Mike_Healan
December 12th, 2002, 03:37 PM
I installed BHBlaster last night because I'm testing something that's supposedly a browser hijacker. So I've been running Internet Exploder all night and day (shudder) waiting for something to happen.
This morning I got up and BHBlaster had gone crazy. It told me the start and search pages had been changed to <none>, fix or allow change? I tell it to fix, it goes away, then it pops the same alert up again immediately. It does this over and over and over. HijackThis didn't find any hijack and nothing had been changed. I restarted it and it quit doing it, but wtf was that all about ???
XP Pro (no sp1) and IE 6 (no sp1) and this is more or less what was running at the time:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVG6\avgserv.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\Program Files\Kerio\Personal Firewall\persfw.exe
F:\WINDOWS\System32\snmp.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Winamp\Winampa.exe
F:\WINDOWS\StartupMonitor.exe
F:\WINDOWS\System32\taskswitch.exe
F:\Program Files\Grisoft\AVG6\avgcc32.exe
D:\documents\SETI@home\SETI@home.exe
F:\Program Files\Free-Popup-Killer\fpuk.exe
F:\Program Files\Coolmon\CoolMon.exe
F:\Program Files\WinKey\WinKey.exe
D:\Documents\ATnotes\ATnotes.exe
D:\Documents\AnalogX\CookieWall
ookie.exe
F:\Program Files\desktop frames\DesktopFrames.exe
F:\Program Files\OSDEx\OSDEx.exe
F:\Program Files\IconSaver\IconSaver.exe
F:\Program Files\MailWasher\MailWasher.exe
F:\Program Files\PowerPro\powerpro.exe
F:\Program Files\Proxomitron\Proxomitron.exe
D:\Documents\Trillian\trillian.exe
F:\Program Files\MinperServe\MinperServe.exe
F:\Program Files\WinBar\WinBar.exe
D:\Documents\YCIII\YankClip.exe
F:\Program Files\Browser Hijack Blaster\bhblaster.exe
f:\Program Files\Winamp\Winamp.exe
D:\Documents\FlashFXP\FlashFXP.exe
D:\DOCUME~1\MOZILLA.ORG\MOZILLA.EXE
This morning I got up and BHBlaster had gone crazy. It told me the start and search pages had been changed to <none>, fix or allow change? I tell it to fix, it goes away, then it pops the same alert up again immediately. It does this over and over and over. HijackThis didn't find any hijack and nothing had been changed. I restarted it and it quit doing it, but wtf was that all about ???
XP Pro (no sp1) and IE 6 (no sp1) and this is more or less what was running at the time:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVG6\avgserv.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\Program Files\Kerio\Personal Firewall\persfw.exe
F:\WINDOWS\System32\snmp.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Winamp\Winampa.exe
F:\WINDOWS\StartupMonitor.exe
F:\WINDOWS\System32\taskswitch.exe
F:\Program Files\Grisoft\AVG6\avgcc32.exe
D:\documents\SETI@home\SETI@home.exe
F:\Program Files\Free-Popup-Killer\fpuk.exe
F:\Program Files\Coolmon\CoolMon.exe
F:\Program Files\WinKey\WinKey.exe
D:\Documents\ATnotes\ATnotes.exe
D:\Documents\AnalogX\CookieWall
ookie.exe
F:\Program Files\desktop frames\DesktopFrames.exe
F:\Program Files\OSDEx\OSDEx.exe
F:\Program Files\IconSaver\IconSaver.exe
F:\Program Files\MailWasher\MailWasher.exe
F:\Program Files\PowerPro\powerpro.exe
F:\Program Files\Proxomitron\Proxomitron.exe
D:\Documents\Trillian\trillian.exe
F:\Program Files\MinperServe\MinperServe.exe
F:\Program Files\WinBar\WinBar.exe
D:\Documents\YCIII\YankClip.exe
F:\Program Files\Browser Hijack Blaster\bhblaster.exe
f:\Program Files\Winamp\Winamp.exe
D:\Documents\FlashFXP\FlashFXP.exe
D:\DOCUME~1\MOZILLA.ORG\MOZILLA.EXE