moniker.com - can't get rid of them!

Basic example of my issue - I used to be able to type in "adsense" in the url line, and it would take me directly to the adsense login. (similar to Google's "I'm feeling lucky") Again, only an elementary example. It's not the only issue, just a good place to start.

Now, I keep getting a page from moniker.com in my web browser, and I don't want anything to do with this site. They are annoying me beyond belief.

How can I ban my browser from viewing this site, without returning a banned site message? Did they set a cookie? (I can't find it)

Ran adware and spyware checkers, found nothing that would be the moniker problem.

Thank you.

My other post still stands

It didn't work, and still doesn't...

Oh I'm sorry, I didn't see where you said you had run it already.

I'll tell you what I'd do. I would open up regedit.exe and find (Ctrl+F) anything with 'moniker.com' in it and delete it.

Disclaimer: If you decide to do as I would do, be warned that doing the wrong thing in the registry can severly break your installation of Windows. Follow my advice at your own risk.

hello solid7,

It sounds like your browser has been hijacked. That means that there are certain entiies that have been created in your registry that are preventing you from surfing the way you want. You may or maynot have more malware on your system.Since adaware and spybot came out clean i suspect that your system is probably clean. But to be surem and to help us solve your problem please download a free utillity Hijackthis form the link below. Unzip it to a permanent location on your comuter. Run it, and save a log. post the entire log in your next posts here. We can then try and direct you to which entries should be removed form your system to get you back to normal

Hijackthis : http://www.majorgeeks.com/download3155.html

I already have HijackThis - just never figured that this board would handle it, and the Tom Coyote forums are swamped. Last log never got checked. (imagine that)

Anyway, here it is...

Logfile of HijackThis v1.99.1
Scan saved at 11:06:18 AM, on 6/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\IFOR\WIN\BIN\I4GDB.EXE
C:\IFOR\WIN\BIN\I4LMD.EXE
C:\WINDOWS\system32\CMD.EXE
C:\IFOR\WIN\BIN\i4ls.exe
C:\WINDOWS\system32\CMD.EXE
C:\IFOR\WIN\BIN\i4ls.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Total Training\VW Photoshop CS2\VPSCS2.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Norton Internet Security\ccEmFlSv.exe
C:\Documents and Settings\USER3\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://drudgereport.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM Central Registry License Server (IBM LUM CR) - IBM - C:\IFOR\WIN\BIN\I4GDB.EXE
O23 - Service: IBM Network License Server (IBM LUM LMD) - IBM - C:\IFOR\WIN\BIN\I4LMD.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

hello,

well Tom Coyote's is the one of the best places for parsing a hijackthis log, but we do try . Unfortunately we are a bit strung out here as well. Besides Tom Myboy, we have few other members capable of parsing a hijackthis log. I myself went over your log as best i could i could not find any entries that were malware. Nor could i find any entires directly related to the www.moniker.com website you stated.

I believe you could have the following possible cases:
1) either adsense has recently changed its ip and moniker has got its old one. In this case your DNS server should have updated by now. It is very suprising that it has not, and highly unlikely. None the less you could run the "ipconfig /flushdns" command and then try again.

2) ww.moniker.com website ip has been wrongly assigned in your hosts file located in your windows directory under the following "system32\drivers\etc\". Check your hosts file for such an entry. you could just block monikers website by adding the following line
127.0.0.1 www.moniker.com
or use this file to fix a static ip address for the adsense website you wish to visit.

well i hope this helps. keep checking this thread regularily to see if soemone else has picked up somethin in your log that i have missed.
cheers

OK, thanks for your reply.

I don't need Adsense specifically, but this moniker.com comes up for anything that is specified in a URL line search. Sometimes it comes up if full URLs are not spelled out, or if just the domain is entered.

I'll try the hosts file.

I put that IP in under my localhosts entry?

Well, moniker is gone, thanks to nothing that I did.

But guess what? Today we have "seek2.com" doing the same thing that made me hate moniker.com

What the hell is going on? What sort of new evil hijack is this?

I am using Mozilla firefox. This problem is happening on my AIX machine, as well, which has NEVER downloaded anything off of the internet.

It seems this is related to something outside of my control. (perhaps)

How? Why?

Ok first of download
CWShredder and run it and see what it finds.
http://www.intermute.com/spysubtrac...r_download.html

Check the following link and tell me if the image shown in it is similar to what you are seeing.
http://vil.mcafeesecurity.com/vil/content/v_130966.htm

If not please donwload the following software and post the logs here. This may help figure out whats going on.

Dllcompare
http://downloads.subratam.org/DllCompare.exe
Start the Program with and click the Run Locate.com - be sure the \Windows\System32 directory is selected by the box. It takes a bit so please wait.
After this Click the Compare button to start the next process. The results appear in two panes the first ebing those that exist, the lower pane showing those that were not accessable. When the Compare scan is complete there shouldnt be a lot of entries left. For the remaining entries, do a rt click and rescan. This causes the windows find to look them up. if its there, it will be removed form the list. make a log and then post the log please.

Silent Runners
http://www.silentrunners.org/Silent%20Runners.vbs

while you are at it also post a log from this program
http://home.comcast.net/~rand1038/v...rviceFilter.zip

1. Nothing with CW Shredder.

===

2. McAfee - Not exactly the same image. Could not find any of the files

====

3.

* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM32\msstkprp.dll Thu Apr 5 2001 1:43:20p A.S.R 94,208 92.00 K
________________________________________________

1,322 items found: 1,322 files (1 H/S), 0 directories.
Total of file sizes: 287,549,308 bytes 274.23 M

Administrator Account = True

--------------------End log---------------------


===

4. Service Filter - nothing out of the ordinary here.

could you try an post a screen shot of your problem.. from what i can see this seems to be a new kind of infection.