|
|
|||||||
| Spyware Cleaning Section Closed!! |
| Notice: The spyware cleaning (HijackThis) section is closed. Wilders Security no longer provides one on one spyware cleaning assistance. Please see this announcement for a list of websites that provide such services. |
|
|
Thread Tools | Search this Thread |
|
#1
March 31st, 2004, 11:55 AM
|
|||
|
|||
Do not know yet
I was logging on one of the controversial sites on the internet when I encoutered that the site is being downloaded on my computer. I know for sure that this this is a hacking matter the question is
WHAT CAN I DO TO STOP IT AND GET TO THE SITE  ??ANY SUGGESTIONS IT SEEMS TO ME ITS A WAY OF GIVING YOU TOO MUCH OF WHAT YOU ARE ASKING FOR TO MAKE YOU FED UP.Classico  |
|
#2
March 31st, 2004, 12:19 PM
|
||||
|
||||
|
Re:Do not know yet
Hi classico, and welcome to Wilders.
I am not sure what you are trying to say in your post. Do you think you have been hijacked? Or are you just wanting to know how to better protect your computer from sites that would try and hijack you? I will be moving your post from this Test Forum into a more appropriate forum, but before I can do that I need to understand more specifically what kind of help you are asking for.  Regards, snap
__________________
@-`-,-- |
|
#3
April 1st, 2004, 05:11 AM
|
|||
|
|||
|
Re:Do not know yet
Hi !
I should have been more specific. I have spyguard, spywareblaster, adaware and spy sweeper. Further, I have sygate home edition as firwall, as anti virus TDS, avast and micro trend. What happened is that when Iwent to the site a popup came on, which I know does not belong to that site, it was regarding the download of micromedia, which I crossed away. Yet I could not get on the site and instead the site started downloading in my computer. So the question is my computer infected or is it the site I visited which was hacked? I have the free surfer against pop ups but this micromedia business does not stop poping up. best regadrs, Classico |
|
#4
April 1st, 2004, 12:42 PM
|
||||
|
||||
|
Re:Do not know yet
Hi classico,
Please follow the instructions in Step2 here: http://www.wilderssecurity.com/showthread.php?t=15913 And post your HijackThis log here in this thread. An Expert will review it shortly, and advise you if anything needs to be fixed. Regards, snap
__________________
@-`-,-- |
|
#5
April 3rd, 2004, 02:06 PM
|
|||
|
|||
|
hijack this log list
Hi,
I have had a run with spybot and I down loaded Hijack this and my log looks likes this: Logfile of HijackThis v1.97.7 Scan saved at 16:41:00, on 2004-04-02 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) ==================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program\Alwil Software\Avast4\aswUpdSv.exe C:\Program\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program\Trend Micro\PC-cillin 2003\Tmntsrv.exe C:\Program\Trend Micro\PC-cillin 2003\tmproxy.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\System32\pctspk.exe C:\Program\ALWILS~1\Avast4\ashDisp.exe C:\Program\ALWILS~1\Avast4\ashmaisv.exe C:\Program\Trend Micro\PC-cillin 2003\pccguide.exe C:\Program\Trend Micro\PC-cillin 2003\PCCClient.exe C:\Program\Trend Micro\PC-cillin 2003\Pop3trap.exe C:\WINDOWS\System32\ctfmon.exe C:\Program\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Exif Launcher\QuickDCF.exe C:\Program\SpywareGuard\sgmain.exe C:\Program\SpywareGuard\sgbhp.exe C:\Program\SpywareBlaster\spywareblaster.exe C:\Program\TDS3\tds-3.exe C:\WINDOWS\msagent\AgentSvr.exe C:\Program\Free Surfer\fs20.exe C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\Temporär katalog 1 för hijackthis1977.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.6 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sw4.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sw4.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O1 - Hosts: 64.91.255.87 www.dcsresearch.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program\SpywareGuard\dlprotect.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SmcService] C:\Program\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ashMaiSv] C:\Program\ALWILS~1\Avast4\ashmaisv.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program\Trend Micro\PC-cillin 2003\pccguide.exe" O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program\Trend Micro\PC-cillin 2003\PCCClient.exe" O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program\Trend Micro\PC-cillin 2003\Pop3trap.exe" O4 - HKLM\..\Run: [TDS3] C:\Program\TDS3\TDS-3.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" O4 - HKCU\..\Run: [PicoZip] C:\Program\PicoZip\PicoZipTray.exe O4 - HKCU\..\Run: [SpySweeper] C:\Program\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - Startup: SpywareGuard.lnk = C:\Program\SpywareGuard\sgmain.exe O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe O4 - Global Startup: hp center.lnk = C:\Program\hp center\137903\Program\BackWeb-137903.exe O9 - Extra button: Free Surfer (HKLM) O9 - Extra 'Tools' menuitem: Free Surfer (HKLM) O9 - Extra button: Favorites Search (HKLM) O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38050.1430439815 O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab ==================== look forward to your comments, Classico |
|
#6
April 3rd, 2004, 02:11 PM
|
||||
|
||||
|
Re:hijack this log list
Looks clear, what problemsa are you having
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy | Hedgehog Rescue |
|
#7
April 5th, 2004, 02:05 AM
|
|||
|
|||
|
Re:Do not know yet
It started with the downloading of the site material when I entered a controversial site.
I have been checking on my side and it seems that there is an unharmful bug on that site that results in a fictive downloading . So the problem was not on my computer. Anyway it is good to know that I am not hacked!MANY THANKS for your assistance. Classico |
|
#8
April 5th, 2004, 02:40 AM
|
||||
|
||||
|
Re:Do not know yet
I see you have TDS, as some sites can install trojans that do not show in a hjt log, I strongly advise runninmg a full TDS scan, just to be safe
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy | Hedgehog Rescue |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
