SunQuest
           Antivirus Protection
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsSystem AdministrationAntivirus Protection
Reload this Page

My ie explorer is hijacked!!!!!

Discuss My ie explorer is hijacked!!!!! in the Antivirus Protection forum on Dev Shed.
My ie explorer is hijacked!!!!! Antivirus Protection forum discussing issues relating to antivirus programs, spyware, hijack protection, and personal firewalls for all operating systems. Keep your systems protected from hackers and other hazards.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
Be the architects of evolution and help create the mobile internet future. It’s your move---enter to win here!
  #1  
Old July 11th, 2004, 07:27 AM
cgu cgu is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jul 2004
Posts: 7 cgu User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Exclamation My ie explorer is hijacked!!!!!
hi all,
when i click some submit button or links, my IE generation some pop ups to some sites like casino sites with some security warnings. the nslookup says the IP is related to netvenda.com or some thing similar. It doesnt happens all times, but occassionaly happens. its very anoying what to do??? my HijackThis log is given below:

Logfile of HijackThis v1.98.0
Scan saved at 5:52:20 PM, on 7/11/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Oracle\Ora81\BIN\OWASTSVR.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\snmptrap.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Real\RealOne Player\realplay.exe
F:\Program Files\Real\RealJukebox\tsystray.exe
D:\Program Files\Winamp3\winampa.exe
D:\program files\QuickTime\qttask.exe
C:\Program Files\Screendragon VS5\VS5 Taskbar.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
D:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\wuauclt.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINNT\system32\taskmgr.exe
C:\WINNT\system32\mspaint.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\explorer.exe
F:\zam\Hijack This\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.media-search.net/nph-...k=sbar1_srchbtn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.media-search.net/nph-...ook=stmpl1&find=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redi...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.media-search.net/nph-...ook=stmpl1&find=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.media-search.net/nph-...k=sbar1_srchbtn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.media-search.net/nph-...ook=stmpl1&find=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redi...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.media-search.net/nph-...ook=stmpl1&find=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.media-search.net/nph-...ook=stmpl1&find=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.media-search.net/nph-...ook=stmpl1&find=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hhttp://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.real.com/products/realon...rp8bpBG_v1.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\Program Files\se\v11\se.DLL
O1 - Hosts file is located at: C:\WINNT\nsdb\hosts
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com
O2 - BHO: WebBho Class - {00041A26-7033-432C-94C7-6371DE343822} - C:\Program Files\se\v11\se.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: MediaPops Class - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\Program Files\MediaLoads Enhanced\ME2.DLL
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [RealTray] f:\Program Files\Real\RealOne Player\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [RealJukeboxSystray] "f:\Program Files\Real\RealJukebox\tsystray.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [Media-Search] "C:\Program Files\msnet\v9\msnet.EXE" /H
O4 - HKLM\..\Run: [Search-Exe] "C:\Program Files\se\v11\se.EXE" /H
O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SDTaskbar] "C:\Program Files\Screendragon VS5\VS5 Taskbar.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RealDownload.lnk = F:\Program Files\Real\RealDownload\Realdownload.exe
O4 - Global Startup: RtlWake.lnk = C:\Program Files\Realtek\Rtl8180\RtlWake.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yah.../ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yah...utocomplete.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -



O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - C:\WINNT\system32\xplugin.dll
Reply With Quote
  #2  
Old July 16th, 2004, 04:14 PM
cgu cgu is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jul 2004
Posts: 7 cgu User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Angry
Hey,

None checks the log?????
Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationAntivirus Protection > My ie explorer is hijacked!!!!!

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 4 hosted by Hostway