Do not know yet

Discussion in 'adware, spyware & hijack cleaning' started by classico, Mar 31, 2004.

Thread Status:
Not open for further replies.
  1. classico

    classico Guest

    I was logging on one of the controversial sites on the internet when I encoutered that the site is being downloaded on my computer. I know for sure that this this is a hacking matter the question is
    WHAT CAN I DO TO STOP IT AND GET TO THE SITEo_O??
    ANY SUGGESTIONSo_O IT SEEMS TO ME ITS A WAY OF GIVING YOU TOO MUCH OF WHAT YOU ARE ASKING FOR TO MAKE YOU FED UP.
    Classico :mad:
     
  2. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi classico, and welcome to Wilders.

    I am not sure what you are trying to say in your post. Do you think you have been hijacked? Or are you just wanting to know how to better protect your computer from sites that would try and hijack you?

    I will be moving your post from this Test Forum into a more appropriate forum, but before I can do that I need to understand more specifically what kind of help you are asking for. :)

    Regards,

    snap
     
  3. classico

    classico Guest

    Hi !
    I should have been more specific.
    I have spyguard, spywareblaster, adaware and spy sweeper. Further, I have sygate home edition as firwall, as anti virus TDS, avast and micro trend.
    What happened is that when Iwent to the site a popup came on, which I know does not belong to that site, it was regarding the download of micromedia, which I crossed away. Yet I could not get on the site and instead the site started downloading in my computer. So the question is my computer infected or is it the site I visited which was hacked? I have the free surfer against pop ups but this micromedia business does not stop poping up.
    best regadrs,
    Classico
     
  4. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi classico,

    Please follow the instructions in Step2 here:
    http://www.wilderssecurity.com/showthread.php?t=15913

    And post your HijackThis log here in this thread. An Expert will review it shortly, and advise you if anything needs to be fixed.

    Regards,

    snap
     
  5. classico

    classico Registered Member

    Joined:
    Apr 3, 2004
    Posts:
    3
    hijack this log list

    Hi,
    I have had a run with spybot and I down loaded Hijack this and my log looks likes this:
    Logfile of HijackThis v1.97.7
    Scan saved at 16:41:00, on 2004-04-02
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    ====================
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program\Trend Micro\PC-cillin 2003\Tmntsrv.exe
    C:\Program\Trend Micro\PC-cillin 2003\tmproxy.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\System32\pctspk.exe
    C:\Program\ALWILS~1\Avast4\ashDisp.exe
    C:\Program\ALWILS~1\Avast4\ashmaisv.exe
    C:\Program\Trend Micro\PC-cillin 2003\pccguide.exe
    C:\Program\Trend Micro\PC-cillin 2003\PCCClient.exe
    C:\Program\Trend Micro\PC-cillin 2003\Pop3trap.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Exif Launcher\QuickDCF.exe
    C:\Program\SpywareGuard\sgmain.exe
    C:\Program\SpywareGuard\sgbhp.exe
    C:\Program\SpywareBlaster\spywareblaster.exe
    C:\Program\TDS3\tds-3.exe
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\Program\Free Surfer\fs20.exe
    C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\Temporär katalog 1 för hijackthis1977.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.6
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sw4.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sw4.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    O1 - Hosts: 64.91.255.87 www.dcsresearch.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program\SpywareGuard\dlprotect.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [SmcService] C:\Program\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ashMaiSv] C:\Program\ALWILS~1\Avast4\ashmaisv.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program\Trend Micro\PC-cillin 2003\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program\Trend Micro\PC-cillin 2003\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program\Trend Micro\PC-cillin 2003\Pop3trap.exe"
    O4 - HKLM\..\Run: [TDS3] C:\Program\TDS3\TDS-3.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe"
    O4 - HKCU\..\Run: [PicoZip] C:\Program\PicoZip\PicoZipTray.exe
    O4 - HKCU\..\Run: [SpySweeper] C:\Program\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - Startup: SpywareGuard.lnk = C:\Program\SpywareGuard\sgmain.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
    O4 - Global Startup: hp center.lnk = C:\Program\hp center\137903\Program\BackWeb-137903.exe
    O9 - Extra button: Free Surfer (HKLM)
    O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
    O9 - Extra button: Favorites Search (HKLM)
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38050.1430439815
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    ====================

    look forward to your comments,
    Classico
     
  6. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Re:hijack this log list

    Looks clear, what problemsa are you having
     
  7. classico

    classico Registered Member

    Joined:
    Apr 3, 2004
    Posts:
    3
    It started with the downloading of the site material when I entered a controversial site.
    I have been checking on my side and it seems that there is an unharmful bug on that site that results in a fictive downloading :). So the problem was not on my computer. Anyway it is good to know that I am not hacked!
    MANY THANKS for your assistance.
    Classico :)
     
  8. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    I see you have TDS, as some sites can install trojans that do not show in a hjt log, I strongly advise runninmg a full TDS scan, just to be safe
     
Thread Status:
Not open for further replies.