Anilrgowda

hi guys
My system has been hacked. I just clicked on a link in my email and thats it, all kinds of pop ups started showing up.
my home page automatically changed to some stupid page and when i right click on internet explorer to set the home page back
i see the "Home page" section is disabled.

any idea how i can get rid of this popup and set the home page back.

I am using windows 2000.

any help greatly appreciated as this is really frustrating!

Soln
aggernat, they're variants of SDBot and IRCBots, the entries that you removed before are possibly no longer showing in this log, if they are not showing can you tell us what they were? hijackthis creates a backup of all the entries that were fixed(backup is where your hijackthis.exe was, right now your hijackthis is in the temp folder(it's good to put it in its own folder so it's not accidentally deleted)


Anyway try this:
1. Please download The Avenger by Swandog46 to your Desktop.
http://swandog46.geekstogo.com/avenger.zip

*Click on Avenger.zip to open the file
*Extract avenger.exe to your desktop

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens, copy, then paste the following text(all text/characters between the lines below):

-----------------------------------------------------------------------------------------------------------
Files to delete:
C:\DOCUME~1\Jay\LOCALS~1\Temp\IEXPLORE.EXE
C:\WINNT\system\svchost32.exe
C:\WINNT\system\svhost.exe

Registry values to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | SVCHOST
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Task Manager
------------------------------------------------------------------------------------------------------------

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.


2. For any leftovers IRCBots,
Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
Please then reboot your computer in Safe Mode by doing the following:[*]Restart your computer[*]After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;[*]Instead of Windows loading as normal, a menu with options should appear;[*]Select the first option, to run Windows in Safe Mode, then press "Enter".[*]Choose your usual account.[*] In Safe Mode, right click the SDFix.zip folder and choose "Extract All", [*] Open the extracted folder and double click "RunThis.bat" to start the script. [*] Type "Y" to begin the script.[*] It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. [*] Press any Key and it will restart the PC. [*] Your system will take longer that normal to restart as the fixtool will be running and removing files. [*] When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.[*] Finally open the SDFix folder on your desktop and copy and paste the contents of the results file "Report.txt" back


Fix these entries in Hijackthis:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/bridge-c8.cab?9b91da394bb089c426c4c8fcb2032040a0984db8cca d09aad24d7ebc200f0941a5b810e6eae0e4827334f18e89543 4b50ff31e0c2b0e8f858ddc2e736e:e3eb4becbb5c1ba39dd0 84361d36488e



Afterwards, can we look at a fresh hijackthis log?