|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Generate data entry and reporting .NET Web apps in minutes, straight from your database. Read our FREE whitepaper “Build Web 2.0 Applications Without Hand-Coding” Download now! |
|
#1
May 3rd, 2004, 07:29 PM
|
|||
|
|||
|
Help Requested: Hijacked IE frontpage to citi.com
Help Requested:
My IE (6.0) front page is hijacked to citi.com and I have run every spy removal service available, in which none has removed this ugly, turncoat website citi.com Anyone that has the knowledge to help me with this trojan, please do. The following is my HijackThis log file: ---- Logfile of HijackThis v1.97.7 Scan saved at 8:37:23 PM, on 5/3/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\atiptaxx.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\program files\steam\steam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\mIRC\mirc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Backup\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = URL R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = URL R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = PElmers IE O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: AIM (HKLM) O9 - Extra button: PartyPoker.com (HKLM) O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - URL O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - URL O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - URL O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - URL O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - URL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - URL
|
|
| Viewing: Dev Shed Forums > System Administration > Antivirus Protection > Help Requested: Hijacked IE frontpage to citi.com |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
