March 17th, 2004, 07:36 PM
looks to me that you've gotten more stuff than you had before..
remember to close your browser when doing the fix.
that Sifxinst.exe one is probably the trojan horse Trojan.Download.Chekin
get rid of this
There have been reports that the file, Sifxinst.exe, is a file that the Trojan uses, and that this file, when run, creates the file, Owmngr.exe.
O4 - HKLM\..\Run: [winactive] C:\PROGRAM FILES\WINDOW ACTIVE\WINACTIVE.EXE
the AutoUpdate.exe one is another nasty..
how the hell are you getting more ? do you have a decent trojan scanner ?
I haven't bothered to look at the rest of your entries but like it was suggested, I'd get rid of that ICQ one..
O4 - HKCU\..\Run: [IcqBeta] C:\WINDOWS\SYSTEM\HAIZAZ7I.exe
and I would also get rid of that army one..
O4 - HKLM\..\Run: [army link] C:\PROGRA~1\THIRDI~1\SixthDupeNoun.exe
perhaps they're the reason for the other new ones..
edit : don't forget to delete the files from your drive for those as well.. (and the directories for the ones that have their own directory)
March 18th, 2004, 12:01 AM
As far as I can tell, one of your biggest problems is the Stop Sign software that you either installed knowingly or accidentally. Read what Pest Patrol has to say about this malware at http://www.pestpatrol.com/PestInfo/S/StopSign.asp . Remove it from "Add/Remove Programs".
Run Spybot S&D and AD-aware in safe mode. You can download them both from CNET downloads. Make sure you update them both before runing them. Remove everything they suggest. Next take your pc through an online virus scanner - I personally prefer the Panda Active Scan located at http://www.pandasoftware.com/activescan/
Next download a free antitrojan.... I prefer A2 free located at http://www.emsisoft.com/en/
After all that, rerun HijackThis and fix anything left over from the first time around that was suggested that be removed - you have a lot of good suggestions here.
Post back when you've done everything listed with a new (hopefully cleaner) HT log. Make sure you have run all the scans -they're important and often easier than a manual fix.
March 18th, 2004, 02:39 AM
Everyone has forgot to make the most logical suggestion, don't use ME!!
March 18th, 2004, 03:12 AM
thanks for helping out meeeeeee...
ian.. yes we know winMe can be unstable.. but it doesn't matter which windows OS you run, you can still get hijacked,trojaned, and "virused". So blatantly saying that winMe is the problem.. doesn't help because it's NOT the problem in this case.