The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.
|
 |
|
Dev Shed Forums
> System Administration
> Antivirus Protection
|
IE hijacked spyware
Discuss IE hijacked spyware in the Antivirus Protection forum on Dev Shed. IE hijacked spyware Antivirus Protection forum discussing issues relating to antivirus programs, spyware, hijack protection, and personal firewalls for all operating systems. Keep your systems protected from hackers and other hazards.
|
|
 |
|
|
|
|

Dev Shed Forums Sponsor:
|
|
|

July 15th, 2003, 11:44 PM
|
|
Junior Member
|
|
Join Date: Jul 2003
Posts: 3
Time spent in forums: < 1 sec
Reputation Power: 0
|
|
IE hijacked spyware
MY IE browser has been hijacked. I set the home page and when I reboot, the home page is reset to URL
It is very annoying. PLEASE HELP. I ran HIjackThis on my machine and here are the log results:
Logfile of HijackThis v1.95.0
Scan saved at 12:38:10 AM, on 7/16/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\msrexe.exe
C:\Program Files\Optimum Online\Netsurf.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Shivani\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://%77%77%77%2e%63%6f%6f%6c%77%77%77%73%65%61%72%63%68%2e%63%6f%6d/%7a/%62/%78%31%2e%63%67%69?%33%34%34%30%31%32
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://%77%77%77%2e%63%6f%6f%6c%77%77%77%73%65%61%72%63%68%2e%63%6f%6d/%7a/%63/%78%31%2e%63%67%69?%33%34%34%30%31%32
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://%77%77%77%2e%63%6f%6f%6c%77%77%77%73%65%61%72%63%68%2e%63%6f%6d/%7a/%62/%78%31%2e%63%67%69?%33%34%34%30%31%32
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.nytimes.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://%77%77%77%2e%63%6f%6f%6c%77%77%77%73%65%61%72%63%68%2e%63%6f%6d/%7a/%61/%78%31%2e%63%67%69?%33%34%34%30%31%32
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://%77%77%77%2e%63%6f%6f%6c%77%77%77%73%65%61%72%63%68%2e%63%6f%6d/%7a/%62/%78%31%2e%63%67%69?%33%34%34%30%31%32
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://%77%77%77%2e%63%6f%6f%6c%77%77%77%73%65%61%72%63%68%2e%63%6f%6d/%7a/%62/%78%31%2e%63%67%69?%33%34%34%30%31%32
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://%77%77%77%2e%63%6f%6f%6c%77%77%77%73%65%61%72%63%68%2e%63%6f%6d/%7a/%62/%78%31%2e%63%67%69?%33%34%34%30%31%32
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://%77%77%77%2e%63%6f%6f%6c%77%77%77%73%65%61%72%63%68%2e%63%6f%6d/%7a/%62/%78%31%2e%63%67%69?%33%34%34%30%31%32
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://%77%77%77%2e%63%6f%6f%6c%77%77%77%73%65%61%72%63%68%2e%63%6f%6d/%7a/%62/%78%31%2e%63%67%69?%33%34%34%30%31%32
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://%77%77%77%2e%63%6f%6f%6c%77%77%77%73%65%61%72%63%68%2e%63%6f%6d/%7a/%62/%78%31%2e%63%67%69?%33%34%34%30%31%32
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://%77%77%77%2e%63%6f%6f%6c%77%77%77%73%65%61%72%63%68%2e%63%6f%6d/%7a/%62/%78%31%2e%63%67%69?%33%34%34%30%31%32
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride=localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.msn.com/"); (C:\Documents and Settings\Shivani\Application Data\Mozilla\Profiles\default\tgzvg7yn.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CNetscape%207.1%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Shivani\Application Data\Mozilla\Profiles\default\tgzvg7yn.slt\prefs.js)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - URL
O19 - User stylesheet: C:\WINDOWS\default.css
What should I do?
Thanks
|

July 16th, 2003, 12:07 AM
|
|
Junior Member
|
|
Join Date: Jul 2003
Posts: 3
Time spent in forums: < 1 sec
Reputation Power: 0
|
|
found the solution
I found a softwarethat is made specificallly to kill this spyware. Here's the site:
URL
You need to download CWShredder
Shiv
|

July 16th, 2003, 12:53 AM
|
 |
Second highest poster :p
|
|
|
|
and run AdAware by Lavasoft, its the best. http://www.lavasoft.de/software/adaware/
Also to add to what echolalia posted
e. Don't install programs like Kazaa, Grokster, MusicMatch, etc. These 'ad supported' programs normally come with a heap of spyware.
f. Don't install fake programs like Bozai Buddy and eAnthology.
|

July 16th, 2003, 01:20 AM
|
|
The Dude Abides
|
|
Join Date: Feb 2000
Location: grass valley,ca
Posts: 1,062
Time spent in forums: 1 Day 10 h 1 m 34 sec
Reputation Power: 15
|
|
|
Ahhh spyware, what fun, a.koepke is right use adaware, it will clean that crap off.
The really fun thing about spyware is after awhile and enough combinations of spyware it will completely hose up your internet connection and possibly your network stack.
Fixed two of those today.
Stop installing crap on your computer that you don't specifically know about.
__________________
The Dude
I'm the Dude. So that's what you call me.
That, or Duder, His Dudeness, Or El Duderino.
If, you know, you're not into the whole brevity thing
|

July 16th, 2003, 09:08 AM
|
|
Junior Member
|
|
Join Date: Jul 2003
Posts: 3
Time spent in forums: < 1 sec
Reputation Power: 0
|
|
|
Thanks for all the help guys. What is the browser offering best security? What do you guys use?
|

July 16th, 2003, 09:31 AM
|
 |
Moderator Emeritus
|
|
Join Date: Feb 2002
Location: Scottsdale, AZ
|
|
|

July 16th, 2003, 10:27 AM
|
 |
Second highest poster :p
|
|
|
|
I use Mozilla too  ... but the Seamonkey App Suite release. 1.4 is the last milestone build of it though 
|

July 16th, 2003, 01:37 PM
|
 |
An Ominous Coward
|
|
|
|
|
"Mozilla all the way!" screams Ctb as he posts from his company-mandated Internet Explorer browser.
"Of course", he continues, "it's only fair to point out that on this company-mandated browser I have to browse with images off or risk hosing IE's page-rendering."
I'd like to not for the record, however, that Mozilla is by no means an absolute fortress. It has it's share of bugs and exploits (though, probably not nearly as many as IE), it's just that:
1) They're usually not as serious a risk to privacy / security as IE exploitz are.
2) They're fixed very quickly. Patches are often available in less than half the time it takes Microsoft to post a bulletin telling people that the problem isn't serious (even if that problem can cause the deletion of arbitrary files on your PC just by clicking a link on a webpage).
|

July 16th, 2003, 02:28 PM
|
 |
Perl Monkey
|
|
Join Date: May 2003
Location: the far end of town where the Grickle-grass grows
|
|
|
I'm an Opera 7 fan. I haven't the foggiest what its security situation is, all I know is adware is too stupid to use it. I have GAIN installed with the shareware of DivX5Pro, and it never pops anything up, never bothers me in the least. If I don't use a browser it understands, it can't gather information on me, either.
|
Developer Shed Advertisers and Affiliates
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
Rate This Thread |
Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|