Antivirus Protection
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsSystem AdministrationAntivirus Protection
Reload this Page

omg!! search2web hijacked my other comp too!

Discuss omg!! search2web hijacked my other comp too! in the Antivirus Protection forum on Dev Shed.
omg!! search2web hijacked my other comp too! Antivirus Protection forum discussing issues relating to antivirus programs, spyware, hijack protection, and personal firewalls for all operating systems. Keep your systems protected from hackers and other hazards.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old July 26th, 2004, 11:05 AM
ekb111 ekb111 is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jul 2004
Posts: 9 ekb111 User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Unhappy omg!! search2web hijacked my other comp too!
this is crazy people. i need some help bad. the hijackthis log is below.

Logfile of HijackThis v1.97.7
Scan saved at 12:02:57 AM, on 7/27/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Java\j2re1.4.2\bin\jusched.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Scroll Mouse\gnetmous.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Kazaa Lite2\kazaalite.kpp
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MagicKey\MagicKey.exe
C:\Program Files\MagicKey\OSD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Messenger\ycomp5_1_6_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {10F2A055-FE84-0091-9EA2-7FAE7861A63E} - C:\PROGRA~1\UPLOAD~1\Helpante.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Messenger\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\Scroll Mouse\gnetmous.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sys] regedit /s C:\WINDOWS\sys.reg
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite2\kpp.exe" "C:\Program Files\Kazaa Lite2\kazaalite.kpp" /SYSTRAY
O4 - HKLM\..\Run: [drv part] C:\PROGRA~1\LOGOHO~1\Up about type.exe
O4 - HKLM\..\Run: [metagreyheartacid] C:\Documents and Settings\All Users\Application Data\Open settings meta grey\SafeActive.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Versato] "C:\Program Files\MagicKey\MagicRun.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...director/sw.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://netvenda.com/sites/games-intl/tw/games3.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...7765.8980439815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab

e-mail me @ chnzpandaboi@hotmail.com

i would really appreciate this.
Reply With Quote
  #2  
Old July 26th, 2004, 11:07 AM
ekb111 ekb111 is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jul 2004
Posts: 9 ekb111 User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
actually a post here or e-mail would definitely be helpful
Reply With Quote
  #3  
Old July 28th, 2004, 04:57 AM
ekb111 ekb111 is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jul 2004
Posts: 9 ekb111 User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
this is a hijackthis 1.98 log. if someone is out there, please help me

Logfile of HijackThis v1.98.0
Scan saved at 11:54:17 AM, on 7/27/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Java\j2re1.4.2\bin\jusched.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Scroll Mouse\gnetmous.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kazaa Lite2\kazaalite.kpp
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MagicKey\MagicKey.exe
C:\Program Files\MagicKey\OSD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Messenger\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {10F2A055-FE84-0091-9EA2-7FAE7861A63E} - C:\PROGRA~1\UPLOAD~1\Helpante.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Messenger\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\Scroll Mouse\gnetmous.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sys] regedit /s C:\WINDOWS\sys.reg
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite2\kpp.exe" "C:\Program Files\Kazaa Lite2\kazaalite.kpp" /SYSTRAY
O4 - HKLM\..\Run: [drv part] C:\PROGRA~1\LOGOHO~1\Up about type.exe
O4 - HKLM\..\Run: [metagreyheartacid] C:\Documents and Settings\All Users\Application Data\Open settings meta grey\SafeActive.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Versato] "C:\Program Files\MagicKey\MagicRun.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://netvenda.com/sites/games-intl/tw/games3.cab
O18 - Filter: text/html - {7CECB31D-E961-46DC-87CF-A8BF0ABE4F11} - C:\Documents and Settings\Kiki\Local Settings\Application Data\microsoft\internet explorer\V0.15.dat
Reply With Quote
  #4  
Old August 1st, 2004, 11:05 AM
ekb111 ekb111 is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jul 2004
Posts: 9 ekb111 User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
er why does my latest post keep on getting deleted.
Reply With Quote
  #5  
Old August 1st, 2004, 02:41 PM
edwinbrains's Avatar
edwinbrains edwinbrains is offline
Retired Moderator
Dev Shed God 4th Plane (6500 - 6999 posts)
  
Join Date: Jan 2004
Location: London, UK
Posts: 6,670 edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)  Folding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced Folder
Time spent in forums: 1 Week 6 Days 23 h 39 m 19 sec
Reputation Power: 92
Quote:
Originally Posted by ekb111
er why does my latest post keep on getting deleted.

Because you keep on bumping just one day after the last post. Please give people time to find your log and help. If you don't get help after a week or so, then bump.
__________________
- Edwin -

The General Rules Thread | The General FAQ Thread
Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationAntivirus Protection > omg!! search2web hijacked my other comp too!

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 1 hosted by Hostway
Stay green...Green IT