HijackThis Question

[Marik]

Well I just found this after I rebooted

Hijack This found them

F3 - REG:win.ini: load=U???

F3 - REG:win.ini: run=U???

I'd say it's pretty much safe to delete them yes?

and also, where in the registry do I find those other two entries? :unsure:

[implague]

this mite help you

[Marik]

already consulted it...both are listed as nasty

I never had these before, so I'm guessing their bad

also found those other two

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="縘粐粐粐Ÿ
踠踘ਸ਼粑Ƚ"
"hkey"="HKCU"
"command"="縘粐粐粐Ÿ
踠踘ਸ਼粑Ƚ"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Run]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="縘粐粐粐Ÿ
踠踘ਸ਼粑Ƚ"
"hkey"="HKCU"
"command"="縘粐粐粐Ÿ
踠踘ਸ਼粑Ƚ"
"inimapping"="1"

[DKT27]

That's written in Chinese. The last time I had something like this, I was infected by a deadly Chinese keylogger which allowed the hacker to hack my msn mail account. Mentioned it many times, you must b knowing. It made thousands of folders into folders into folders which were empty but were written in chinese. Same with registry, folders into folders into folders, all with chinese names but empty. Scanned my system with everything but was not able to find anything. Then, to everyone's surprise, Microsoft Malicious Software Removal Tool found two keyloggers who's IP I traced to china via WireShark.

[Marik]

when I saw your avatar I almost mistook you for Shought :lol:...running the mrt now

[DKT27]

Yeah I'm watching South Park these days, got shought's viral. :bag:

You can also try MBAM, it's known to remove registry infections.

[Marik]

I did try MBAM, and it removed two entries...one was trojan/work, and the other I can't remember, but it was bad as well

[HX1]

Ohhwwa.. you catchuh deadwy Chinese viroos.. Vewy dangewous.. vawwwy rwaaaare.... - Crank2 :lmao: Just DON"T go jumping out of any airplanes anytime soon..

Yeah I have like no entries in that area... I would have suggested probably checking it with SpyBot.. Definitely odd.. I found some Chinese labeled files in my Windows folder awhile back.. but I think that they have something to do with my AMANA Screensaver.. I wasn't for sure.. still not.. but nothing picks them up as anything..

EDIT: Did see some other stuff you should probably clean.. just in the little bit of the Log I seen..

[tipo]

use trojan remover to scan your pc. TR is not created to detect trojans and other bad stuff but the modifications to the system created by the malware.

[unknownasphyxiated]

try this to check any leftover

OTL = Hijackthis on steroid

use Sysinternals Autoruns to double check your system

RunScanner is also another good software to inspect youur system

use GMER to detect rootkit

always be with me when dealing with infection

[Marik]

autoruns

is the IE thingy supposed to be like that or is it dubious?

btw, these things all started after I installed Megakyes

[Brrownie]

That's it Marik, Chinese are after you now :ph34r: ... Never mess with the Chinese girls !!! somebody going down ..Aye be a man, do the right thing ( Russell Peters):lmao:

Try UnHackMe

2. Tizer Rootkit Removal

To be honest I dont use S&D much now days...but saying that its not to say I will never use it again.

Malwarebytes and Superantispyware are the best at the moment but there not 100%

Cheers

[DKT27]

So megakey is culprit. Didn't you use a sandbox? Any results from MRT (yet)?

[Marik]

So megakey is culprit. Didn't you use a sandbox? Any results from MRT (yet)?

no I didn't use a sandbox. MRT found absolutely nothing

MBAM found the culprits....really the only thing left to deal with are those 4 entries in the msconfig and regedit listing

trojanremover found squat as expected, and so did Spybot

the only thing I wanna know is that if it's safe to delete those registry entries in my first post...the one's with run and load and the two in hijackthis

[DKT27]

You should backup your registry, and then remove them.

[unknownasphyxiated]

don't remove the key,just remove the data

you can ignore file not found About:Home

also you can remove HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ {Load and run}

[Marik]

don't remove the key,just remove the data

you can ignore file not found About:Home

also you can remove HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ {Load and run}

did just that, then rebooted...everything is working as it should be....no more error messages about crap being missing at bootup, and no more slowdowns

i may just watch pr0n anime (can u spot the troll?) to celebrate

[DKT27]

don't remove the key,just remove the data

you can ignore file not found About:Home

also you can remove HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ {Load and run}

did just that, then rebooted...everything is working as it should be....no more error messages about crap being missing at bootup, and no more slowdowns

i may just watch pr0n anime (can u spot the troll?) to celebrate

How about sharing your celebration? :hehe:

[Marik]

hah...while I was at it...I also registered youruninstaller with a serial after one month of trying :lmao:

[Alpha1BA]

DL ASquared (Emsisoft) portable (tiz free) stick it on a usb/flash run update then full scan and try that just to make sure (scan will take a while), they are one of the "ones" I trust! also run a decent registry cleaner afterwards

[myidisbb]

dang hentai games :P joking. i do hope you using a second computer for now until you clean the other one.

edit. read the above one wher eyou said you fix it. btw what anime etc was it, ffull file name and format? newsgroups? if so which one

[Marik]

dang hentai games :P joking. i do hope you using a second computer for now until you clean the other one.

edit. read the above one wher eyou said you fix it. btw what anime etc was it, ffull file name and format? newsgroups? if so which one

Yosuga no Sora ep 09 by UTW

Can't wait to see my twincest in ep 10

http://utw.me/2010/12/01/yosuga-no-sora-09/

and the world god only knows ep 9 by horriblesubs

http://horriblesubs.org/

[myidisbb]

dang hentai games :P joking. i do hope you using a second computer for now until you clean the other one.

edit. read the above one wher eyou said you fix it. btw what anime etc was it, ffull file name and format? newsgroups? if so which one

Yosuga no Sora ep 09 by UTW

Can't wait to see my twincest in ep 10

http://utw.me/2010/12/01/yosuga-no-sora-09/

and the world god only knows ep 9 by horriblesubs

http://horriblesubs.org/

so was it the website then?

[Marik]

I honestly have no idea what you're saying....:rofl:

I think along the line, you misinterpreted my words, then I misunderstood yours

if you're talking about what caused my PC to get effed up in the first place, then like I said, it's due to Megakyes

[myidisbb]

I honestly have no idea what you're saying....:rofl:

I think along the line, you misinterpreted my words, then I misunderstood yours

if you're talking about what caused my PC to get effed up in the first place, then like I said, it's due to Megakyes

no problem wsnt giong to use that thing anyway. guess you guinie pig it

thank s