NEED HELP -> Internet explorer Hijack -> google

Discussion in 'adware, spyware & hijack cleaning' started by widoman, Jun 29, 2004.

Thread Status:
Not open for further replies.
  1. widoman

    widoman Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2
    Hi, any that can help me?

    When internet explorer run site google.com its was unable to browse another site (like something hide activated).
    Example:
    - I search "cnet"
    - Click in search result "cnet.com"
    - And my browser do:
    A) Page reload with site "www.google.com"
    or
    B) Google
    Not Found
    The requested URL /"what ever page" was not found on this server.

    Until i close all windows of internet explorer and wait a little while, if not,
    whatever page i browse send to me "google.com".

    If never open site google.com, i can browse normally.

    ----------------------------------------------------------------------
    My machine data
    ----------------------------------------------------------------------
    - Internet explorer 6.0.2800.1106, 128-bit, SP1, Q837009, Q832894
    - Windows-98-4.10.2222.A

    ----------------------------------------------------------------------
    The fix-tools i run
    ----------------------------------------------------------------------
    - Antivirus Panda 2004 (updated) .. nothing detect
    - Pestpatrol 2.4.7 (updated) .. nothing detect
    - Spysweeper 2.6 (updated) .. nothing detect
    - Reinstall internet explorer sp1 .. nothing fixed
    - HijackThis v1.97.7 .. no idea .. anex log
    - CWShredder v1.53.2 .. nothing detect, anex log
    - CWShredder v1.59.0 .. nothing detect, anex log
    - BHOdaemon 2.0 .. only 1 from acrobat reader
    - Reinstall Windows 98 .. nothing fixed
    - Install Mozilla explorer .. the same browse problems

    ----------------------------------------------------------------------
    The reports:
    ----------------------------------------------------------------------
    Logfile of HijackThis v1.97.7
    Scan saved at 12:47:55 p.m., on 28/06/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\APVXDWIN.EXE
    C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\WEBPROXY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    D:\SOFTWARE\SOS\ANTISPY\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = ftp=192.168.0.102:21;gopher=192.168.0.102:6588;http=192.168.0.102:6588;https=192.168.0.102:6588
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://cnet.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
    O4 - HKLM\..\RunServices: [PavProc] C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\PavPrS9x.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
    O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C...4567939815
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc...tor/sw.cab

    CWShredder v1.53.2 scan only reportPlease understand that a CWShredder 'Scan only' report
    might not be sufficient to troubleshoot an infected system.
    You can use HijackThis for that:
    http://www.merijn.org/files/hijackthis.zip
    http://www.spywareinfoforum.com/~merijn/files/hijackthis.zip

    Windows 98 (4.10.2222 A)
    Windows dir: C:\WINDOWS
    Windows system dir: C:\WINDOWS\system
    AppData folder: C:\WINDOWS\Application Data
    Username: cesar

    Hosts file not present
    Found CWS.Control (if filesize is over 50k) file: C:\WINDOWS\control.exe (2159 bytes, A)
    Registry value: DefaultPrefix (should be http://) [] http://
    Registry value: WWW Prefix (should be http://) [www] http://
    Registry value: Mosaic Prefix (should be http://) [mosaic] http://
    Registry value: Home Prefix (should be http://) [home] http://
    Found Win.ini file: C:\WINDOWS\win.ini (8501 bytes, A)
    Found line in Win.ini: load=
    Found line in Win.ini: run=
    Found System.ini file: C:\WINDOWS\system.ini (2053 bytes, A)
    Found line in System.ini: shell=Explorer.exe

    - END OF REPORT -

    CWShredder v1.59.0 scan only reportPlease understand that a CWShredder 'Scan only' report
    might not be sufficient to troubleshoot an infected system.
    You can use HijackThis for that:
    http://www.merijn.org/files/hijackthis.zip
    http://www.spywareinfoforum.com/~merijn/files/hijackthis.zip

    Windows 98 (4.10.2222 A)
    Windows dir: C:\WINDOWS
    Windows system dir: C:\WINDOWS\system
    AppData folder: C:\WINDOWS\Application Data
    Username: cesar

    Hosts file not present
    Found Win.ini file: C:\WINDOWS\win.ini (8501 bytes, A)
    Found line in Win.ini: load=
    Found line in Win.ini: run=
    Found System.ini file: C:\WINDOWS\system.ini (2053 bytes, A)
    Found line in System.ini: shell=Explorer.exe

    - END OF REPORT -
    Edit/Delete Message :(
     
    widoman, Jun 29, 2004
    #1
  2. widoman

    widoman Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2
    Case closed

    Well all things posible to do are do it ... and nothing resolv.

    Machine problems:
    - Cant use google to search because this page cycled.
    - After all the moves, unable to enter in Microsoft windows update page.
    "Check you clock ... bla bla" ... crapy ActiveX.

    Machine with problem:
    - Antivirus (scan normal & safe mode) - Nothing detect
    - Adaware remover (scan normal & safe mode) - Nothing detect
    - Check host file - Nothing detect
    - Reinstall windows (not clean install, windows updated)
    - Reinstall Internet explorer (not clean install, updated)
    - Install alternative internet explorer - Mozilla - Same problem
    - Change IP (To see if proxy is guilty)

    Machine with proxy
    - Antivirus (scan normal & safe mode) - Nothing detect
    - Adaware remover (scan normal & safe mode) - Nothing detect
    - Check host file - Nothing detect
    - Reinstall proxy (Clean install)
    - The proxy is direct (no cache, no proxy trough proxy, no user restriction ...)
    is a simple direct-proxy.

    HOW TO RESOLV MICROSOFT WINDOWS PROBLEMS -> WINDOWS CLEAN INSTALL.

    Thanks any one for your time ...
    see ya.
     
    widoman, Jul 5, 2004
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...