MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Adware / Browser Hijacking problem
December 09, 2019, 04:57:10 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
December 09, 2019, 04:57:10 PM

Login with username, password and session length
 Featured Sites:
News
Article Writers We are looking for quality, informational articles to add to our Computer Articles
Please contact us if you are interested in submitting some....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Adware / Browser Hijacking problem  (Read 1424 times)
hhhh
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 2


Bookmark and Share

View Profile
« on: December 04, 2004, 02:50:31 PM »

Hi

I have Win2k, IE6.0. I conenct to Interent and WinGate installed on my machine as proxy to connect to network.

When I try to go to any site from IE, an unwarranted web page appears
Non Prescription medication selling site. I am unable to visit any site; However this does not happen if I type www.yahoo.com or google or microsoft or hotmail. I can visit these sites. But no other site.

Even I am unable to download/send emails.

I am facing this issue since last few of weeks. There is more to this behaviour...I haev observed following;

In the morning when I start all my machines; I face no problem. After few hours, this issue starts. I have tried to clean my machines with Nortan AV, various spywares. But it did not help.

after couple of weeks, this problem seemed to go away, i think magically. But this problem re-appeared again today.

I have attached log of HijackThis to this posting.

Please help me to resolve this issue.

Thanks and warm regards
haresh

Logged

 
hhhh
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 2


Bookmark and Share

View Profile
« Reply #1 on: December 04, 2004, 02:55:51 PM »

I am unable to attach log file ... so pasting the hijackthis log here...



Logfile of HijackThis v1.98.2
Scan saved at 8:07:08 PM, on 04/12/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\csrss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\msdtc.exe
D:\WINNT\System32\cisvc.exe
D:\WINNT\system32\crypserv.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINNT\System32\mnmsrvc.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\tcpsvcs.exe
D:\Program Files\WinGate\WinGate.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\GSICON.EXE
D:\WINNT\system32\dslagent.exe
D:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\PROGRA~1\NORTON~1\navapw32.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
D:\Program Files\WinGate\wgengmon.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Program Files\SpyKiller\SpyKiller.exe
D:\WINNT\System32\cidaemon.exe
D:\WINNT\System32\cidaemon.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\GetRight\GETRIGHT.EXE
D:\Program Files\GetRight\GETRIGHT.EXE
C:\apps\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe
F:\Technology\virus info\anti-spyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [CreateCD50] "D:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpyKiller] D:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] D:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Global Startup: PCPhone.lnk = D:\Program Files\PCPhone\PCPhone.exe
O4 - Global Startup: WinGate Engine Monitor.lnk = D:\Program Files\WinGate\wgengmon.exe
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17488FDE-5D6E-4481-AB69-2E6006987121}: NameServer = 202.54.10.2 203.197.12.42
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC5A02DF-7CD9-490E-B89A-5935CD36399F}: NameServer = 202.9.128.6,202.9.128.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{5AFE6A73-526C-4D68-8D99-A339CD0770CD}: NameServer = 202.9.128.6,202.9.128.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{17488FDE-5D6E-4481-AB69-2E6006987121}: NameServer = 202.54.10.2 203.197.12.42
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

Logged

 
jvic
Visiting Administrator
Hero Member
*****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1238


Bookmark and Share

View Profile
« Reply #2 on: December 04, 2004, 03:14:03 PM »

First I would recommend uninstalling spyware killer
see here

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O4 - HKCU\..\Run: [SpyKiller] D:\Program Files\SpyKiller\spykiller.exe /startup

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab

Close all windows except for hijack this and click fix

Boot Into Safe Mode Making Sure You Can see Hidden files And Folders

How To Boot Into SafeMode


How To Show Hidden Files And Folders


Delete:


D:\Program Files\SpyKiller<<<folder

Restart your computer

Please download and run the following programs:

AD-AWARE

Install the program and launch it.

First, in the bottom right-hand corner of the main window
click on Check for updates now then click Connect and download
the latest reference files.

Then, in the main window: Click Start and under Select
 a scan Mode tick Perform full system scan.

Then, deselect Search for negligible risk entries.

To start the scan, click the Next button.

When the scan is finished mark everything for removal
and get rid of it. (Right-click the window and choose select
all from the drop down menu and then click Next)

Restart your computer.


SPYBOT SEARCH & DESTROY


Open Spybot Search & Destroy (Click Start, Programs,
Spybot S&D (Advanced Mode). Click online, Search for updates,
Download all available updates. Close all Browser windows,
Click ''Check for Problems''. Anything that needs to be fixed
it will show in red and have a green check in the box to the left.
Click ''Fix Selected Problems'',

Restart your computer and post a new hijack this log













« Last Edit: December 04, 2004, 03:25:10 PM by jvic » Logged

John Vickers
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page June 28, 2018, 04:45:51 AM