New User? Need help? Click here to register for free! Registering removes the advertisements.

Computer Cops
image image image image image image image image
Donations
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
image
Prime Choice
· Head Lines
· Advisories (All)
· Dnld of the Week!
· CCSP News Ltrs
· Find a Cure!
· Ian T's (AR 24)
· Marcia's (CO8)
· Bill G's (CO12)
· Paul's (AR 5)
· Robin's (AR 2)
· Ian T's Archive
· Marcia's Archive
· Bill G's Archive
· Paul's Archive
· Robin's Archive
image
Security Central
· Home
· Wireless
· Bookmarks
· CLSID
· Columbia
· Community
· Downloads
· Encyclopedia
· Feedback (send)
· Forums
· Gallery
· Giveaways
· HijackThis
· Journal
· Members List
· My Downloads
· PremChat
· Premium
· Private Messages
· Proxomitron
· Quizz
· RegChat
· Reviews
· Google Search
· Sections
· Software
· Statistics
· Stories Archive
· Submit News
· Surveys
· Top
· Topics
· Web Links
· Your Account
image
CCSP Toolkit
· Email Virus Scan
· UDP Port Scanner
· TCP Port Scanner
· Trojan TCP Scan
· Reveal Your IP
· Algorithms
· Whois
· nmap port scanner
· IPs Banned [?]
image
Survey
How much can you give to keep Computer Cops online?
$10 up to $25 per year?
$25 up to $50 per year?
$10 up to $25 per month?
$25 up to $50 per month?
More than $50 per year?
More than $50 per month?
One time only?
Other (please comment)



Results
Polls

Votes: 1211
Comments: 21
image
Translate
English German French
Italian Portuguese Spanish
Chinese Greek Russian
image
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin   Your Favorite ForumsFavForums 

browser hijack problem

 
Post new topic   Reply to topic       All -> FavForums -> Spyware Tools
View previous topic :: View next topic  
Author Message
raycoolman

Cadet
Cadet



Joined: Apr 17, 2004
Posts: 3
Location: Oman
PostPosted: Sat Apr 17, 2004 2:33 am    Post subject: browser hijack problem
Reply with quote
i constanlty keep having the same broser hijack problem. i run both adaware and S&D. each time i run adaware i always have the same broser hijack. it never goes away. here is my adaware log:

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :15 April, 2004 7:09:11 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R290 13.04.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R290 13.04.2004
Internal build : 220
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\reflist.ref
Total size : 1031549 Bytes
Signature data size : 1013615 Bytes
Reference data size : 17870 Bytes
Signatures total : 22833
Target categories : 10
Target families : 445

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium II
Memory available:0 %
Total physical memory:64996 kb
Available physical memory:452 kb
Total page file size:272032 kb
Available on page file:184936 kb
Total virtual memory:2093056 kb
Available virtual memory:2048128 kb
OS:Windows (9Cool

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file


15-04-04 7:09:11 PM - Scan started. (Smart mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [kernel32.dll]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293863231
Threads : 6
Priority : High
FileSize : 460 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1991-1998
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
OriginalFilename : KERNEL32.DLL
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 18-11-03 12:54:33 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 11-05-98 4:01:00 PM

#:2 [msgsrv32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294930499
Threads : 1
Priority : Normal
FileSize : 11 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
OriginalFilename : MSGSRV32.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 18-11-03 12:55:24 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 11-05-98 4:01:00 PM

#:3 [mprexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294928339
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
OriginalFilename : MPREXE.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 18-11-03 12:55:24 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 11-05-98 4:01:00 PM

#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294926223
Threads : 1
Priority : Normal
FileSize : 1 KB
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
OriginalFilename : mmtask.tsk
ProductName : Microsoft Windows
Created on : 18-11-03 12:56:17 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 11-05-98 4:01:00 PM

#:5 [avgserv9.exe]
FilePath : C:\PROGRAM FILES\GRISOFT\AVG6\
ProcessID : 4294949163
Threads : 2
Priority : Normal
FileSize : 20 KB
FileVersion : 6.0.1.374
ProductVersion : 6.0.1.374
Copyright : Copyright (c) GRISOFT, s.r.o. 1998-2002
CompanyName : GRISOFT, s.r.o
FileDescription : AvgServ - displays notification message
InternalName : AvgServ
OriginalFilename : AvgServ
ProductName : AVG6
Created on : 18-11-03 12:09:40 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 14-11-03 2:00:00 AM

#:6 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294955135
Threads : 8
Priority : Normal
FileSize : 176 KB
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
Copyright : Copyright (C) Microsoft Corp. 1981-1997
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows NT(R) Operating System
Created on : 18-11-03 12:55:19 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 11-05-98 4:01:00 PM

#:7 [rnaapp.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294877667
Threads : 3
Priority : Normal
FileSize : 44 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
OriginalFilename : RNAAPP.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 18-11-03 12:57:53 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 11-05-98 4:01:00 PM

#:8 [tapisrv.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294872651
Threads : 5
Priority : Normal
FileSize : 120 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1994-1998
CompanyName : Microsoft Corporation
FileDescription : Microsoft
InternalName : Telephony Service
OriginalFilename : TAPISRV.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 18-11-03 12:55:30 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 11-05-98 4:01:00 PM

#:9 [taskmon.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294778279
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1998
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
OriginalFilename : TASKMON.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 18-11-03 12:55:31 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 11-05-98 4:01:00 PM

#:10 [systray.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294772263
Threads : 1
Priority : Normal
FileSize : 36 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
OriginalFilename : SYSTRAY.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 18-11-03 12:55:30 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 11-05-98 4:01:00 PM

#:11 [loadqm.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294841203
Threads : 3
Priority : Normal
FileSize : 7 KB
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
OriginalFilename : LOADQM.EXE
ProductName : QMgr Loader
Created on : 03-05-00 1:23:10 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 03-05-00 1:23:10 PM

#:12 [starter.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294811943
Threads : 1
Priority : Normal
FileSize : 22 KB
FileVersion : 3.00.00
ProductVersion : 3.00.00
Copyright : Copyright
CompanyName : Creative Technology, Ltd.
FileDescription : This program launches the mixer and configurator.
InternalName : starter
OriginalFilename : starter.exe
ProductName : starter
Created on : 20-08-00 2:16:16 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 26-08-98 11:10:02 AM

#:13 [avgcc32.exe]
FilePath : C:\PROGRAM FILES\GRISOFT\AVG6\
ProcessID : 4294807559
Threads : 1
Priority : Normal
FileSize : 337 KB
FileVersion : 6, 0, 0, 515
ProductVersion : 6, 0, 0, 0
Copyright : Copyright
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC32
OriginalFilename : AvgCC32.EXE
ProductName : AVG Anti-Virus System
Created on : 18-11-03 12:09:40 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 14-11-03 2:00:00 AM

#:14 [smc.exe]
FilePath : C:\PROGRAM FILES\SYGATE\SPF\
ProcessID : 4294740743
Threads : 16
Priority : Normal
FileSize : 2280 KB
FileVersion : 5.5.00.2516
ProductVersion : 5.5.00.2516
Copyright : Copyright
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
OriginalFilename : Smc.EXE
ProductName : Sygate
Created on : 21-10-03 12:36:22 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 21-10-03 12:36:22 PM

#:15 [ddhelp.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294508663
Threads : 2
Priority : Realtime
FileSize : 31 KB
FileVersion : 4.08.01.0881
ProductVersion : 4.08.01.0881
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
OriginalFilename : DDHelp.exe
ProductName : Microsoft
Created on : 27-10-03 7:43:53 AM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 30-10-01 4:10:00 AM

#:16 [slsk.exe]
FilePath : C:\PROGRAM FILES\SOULSEEK\
ProcessID : 4294641987
Threads : 26
Priority : Normal
FileSize : 2684 KB
FileVersion : 0.3.4
ProductVersion : 1, 0, 0, 1
Copyright : Copyright Nir Arbel (C) 2001
FileDescription : SoulSeek
InternalName : SoulSeek
OriginalFilename : UI4.EXE
ProductName : UI4 Application
Created on : 18-11-03 5:07:06 PM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 18-11-03 5:07:06 PM

#:17 [ad-aware.exe]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\
ProcessID : 4294603227
Threads : 2
Priority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 14-01-04 6:14:06 AM
Last accessed : 14-04-04 8:00:00 PM
Last modified : 12-07-03 6:00:20 PM

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Possible browser hijack attempt : Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigUrlnetsetter.com

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "http://proxycfg.netsetter.com/gencfg.asp?id1=ddLhtLA4NhQ&id2=r3309OnmPe2"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings
Value : AutoConfigUrl
Data : "http://proxycfg.netsetter.com/gencfg.asp?id1=ddLhtLA4NhQ&id2=r3309OnmPe2"


Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 1
Objects found so far: 1

Deep scanning and examining files (CSmile
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Scanning Hosts file(C:\WINDOWS\hosts)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Hosts file scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
1 entries scanned.
New objects :0
Objects found so far: 1

Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 1

7:13:51 PM Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:04:40:10
Objects scanned :37675
Objects identified :1
Objects ignored :0
New objects :1

-------end-----

i hope someone can help me with this one...... thanks
Back to top
View users profile Send private message
darklordsarumon9
Warnings : 1
Sergeant
Sergeant



Joined: May 10, 2004
Posts: 94
Location: USA
PostPosted: Sat May 22, 2004 4:12 pm    Post subject: i think
Reply with quote
im not even sure we are talking about the same thing, but if you are talking about your home page then right click on the internet icon and select properties and select the tab general and change your homepage to what u want it to be. im sorry if this had nothing to do with what you were talking about.
Back to top
View users profile Send private message AIM Address
fimoulia

Corporal
Corporal



Joined: Apr 14, 2004
Posts: 50
Location: Belgium
PostPosted: Sat May 22, 2004 8:06 pm    Post subject:
Reply with quote
raycoolman,

If you are still having a problem and Ad-aware can't coop with it I would recommend to use HijackThis. Ad-aware log looks very long and tireing, doesn't show much of the internal infections (if there are some) and doesn't fix it anyway. HijackThis is a very powerful tool and you have to exercise extreme cautiousness not to wreck your system.
Quote:
Please, proceed as follows, after reading these messages:

Virus=Read This: http://www.computercops.biz/postt8864.html
HiJack= Read This: http://www.computercops.biz/postt911.html

Download: HiJack This!

Create and Unzip to a folder not your Desktop or the Temp folder, doubleclick HijackThis.exe, and press "Scan".
Unzip the download (using a piece of software like: Winzip)


When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log in a text file, and post it in the CCSP "Spyware - Hijack Related" forum:

http://computercops.biz/forum67.html


Most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
Back to top
View users profile Send private message
claire

Site Moderator
Site Moderator
Premium Member
Premium Member


Joined: Apr 21, 2002
Posts: 4887
Location: Belgium
PostPosted: Sun May 23, 2004 12:44 am    Post subject:
Reply with quote
Hi Raycoolman,

You should update your refile.Yours is way outdated Wink
_________________
Carpe Diem
Back to top
View users profile Send private message
fimoulia

Corporal
Corporal



Joined: Apr 14, 2004
Posts: 50
Location: Belgium
PostPosted: Tue May 25, 2004 4:50 am    Post subject:
Reply with quote
__
Back to top
View users profile Send private message
fimoulia

Corporal
Corporal



Joined: Apr 14, 2004
Posts: 50
Location: Belgium
PostPosted: Tue May 25, 2004 4:50 am    Post subject:
Reply with quote
__

Last edited by fimoulia on Tue May 25, 2004 4:57 am, edited 1 time in total
Back to top
View users profile Send private message
fimoulia

Corporal
Corporal



Joined: Apr 14, 2004
Posts: 50
Location: Belgium
PostPosted: Tue May 25, 2004 4:51 am    Post subject:
Reply with quote
It's because this post stays here from April 17 without any reply and the first one came on May 23.
Back to top
View users profile Send private message
Display posts from previous:   
Post new topic   Reply to topic       All -> FavForums -> Spyware Tools All times are GMT - 5 Hours
Page 1 of 1

 
 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB 2.0.8a © 2001 phpBB Group

Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
Home · Topics · Submit News · Top 10
This entire site, Cops Themes, and Computer Cops are İ 2002 - 2004 Computer Cops, LLC. All rights reserved.
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Acceptable Use Policy. Use signifies your agreement.
Engine Copyright İ 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member.
Paul Laudanski, Member of Computer Cops, LLC
Server Load: 1538 pages served in previous 5 minutes. Page Rendered: 0.577 seconds.