Tech Support Guy banner
Cancel
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

istbar and jetlbass

895 Views 9 Replies 2 Participants Last post by  jjbeard
J
Hi, i have run hijack this and on the advice of many others i have fixed istbar. however, it keeps reappering in adaware and then again in hijeck this. Here is my latest log of this computer:

Logfile of HijackThis v1.98.2
Scan saved at 16:58:28, on 10/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opera7\opera.exe
C:\Documents and Settings\Julian\My Documents\My Received Files\HijackThis19802.exe
C:\Program Files\Messenger\msmsgs.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3688DCE1-4502-1ED6-593B-4836539CFEB0} - C:\WINDOWS\system32\epf.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [GJBwe1m] C:\WINDOWS\mrrkkhh.exe
O4 - HKLM\..\Run: [-
] C:\WINDOWS\mrrkkhh.exe
O4 - HKLM\..\Run: [GJBwe1mú*Àaî?aaøY§C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mrrkkhh.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [GJBwe1mú*Àaî?aî?aaøC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mrrkkhh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RealAudio.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{42A35699-115D-49D8-AD86-3A4FA51BA0B5}: NameServer = 194.74.65.69 194.72.9.38

can any suggest how to get rid of it becuase its slowing down my computer. Also is there anything else i need to fix here?

Also i keep getting norton antivirus warnings for

C:\WINDOWS\jetlbass.dll
Trojan Horse

but it is not in hijackthis, and norton can't delete it be cause "access is denied." Can anyone help.

Thanks a lot,
jules
See less See more
Save
Like
Status
Not open for further replies.
1 - 4 of 10 Posts
M
A new version of Hijack This has been released so get rid of the old one and
download from this site http://majorgeeks.com/download3155.html
Save
Like
M
Run hijackthis and fix the following items. Be sure all windows are closed except for hijackthis.

O4 - HKLM\..\Run: [GJBwe1m] C:\WINDOWS\mrrkkhh.exe

O4 - HKLM\..\Run: [-
] C:\WINDOWS\mrrkkhh.exe

O4 - HKLM\..\Run: [GJBwe1mú*Àaî?aaøY§C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mrrkkhh.exe

O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [GJBwe1mú*Àaî?aî?aaøC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mrrkkhh.exe

Reboot in safe mode and delete this file

C:\WINDOWS\mrrkkhh.exe

and delete this folder

C:\Program Files\ISTsvc\istsvc.exe

reboot and post a new hijackthis log
See less See more
Save
Like
M
Ok lets do this and just be sure it is gone

Run an online antivirus check from at least one and preferably 2 of the following sites

http://security.symantec.com/default.asp?
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/
http://www.ravantivirus.com/scan/
http://www.anti-trojan.net/en/onlinecheck.aspx

Be sure and put a check in the box by "Auto Clean" before you do the
scan. If it finds anything that it cannot clean have it delete it or
make a note of the exact file name and file location so you can delete it yourself.

Than run norton and let us what they find if anything
See less See more
Save
Like
M
Go to start > run > %temp% > edit > select all > File > delete
Save
Like
1 - 4 of 10 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top