|
Donations |
|
|
|
|
|
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
|
|
|
Survey |
|
|
|
|
|
|
|
|
Translate |
|
|
|
|
|
|
|
|
|
|
View previous topic :: View next topic |
Author |
Message |
raycoolman
Cadet
Joined: Apr 17, 2004
Posts: 3
Location: Oman
|
Posted: Sat Apr 17, 2004 2:33 am Post subject: browser hijack problem |
|
|
i constanlty keep having the same broser hijack problem. i run both adaware and S&D. each time i run adaware i always have the same broser hijack. it never goes away. here is my adaware log:
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :15 April, 2004 7:09:11 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R290 13.04.2004
______________________________________________________
Reffile status:
=========================
Reference file loaded:
Reference Number : 01R290 13.04.2004
Internal build : 220
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\reflist.ref
Total size : 1031549 Bytes
Signature data size : 1013615 Bytes
Reference data size : 17870 Bytes
Signatures total : 22833
Target categories : 10
Target families : 445
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium II
Memory available:0 %
Total physical memory:64996 kb
Available physical memory:452 kb
Total page file size:272032 kb
Available on page file:184936 kb
Total virtual memory:2093056 kb
Available virtual memory:2048128 kb
OS:Windows (9
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
15-04-04 7:09:11 PM - Scan started. (Smart mode)
Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
#:1 [kernel32.dll]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293863231
Threads : 6
Priority : High
FileSize : 460 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1991-1998
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
OriginalFilename : KERNEL32.DLL
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 18-11-03 12:54:33 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 11-05-98 4:01:00 PM
#:2 [msgsrv32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294930499
Threads : 1
Priority : Normal
FileSize : 11 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
OriginalFilename : MSGSRV32.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 18-11-03 12:55:24 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 11-05-98 4:01:00 PM
#:3 [mprexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294928339
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
OriginalFilename : MPREXE.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 18-11-03 12:55:24 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 11-05-98 4:01:00 PM
#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294926223
Threads : 1
Priority : Normal
FileSize : 1 KB
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
OriginalFilename : mmtask.tsk
ProductName : Microsoft Windows
Created on : 18-11-03 12:56:17 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 11-05-98 4:01:00 PM
#:5 [avgserv9.exe]
FilePath : C:\PROGRAM FILES\GRISOFT\AVG6\
ProcessID : 4294949163
Threads : 2
Priority : Normal
FileSize : 20 KB
FileVersion : 6.0.1.374
ProductVersion : 6.0.1.374
Copyright : Copyright (c) GRISOFT, s.r.o. 1998-2002
CompanyName : GRISOFT, s.r.o
FileDescription : AvgServ - displays notification message
InternalName : AvgServ
OriginalFilename : AvgServ
ProductName : AVG6
Created on : 18-11-03 12:09:40 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 14-11-03 2:00:00 AM
#:6 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294955135
Threads : 8
Priority : Normal
FileSize : 176 KB
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
Copyright : Copyright (C) Microsoft Corp. 1981-1997
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows NT(R) Operating System
Created on : 18-11-03 12:55:19 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 11-05-98 4:01:00 PM
#:7 [rnaapp.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294877667
Threads : 3
Priority : Normal
FileSize : 44 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
OriginalFilename : RNAAPP.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 18-11-03 12:57:53 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 11-05-98 4:01:00 PM
#:8 [tapisrv.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294872651
Threads : 5
Priority : Normal
FileSize : 120 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1994-1998
CompanyName : Microsoft Corporation
FileDescription : Microsoft
InternalName : Telephony Service
OriginalFilename : TAPISRV.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 18-11-03 12:55:30 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 11-05-98 4:01:00 PM
#:9 [taskmon.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294778279
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1998
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
OriginalFilename : TASKMON.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 18-11-03 12:55:31 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 11-05-98 4:01:00 PM
#:10 [systray.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294772263
Threads : 1
Priority : Normal
FileSize : 36 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
OriginalFilename : SYSTRAY.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 18-11-03 12:55:30 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 11-05-98 4:01:00 PM
#:11 [loadqm.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294841203
Threads : 3
Priority : Normal
FileSize : 7 KB
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
OriginalFilename : LOADQM.EXE
ProductName : QMgr Loader
Created on : 03-05-00 1:23:10 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 03-05-00 1:23:10 PM
#:12 [starter.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294811943
Threads : 1
Priority : Normal
FileSize : 22 KB
FileVersion : 3.00.00
ProductVersion : 3.00.00
Copyright : Copyright
CompanyName : Creative Technology, Ltd.
FileDescription : This program launches the mixer and configurator.
InternalName : starter
OriginalFilename : starter.exe
ProductName : starter
Created on : 20-08-00 2:16:16 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 26-08-98 11:10:02 AM
#:13 [avgcc32.exe]
FilePath : C:\PROGRAM FILES\GRISOFT\AVG6\
ProcessID : 4294807559
Threads : 1
Priority : Normal
FileSize : 337 KB
FileVersion : 6, 0, 0, 515
ProductVersion : 6, 0, 0, 0
Copyright : Copyright
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC32
OriginalFilename : AvgCC32.EXE
ProductName : AVG Anti-Virus System
Created on : 18-11-03 12:09:40 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 14-11-03 2:00:00 AM
#:14 [smc.exe]
FilePath : C:\PROGRAM FILES\SYGATE\SPF\
ProcessID : 4294740743
Threads : 16
Priority : Normal
FileSize : 2280 KB
FileVersion : 5.5.00.2516
ProductVersion : 5.5.00.2516
Copyright : Copyright
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
OriginalFilename : Smc.EXE
ProductName : Sygate
Created on : 21-10-03 12:36:22 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 21-10-03 12:36:22 PM
#:15 [ddhelp.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294508663
Threads : 2
Priority : Realtime
FileSize : 31 KB
FileVersion : 4.08.01.0881
ProductVersion : 4.08.01.0881
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
OriginalFilename : DDHelp.exe
ProductName : Microsoft
Created on : 27-10-03 7:43:53 AM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 30-10-01 4:10:00 AM
#:16 [slsk.exe]
FilePath : C:\PROGRAM FILES\SOULSEEK\
ProcessID : 4294641987
Threads : 26
Priority : Normal
FileSize : 2684 KB
FileVersion : 0.3.4
ProductVersion : 1, 0, 0, 1
Copyright : Copyright Nir Arbel (C) 2001
FileDescription : SoulSeek
InternalName : SoulSeek
OriginalFilename : UI4.EXE
ProductName : UI4 Application
Created on : 18-11-03 5:07:06 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 18-11-03 5:07:06 PM
#:17 [ad-aware.exe]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\
ProcessID : 4294603227
Threads : 2
Priority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 14-01-04 6:14:06 AM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 12-07-03 6:00:20 PM
Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0
Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0
Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Possible browser hijack attempt : Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigUrlnetsetter.com
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "http://proxycfg.netsetter.com/gencfg.asp?id1=ddLhtLA4NhQ&id2=r3309OnmPe2"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings
Value : AutoConfigUrl
Data : "http://proxycfg.netsetter.com/gencfg.asp?id1=ddLhtLA4NhQ&id2=r3309OnmPe2"
Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 1
Objects found so far: 1
Deep scanning and examining files (C
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Scanning Hosts file(C:\WINDOWS\hosts)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Hosts file scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
1 entries scanned.
New objects :0
Objects found so far: 1
Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 1
7:13:51 PM Scan complete
Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:04:40:10
Objects scanned :37675
Objects identified :1
Objects ignored :0
New objects :1
-------end-----
i hope someone can help me with this one...... thanks |
|
Back to top |
|
|
darklordsarumon9
Warnings : 1
Sergeant
Joined: May 10, 2004
Posts: 94
Location: USA
|
Posted: Sat May 22, 2004 4:12 pm Post subject: i think |
|
|
im not even sure we are talking about the same thing, but if you are talking about your home page then right click on the internet icon and select properties and select the tab general and change your homepage to what u want it to be. im sorry if this had nothing to do with what you were talking about. |
|
Back to top |
|
|
fimoulia
Corporal
Joined: Apr 14, 2004
Posts: 50
Location: Belgium
|
Posted: Sat May 22, 2004 8:06 pm Post subject: |
|
|
raycoolman,
If you are still having a problem and Ad-aware can't coop with it I would recommend to use HijackThis. Ad-aware log looks very long and tireing, doesn't show much of the internal infections (if there are some) and doesn't fix it anyway. HijackThis is a very powerful tool and you have to exercise extreme cautiousness not to wreck your system.
Quote: |
Please, proceed as follows, after reading these messages:
Virus=Read This: http://www.computercops.biz/postt8864.html
HiJack= Read This: http://www.computercops.biz/postt911.html
Download: HiJack This!
Create and Unzip to a folder not your Desktop or the Temp folder, doubleclick HijackThis.exe, and press "Scan".
Unzip the download (using a piece of software like: Winzip)
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log in a text file, and post it in the CCSP "Spyware - Hijack Related" forum:
http://computercops.biz/forum67.html
Most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results. |
|
|
Back to top |
|
|
claire
Site Moderator
Premium Member
Joined: Apr 21, 2002
Posts: 4853
Location: Belgium
|
Posted: Sun May 23, 2004 12:44 am Post subject: |
|
|
Hi Raycoolman,
You should update your refile.Yours is way outdated
_________________
Carpe Diem |
|
Back to top |
|
|
fimoulia
Corporal
Joined: Apr 14, 2004
Posts: 50
Location: Belgium
|
Posted: Tue May 25, 2004 4:50 am Post subject: |
|
|
__ |
|
Back to top |
|
|
fimoulia
Corporal
Joined: Apr 14, 2004
Posts: 50
Location: Belgium
|
Posted: Tue May 25, 2004 4:50 am Post subject: |
|
|
__
Last edited by fimoulia on Tue May 25, 2004 4:57 am, edited 1 time in total |
|
Back to top |
|
|
fimoulia
Corporal
Joined: Apr 14, 2004
Posts: 50
Location: Belgium
|
Posted: Tue May 25, 2004 4:51 am Post subject: |
|
|
It's because this post stays here from April 17 without any reply and the first one came on May 23. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
|
Powered by phpBB 2.0.8a © 2001 phpBB Group
Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
|