message broadcaster. What is it and how to get rid of it?

Discussion in 'Online Security' started by Headcheese, Jun 9, 2004.

  1. Headcheese

    Headcheese

    Joined:
    Jan 21, 2003
    Messages:
    63
    I have run ad-aware and Spy-bot, but this freaking popup program is in my system and I cannot find the .exe, or get rid of it. It inserts banners and underlines words on my webpages (IE6) and hot links them with a little green underline.

    Its making me ill, can you guys help?
     
  2. Lobos

    Lobos

    Joined:
    Mar 28, 2004
    Messages:
    931
    Location:
    California
    First, create a folder for HijackThis in the root folder of your hard drive
    example
    C:/HJT
    C/hijackthis
    next
    Click here to download Hijack This. Save it to the folder you have just created
    Close all open windows and open HIJACK THIS. Click “Scan”[/b] . When the scan is finished (it only takes a second), the scan button will change to“Save Log”. Click on“Save Log” and save it to NotePad. Copy the entire log and paste it here.

    DO NOT FIX ANYTHING YET , most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise
     
  3. Headcheese

    Headcheese

    Joined:
    Jan 21, 2003
    Messages:
    63



    Thanks
     
  4. Lobos

    Lobos

    Joined:
    Mar 28, 2004
    Messages:
    931
    Location:
    California
    ok

    Run hijack this put a check next to these close all browsers and hit fix

    Make sure not to miss one

    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll

    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)

    O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\system32\mskhhe.dll

    O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINDOWS\system32\msglji.gif

    O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINDOWS\system32\msibkd.dll

    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

    O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\system32\msjfbl.dll

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O3 - Toolbar: zSearch Bar - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\Program Files\zSearch\zSearch.dll

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

    O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe

    O4 - HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe

    O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe

    O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} (WTDMMPVersion Class) - http://install.wildtangent.com/bgn/...lim/install.cab

    O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.clickteam.com/vitalize3/vitalize.cab




    -----------------------------------------------------------------------------------------------------------------------------------

    To enable the viewing of Hidden files follow these steps:
    1. Close all programs so that you are at your desktop.
    2. Double-click on the My Computer icon.
    3. Select the Tools menu and click Folder Options.
    4. After the new window appears select the View tab.
    5. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    6. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    7. Remove the checkmark from the checkbox labeled Hide protected operating system files.
    8. Press the Apply button and then the OK button and shutdown My Computer.
    9. Now your computer is configured to show all hidden files.


    reboot into safe mode

    How to boot into safe mode
    ------------------------------------------------------------------------------------------

    delete these folders

    C:\Program Files\TV Media
    C:\Program Files\zSear

    then
    Reboot normally &

    come back and post a fresh log


    Lobos
     
  5. Headcheese

    Headcheese

    Joined:
    Jan 21, 2003
    Messages:
    63

    Thanks, that seemed to help tremendously!
     
  6. Lobos

    Lobos

    Joined:
    Mar 28, 2004
    Messages:
    931
    Location:
    California
    well thats good that it's running better but you still have some cleaning to do



    Run hijack this put a check next to these close all browsers and hit fix

    Make sure not to miss one


    O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\WINDOWS\system32\mskceo.dll

    O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - (no file)

    O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\system32\mseggo.gif

    O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\system32\msedah.dll

    O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\system32\msnkmi.dll

    O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

    O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe


    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe

    -----------------------------------------------------------------------------------------------------------------------------------

    To enable the viewing of Hidden files follow these steps:
    1. Close all programs so that you are at your desktop.
    2. Double-click on the My Computer icon.
    3. Select the Tools menu and click Folder Options.
    4. After the new window appears select the View tab.
    5. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    6. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    7. Remove the checkmark from the checkbox labeled Hide protected operating system files.
    8. Press the Apply button and then the OK button and shutdown My Computer.
    9. Now your computer is configured to show all hidden files.


    reboot into safe mode

    How to boot into safe mode

    delete

    these files
    C:\WINDOWS\system32\mskceo.dll
    C:\WINDOWS\system32\mseggo.gif
    C:\WINDOWS\system32\msedah.dll
    C:\WINDOWS\system32\msnkmi.dll

    this folder
    C:\Program Files\TV Media



    then
    Reboot normally &




    come back and post a fresh log


    Lobos
     
  7. Headcheese

    Headcheese

    Joined:
    Jan 21, 2003
    Messages:
    63
     
  8. glc

    glc Forum Administrator Staff Member

    Joined:
    May 26, 2000
    Messages:
    47,821
    Location:
    Joplin MO
    Following the procedures above, remove the following:

    O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINDOWS\system32\msibkd.dll
    O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\system32\msjfbl.dll
    O4 - HKLM\..\Run: [mswspl] C:\Program Files\Windows Media Player\wmplayer.exe

    Reboot to safe mode and delete the following files:
    msibkd.dll
    msjbfl.dll
     
  9. Headcheese

    Headcheese

    Joined:
    Jan 21, 2003
    Messages:
    63
    Whatever it is, its hooked into Google, and changes the search results!
     
  10. glc

    glc Forum Administrator Staff Member

    Joined:
    May 26, 2000
    Messages:
    47,821
    Location:
    Joplin MO

Share This Page