I think I have been hijacked

[lighterman]

Hi
The last 2 days whenever I go to www.sitemeter.com it opens up my webpage but still has the sitemeter url Here is a pic of what I get http://www.users.on.net/~faitht/2.jpg

I have run
adaware
spybot
scan spyware
ewido
kaspersky
Hijack this

and several others. I have been to trendmicro house call. It ran all night and found several trojans and keyloggers but when I went to delete it caused an error and shut down.

Now I use the javascript from sitemeter on my website to check traffic stats however on my pc when I go to my site the little rainbow colored box is not at the bottom nor is there a hot link.

Even in front page, the javascript is there on the design tab, but when I go to preveiw it does not show there either just like my browsers. I have tried IE6 and FF to no avail.

Is there anything I can try to do other that reforamtting and starting all over again.

It appears that either the browsers or the OS will not handle javascript

[DVD+R]

lighterman, my advice is to use Spy Sweeper version 5, it looks like you have been hijacked by CoolWebSearch, which hijacks your browsers home page

[lighterman]

Quote:

Originally Posted by DVD+R

lighterman, my advice is to use Spy Sweeper version 5, it looks like you have been hijacked by CoolWebSearch, which hijacks your browsers home page

But my homepage hasn't been affected. It is just when I try to go to sitemeter.com that it shows my website intstead

[aigle]

BRW lighterman, what is this theme?

[lighterman]

Quote:

Originally Posted by aigle

BRW lighterman, what is this theme?

I don't understand what you mean

[lighterman]

Quote:

Originally Posted by aigle

BRW lighterman, what is this theme?

Sorry I get it now. It is Noia 2.0 (extreme)

[DVD+R]

even so lighterman, I use Spy Sweeper myself and its saved me from a hijacking on several occasions, other than that, maybe you should try a system restore, and choose a restore point before this problem happened

[aigle]

Quote:

Originally Posted by lighterman

Sorry I get it now. It is Noia 2.0 (extreme)

Thanks.

[lighterman]

Quote:

Originally Posted by DVD+R

other than that, maybe you should try a system restore, and choose a restore point before this problem happened

I forgot to mention ALL my system restore points before this problem started happening on Monday disappeared.

[lighterman]

I just discovered that my spyware program "Scan Spyware" can't update the database. I keep getting "update failed" message. So I clicked on the support link and low and behold instead of taking me to the support page it took me to my own website the same as sitemeter.com

Surely there must be a way to fix this without having to reformat my hard drive and reinstall everything again.

Something somewhere somehow is disabling javascript on my pc so it won't display the hot link created within the script tags and also redirects me to my own website if I try to type the url of the 2 sites that I have discovered so far in the address bar

[DVD+R]

I really wish you would try Spy Sweeper, I'm sure you will be amazed at what it will find, theres definately a spyware that has installed itself and is disableing programs, download it from here

http://www.webroot.com/consumer/down...ct=result&cd=1

and the fix from here

Removed link to cracks - Ron Please read the Terms of Service for using these forums.

you have nothing to lose,and everything to gain from running this fine program

[lighterman]

Quote:

Originally Posted by DVD+R

I really wish you would try Spy Sweeper, I'm sure you will be amazed at what it will find, theres definately a spyware that has installed itself and is disableing programs, download it from here

I did....It came up clean

[aigle]

Hi, u can try EiperAntospyware free, Ewido free and KIS online scan.

[lighterman]

NEW INFO

I have still tried to avoid a reformat (I am goint to do it though) but because ALL of the dozens of scans that I have done have come up empty I tried to uninstall java and reinstall it in the hope that it may have somehow got corrupted on my system.

The reason I tried to do this is because as I mentioned anything to do with javascript does not seem to work on my system.

I went to add/remove programs and discovered something I NEVER saw before. Half of the listed programs are cmpletely BLANK under the size column and when I highlight the program it does not give me the change/remove button.

Does anyone know what could possibly be causing this problem.

[WSFuser]

just an fyi java is different than javascript.

id try posting a hijackthis log at the SpywareInfo forums or other security forum (except this one)

[Kye-U]

Just a wild idea, but check your HOSTS file (XP: C:\Windows\System32\Drivers\Etc\HOSTS)

[DVD+R]

Sorry to here nothing is helping lighterman may I sugest you do a full format, and not the quick format, this way you can be sure your drive will be clean

[WSFuser]

the only difference is a full format checks the disk for bad sectors.

to rele have a clean drive, u would want to wipe teh disk. to do so, ull need a 3rd party utility like killdisk or dban.

[lighterman]

Quote:

Originally Posted by Kye-U

Just a wild idea, but check your HOSTS file (XP: C:\Windows\System32\Drivers\Etc\HOSTS)

That's what was causing my redirection. However now I also discovered that in my add/remove program there are several programs that are blank down the right hand side and when I click on them I do not get the change/remove button so I am unable to uninstall them

[Pieter_Arntz]

Hi lighterman,

Can you do this for me?

Click Start > Run and copy this command:

regedit /e c:\uninstall.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"

Then click OK to execute. Doing so will create the file c:\uninstall.txt
Post the content of that file.

If you could also point out the ones that you are having problems with removing, that would make it easier for me.

Regards,

Pieter

[lighterman]

Quote:

Originally Posted by Pieter_Arntz

Hi lighterman,

Can you do this for me?

Click Start > Run and copy this command:

regedit /e c:\uninstall.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"

Then click OK to execute. Doing so will create the file c:\uninstall.txt
Post the content of that file.

If you could also point out the ones that you are having problems with removing, that would make it easier for me.

Regards,

Pieter

I have done what you said and have attached the file. You can also compare it with the image of add/remove program here http://www.users.on.net/~faitht/addrem.png

[Pieter_Arntz]

Good.

Go to Start > Run
Type:

• regedit

Click OK.

• On the leftside, click to highlight My Computer at the top.
• Go up to "File > Export"
  • Make sure in that window there is a tick next to "All" under Export Branch.
    Leave the "Save As Type" as "Registration Files".
    Under "Filename" put backup
• Choose to save it to C:\ or somewhere else safe so that you will remember where you put it (don't put it on the desktop!)
• Click save and then go to File > Exit.

This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.

Click Start > Run > and type in notepad and click OK
Copy and paste the text in the quote box into the Notepad window (including the Windows Registry Editor Version 5.00)

Quote:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nero - Burning Rom!UninstallKey]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NeroMultiInstaller!UninstallKey]

Click File and then select Save As
In the ‘Save in’ box - Save it to your Desktop
In the ‘File name’ box – type in fix.reg
In the ‘Save as type’ box - use the drop down arrow and select All Files
Click Save
Close Notepad


Close all open windows and Browsers


Double Click fix.reg on your Desktop
When it asks you if you want to merge the contents to the registry, click yes/ok.
A window saying “Information in fix.reg has been successfully entered into the registry” should come up – Click OK.

It could be that a reboot is required for the changes to take effect.
This should remove Nero from your list in Add/Remove Software.
Note that it wil not remove anything else.

Going over your list I got the impression that this may not be the only (Administrator) account on that computer. Can you confirm that?
The other account may have the Remove options for some that you are missing.

Regards,

Pieter