Antivirus Protection
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me

The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.

Go Back   Dev Shed ForumsSystem AdministrationAntivirus Protection

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old May 20th, 2004, 04:25 PM
broxie broxie is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
 
Join Date: May 2004
Posts: 5 broxie User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Hijacked home page

use IE with Windows XP. My normal home page has been hijacked with a message bar reading "about:blank" and a website directory showing up.
I have used Internet Options to "delete history" and also I have loaded my normal home page then "use current" to change to my normal home page. When I re-load IE it goes back to the rogue website. I have run HijackThis, Pest Patrol and Spycatcher but still have the same problem.
What would happen if I took the log from HijackThis and deleted eveything that's in it............?

Last edited by broxie : May 20th, 2004 at 04:34 PM. Reason: other thought

Reply With Quote
  #2  
Old May 20th, 2004, 06:16 PM
Tom Myboy Tom Myboy is offline
Contributing User
Dev Shed Regular (2000 - 2499 posts)
 
Join Date: Aug 2003
Posts: 2,491 Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level)Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level)Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level)Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level)Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level) 
Time spent in forums: 3 Days 20 h 13 m 41 sec
Reputation Power: 18
Your computer would probably not run very well as most of the items in HJT are required for your system to run properly. Post a log so we can see what's going on.

Tom
__________________
HijackThis
Ad-aware
Spybot Search & Destroy
SpywareBlaster
SpywareGuard
Housecall Online A/V Scan

Please read the stickys at the top of the forum before posting!

Reply With Quote
  #3  
Old May 21st, 2004, 05:43 PM
broxie broxie is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
 
Join Date: May 2004
Posts: 5 broxie User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Hijacked home page

Logfile of HijackThis v1.97.7
Scan saved at 7:42:56 PM, on 5/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\U.S. Robotics\SureConnect ADSL Modem\SureConnect ADSL Utility\USRSureConnect.exe
C:\Program Files\MailWasher Pro\MailWasher.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\William Storie\Local Settings\Temp\Temporary Directory 7 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
N2 - Netscape 6: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\William Storie\Application Data\Mozilla\Profiles\default\4gpilwe3.slt\prefs.js)
O1 - Hosts: 216.73.89.11 explore1.llbean.com
O1 - Hosts: 209.185.162.204 i.ivillage.co.uk
O1 - Hosts: 209.185.162.149 ivillage.co.uk
O1 - Hosts: 64.49.221.121 livescore.com
O1 - Hosts: 212.58.240.145 news.bbc.co.uk
O1 - Hosts: 192.0.34.129 reports.internic.net
O1 - Hosts: 207.46.156.60 v4.windowsupdate.microsoft.com
O1 - Hosts: 69.20.54.171 vivisimo.com
O1 - Hosts: 207.46.249.57 windowsupdate.microsoft.com
O1 - Hosts: 80.5.176.102 world.rangers.premiumtv.co.uk
O1 - Hosts: 65.77.217.160 www.1234-find-web-designers.org
O1 - Hosts: 207.44.176.88 www.2-freespywareremoval.com
O1 - Hosts: 217.154.146.33 www.accountingeducation.com
O1 - Hosts: 192.150.18.60 www.adobe.com
O1 - Hosts: 65.242.185.67 www.aicpa.org
O1 - Hosts: 207.171.166.149 www.amazon.co.uk
O1 - Hosts: 207.171.163.90 www.amazon.com
O1 - Hosts: 216.22.0.2 www.askmen.com
O1 - Hosts: 66.111.44.182 www.basictgp.com
O1 - Hosts: 12.107.161.210 www.bdo.com
O1 - Hosts: 66.102.130.21 www.bermuda.e-moo.com
O1 - Hosts: 64.207.134.91 www.bermynet.com
O1 - Hosts: 64.62.149.102 www.biopet.com
O1 - Hosts: 4.38.75.43 www.bydesign.com
O1 - Hosts: 64.94.191.3 www.cfo.com
O1 - Hosts: 155.201.224.39 www.cfodirect.com
O1 - Hosts: 64.236.24.12 www.cnn.com
O1 - Hosts: 66.2.87.13 www.copyleft.net
O1 - Hosts: 63.240.15.209 www.corel.com
O1 - Hosts: 216.254.0.118 www.cpeonline.com
O1 - Hosts: 194.159.245.16 www.cummings.demon.co.uk
O1 - Hosts: 69.57.156.225 www.cybertechhelp.com
O1 - Hosts: 192.216.159.159 www.dineoutfreetoday.com
O1 - Hosts: 66.98.154.60 www.enigmasoftwaregroup.com
O1 - Hosts: 128.6.72.72 www.fasb.org
O1 - Hosts: 209.51.177.22 www.foxsportsworld.com
O1 - Hosts: 216.239.41.104 www.google.com
O1 - Hosts: 143.231.86.196 www.house.gov
O1 - Hosts: 202.85.125.77 www.iasplus.com
O1 - Hosts: 192.0.34.163 www.icann.org
O1 - Hosts: 192.0.34.161 www.internic.com
O1 - Hosts: 65.126.254.23 www.llbean.com
O1 - Hosts: 216.74.165.68 www.marthastewart.com
O1 - Hosts: 217.199.166.5 www.medicdirect.co.uk
O1 - Hosts: 207.46.144.222 www.microsoft.com
O1 - Hosts: 206.151.164.31 www.oldnavy.com
O1 - Hosts: 207.44.246.74 www.portmeirion.co.uk
O1 - Hosts: 80.5.176.140 www.rangers.premiumtv.co.uk
O1 - Hosts: 65.205.249.60 www.verisign.com
O1 - Hosts: 208.234.17.105 www.vetinfo.com
O1 - Hosts: 63.123.46.33 www.victoriassecret.com
O1 - Hosts: 199.172.192.172 www.weather.bm
O1 - Hosts: 192.220.116.222 www.webcom.com
O1 - Hosts: 192.220.116.62 www.wrsl.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7FF08339-888E-4489-A055-BE72F8FD0CC4} - C:\WINDOWS\mrhop.dll
O2 - BHO: (no name) - {A8169881-0639-4E54-B1B1-3D55787CE5D3} - C:\WINDOWS\System32\inetcbfg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\PROGRA~1\PESTPA~1\ppclean.exe" clean ts:20040520182753484 cws 2 2 2
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RealDownload Plus.lnk = C:\Program Files\Real\RealDownload\RealDownload.exe
O4 - Global Startup: U.S. Robotics SureConnect ADSL Utility.lnk = ?
O9 - Extra button: Popup Eliminator (HKLM)
O9 - Extra 'Tools' menuitem: Popup Eliminator (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: symsupportutil - https://www-secure.symantec.com/tec...supportutil.CAB
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{17B95F96-6BAB-4660-933A-9CBC9CC514C3}: NameServer = 199.172.192.3 199.172.192.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{17B95F96-6BAB-4660-933A-9CBC9CC514C3}: NameServer = 199.172.192.3 199.172.192.4

Reply With Quote
  #4  
Old May 25th, 2004, 10:46 PM
Tom Myboy Tom Myboy is offline
Contributing User
Dev Shed Regular (2000 - 2499 posts)
 
Join Date: Aug 2003
Posts: 2,491 Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level)Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level)Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level)Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level)Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level) 
Time spent in forums: 3 Days 20 h 13 m 41 sec
Reputation Power: 18
Trying to play catch-up here. If you still have the problem, let's start with this:

Download this file from http://downloads.subratam.org/dllfix.exe .

Preferably to Desktop. Double click on it and it being a self -extractor, will create its own folder. Run Start.Bat from there. Run Option 1. which is "Run Find-All... ". Let it complete and there will be a pop-up window with a log.
Post that log here.

Tom

Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationAntivirus Protection > Hijacked home page

Developer Shed Advertisers and Affiliates



Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 


Powered by: vBulletin Version 3.0.5
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap