/products/znalm/comparison.jsp?lid=ho_za

It is not a bad idea to also consider using a Router/Hardware firewall device where you have a High-Speed Internet access connection. A software firewall may occasionally need to be disabled or it gets/remains disabled by someone or something. Such an added layer of security consistency has a lot of merit to it.
Consider using an alternate free browser for general web surfing but you must use IE for windows updates. The use of Firefox (or similar alternate) mitigates the many types of malware that are now possible when using IE ActiveX based components.
Mozilla Firefox: http://www.mozilla.org/products/firefox/
Consider increasing your browser security by using these programs:
SpywareGuard will help protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
SpywareBlaster will increase browser protection by blocking access to thousands of known malware sites by adding them to IE's restricted sites zone. It essentially blocks known- bad ActiveX program items from being installed or running on your computer. Download it here: http://www.javacoolsoftware.com/spywareblaster.html
- If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/
- IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
  http://www.spywarewarrior.com/uiuc/resource.htm
A HOSTS file can block Internet access to thousands of known-bad sites by not allowing you any easy browser access to such sites knowingly or unknowingly. Use HJT to determine if a current HOSTS file exists and any contents therein:
- Run the HiJackThis tool and select ‘Open the Misc Tools section’.
- Next select ‘Open host file manager’ button.
- Use the ‘Open in Notepad’ button in XP/W2K or use WORDPAD if necessary [type wordpad.exe in the RUN box (Start>Run)] and load the FILE PATH identified in HJT.
- Go to http://www.mvps.org/winhelp2002/hosts.txt . # Read the initial instructions #. Copy and paste (append or replace) the RELEVANT host address entry contents of that file into Notepad or Wordpad and save the updated file contents.
  
  EXCERPT:
  
  #start of lines added by WinHelp2002
  # [Misc A - Z]
  127.0.0.1 phpadsnew.abac.com
  127.0.0.1 a.abnad.net
  127.0.0.1 e.abnad.net
  127.0.0.1 www.accoona.com #[Adware-Accoona][Adware.Atoolb][Panda.Accoona]
  .
  .
  .
  #end of lines added by WinHelp2002

*Remember just like your primary anti-virus software, it is important to:
Keep all of these programs up-to-date, and

Use them on a regular basis.

Hijack!!(Adwre.InternetOptimizr.SysPr otect.Ezula.Adlogix.Generic)and on! (RESOLVED)

Re: HelpPlease!!!Hijack!!(Adwre.InternetOptimizr.SysPr otect.Ezula.Adlogix.Generic)and on!

Similar Threads

Trojan.Win32.Generic!BT

hijack log / generic downloader.x problem

HELP!! My Pc is infected w/ adlogix browser hijacker(RESOLVED)

Help remove Adlogix--My Hijack this Log

Can't get rid of Adlogix Broweser Hijacker - Hijack This Log