|
-
August 3rd, 2003, 09:19 AM
#1
hijacked and screwed!!!
o someone please help!! was hijacked by ewebsearch (very nasty, more on this later)and now my computer is very sick!
problems:
IE>tools>internet options: no access, the following message pop ups: "restriction: this operation has been cancelled due to restriction on this computer. contact system administrator."
start>settings>control panel>internet options: the ability to reset home page is grayed out.
my computer>system info>internet: my IP address is not there anymore.
try to download ANY software proggies for trojan/spyware/hijack detectors and i'm not allowed, error 403,
have run: NAV 2003,
Ad-Aware,
SpyBot, nothing found.
all are updated and current.
ZA Pro found nothing,
Did remove 3 offending lines in reg, HKLU.
Reset IE via Add/Remove.
Tried to sign up @ SpyWareInfo forum and cannot get a response, they say within ten minutes, has been 45 minutes.
something weird going on here, and i'm at my wits end!!
Last edited by wojo629; August 3rd, 2003 at 10:53 AM.
-
August 3rd, 2003, 10:33 AM
#2
You cannot d/l Hijack this? http://www.tomcoyote.org/hjt/
Not aware of any signup problems......you can post at SWI as a guest...without signing up..if you're unable....http://www.spywareinfo.com/forums/index.php?s=
------>Spyware and Hijackware Removal Support
Last edited by discogail; August 3rd, 2003 at 10:36 AM.
-
August 3rd, 2003, 10:50 AM
#3
negative, cannot dl, error 403.
-
August 3rd, 2003, 10:59 AM
#4
How bout this? Didn't work
Last edited by discogail; August 3rd, 2003 at 11:20 AM.
-
August 3rd, 2003, 11:07 AM
#5
once again, nope, error 403.....what the !@#@$ is going on here? seem to be locked out of dl'ing.....no validation from SpyWareInfo yet....so very strange!!
-
August 3rd, 2003, 11:13 AM
#6
i just saw you over there .....you were listed on the bottom of the page as being there...as a member../being validated. No email yet? Post as a guest.....
If your email is working...& want to/PM me here at VDR..& let me know where to send it..I will send you Hijack This.
Last edited by discogail; August 3rd, 2003 at 11:25 AM.
-
August 3rd, 2003, 12:27 PM
#7
just in case you need any instructions.....To start the scan, Click the Scan button on the left. after the scan the Scan Button has a new Caption. Save Log. Click the Save Log button to create a file named Hijackthis.log. A dialog box will pop up. Use it to select the location where you will save the log. Close the program. Open the Log in Notepad. Highlight the entire contents. Copy and paste the contents of the HijackThis log into your post.
-
August 3rd, 2003, 12:59 PM
#8
have you used the immunize functions in Spybot? go to the "Immunize" section. Is "Lock IE Start Page Settings" ticked?
If so, uncheck it. clear the "Lock .." boxes
Last edited by discogail; August 3rd, 2003 at 01:04 PM.
-
August 3rd, 2003, 01:03 PM
#9
Logfile of HijackThis v1.96.0
Scan saved at 13:03:08, on 8/3/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\EVIDENCE ELIMINATOR\EE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ewebsearch.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Evidence Eliminator] C:\PROGRAM FILES\EVIDENCE ELIMINATOR\ee.exe /m
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...593.7216666667
there, that worked....i think i see the probs...06...???..yes ? no?
-
August 3rd, 2003, 01:10 PM
#10
Close all other browser windows.....put a check in the box next to:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ewebsearch.net/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Click "Fix Checked"
Smile....& dance the funky chicken on your front porch (optional)
..reboot
Is this by choice: ? C:\PROGRAM FILES\EVIDENCE ELIMINATOR
Last edited by discogail; August 3rd, 2003 at 03:01 PM.
-
August 3rd, 2003, 06:12 PM
#11
"Dreams are born in your heart and in your mind, only there can they ever die." - Art Berg
-
August 3rd, 2003, 06:36 PM
#12
Evidence Eliminator ? 
Wouldn't give that piece of s**t to my worst enemy .
I'd visit a Chinese warez site with no firewall, no antivirus, low security settings and all active x settings set to ok before I would load that ... program...
Current PC
Zoostorm
Windows 7 Home Premium 64bit, (XP Mode virtual pc enabled)
WEI 7.4, 7.6, 7.9, 7.9, 5.9
Intel Core i5-2310, 8GB Ram
Geforce GTX 660 OC
Samsung Syncmaster SA300 23.6" monitor
Folding@home
User Name Sintares
Team guru3d
There is no such thing as overkill. 'Open fire' and 'is it dead?' are the only sane options when threatened.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
