I think I have been hijacked

Discussion in 'malware problems & news' started by lighterman, Aug 2, 2006.

Thread Status:
Not open for further replies.
  1. lighterman

    lighterman Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    20
    Hi
    The last 2 days whenever I go to www.sitemeter.com it opens up my webpage but still has the sitemeter url Here is a pic of what I get http://www.users.on.net/~faitht/2.jpg

    I have run
    adaware
    spybot
    scan spyware
    ewido
    kaspersky
    Hijack this

    and several others. I have been to trendmicro house call. It ran all night and found several trojans and keyloggers but when I went to delete it caused an error and shut down.

    Now I use the javascript from sitemeter on my website to check traffic stats however on my pc when I go to my site the little rainbow colored box is not at the bottom nor is there a hot link.

    Even in front page, the javascript is there on the design tab, but when I go to preveiw it does not show there either just like my browsers. I have tried IE6 and FF to no avail.

    Is there anything I can try to do other that reforamtting and starting all over again.

    It appears that either the browsers or the OS will not handle javascript
     
  2. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    lighterman, my advice is to use Spy Sweeper version 5, it looks like you have been hijacked by CoolWebSearch, which hijacks your browsers home page
     
  3. lighterman

    lighterman Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    20
    But my homepage hasn't been affected. It is just when I try to go to sitemeter.com that it shows my website intstead
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    BRW lighterman, what is this theme?
     
  5. lighterman

    lighterman Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    20
    I don't understand what you mean
     
  6. lighterman

    lighterman Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    20
    Sorry I get it now. It is Noia 2.0 (extreme)
     
  7. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    even so lighterman, I use Spy Sweeper myself and its saved me from a hijacking on several occasions, other than that, maybe you should try a system restore, and choose a restore point before this problem happened
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks.
     
  9. lighterman

    lighterman Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    20
    I forgot to mention ALL my system restore points before this problem started happening on Monday disappeared.
     
  10. lighterman

    lighterman Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    20
    I just discovered that my spyware program "Scan Spyware" can't update the database. I keep getting "update failed" message. So I clicked on the support link and low and behold instead of taking me to the support page it took me to my own website the same as sitemeter.com :(

    Surely there must be a way to fix this without having to reformat my hard drive and reinstall everything again.

    Something somewhere somehow is disabling javascript on my pc so it won't display the hot link created within the script tags and also redirects me to my own website if I try to type the url of the 2 sites that I have discovered so far in the address bar:mad:
     
  11. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    Last edited by a moderator: Aug 4, 2006
  12. lighterman

    lighterman Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    20
    I did....It came up clean:(
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi, u can try EiperAntospyware free, Ewido free and KIS online scan.
     
  14. lighterman

    lighterman Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    20
    NEW INFO

    I have still tried to avoid a reformat (I am goint to do it though) but because ALL of the dozens of scans that I have done have come up empty I tried to uninstall java and reinstall it in the hope that it may have somehow got corrupted on my system.

    The reason I tried to do this is because as I mentioned anything to do with javascript does not seem to work on my system.

    I went to add/remove programs and discovered something I NEVER saw before. Half of the listed programs are cmpletely BLANK under the size column and when I highlight the program it does not give me the change/remove button.

    Does anyone know what could possibly be causing this problem.
     
  15. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    just an fyi java is different than javascript.

    id try posting a hijackthis log at the SpywareInfo forums or other security forum (except this one)
     
  16. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    Just a wild idea, but check your HOSTS file (XP: C:\Windows\System32\Drivers\Etc\HOSTS)
     
  17. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    Sorry to here nothing is helping lighterman:eek: may I sugest you do a full format, and not the quick format, this way you can be sure your drive will be clean:D
     
  18. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    the only difference is a full format checks the disk for bad sectors.

    to rele have a clean drive, u would want to wipe teh disk. to do so, ull need a 3rd party utility like killdisk or dban.
     
  19. lighterman

    lighterman Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    20
    That's what was causing my redirection. However now I also discovered that in my add/remove program there are several programs that are blank down the right hand side and when I click on them I do not get the change/remove button so I am unable to uninstall them :mad:
     
  20. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi lighterman,

    Can you do this for me?

    Click Start > Run and copy this command:

    regedit /e c:\uninstall.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"


    Then click OK to execute. Doing so will create the file c:\uninstall.txt
    Post the content of that file.

    If you could also point out the ones that you are having problems with removing, that would make it easier for me.

    Regards,

    Pieter
     
  21. lighterman

    lighterman Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    20
    I have done what you said and have attached the file. You can also compare it with the image of add/remove program here http://www.users.on.net/~faitht/addrem.png
     

    Attached Files:

  22. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Good. :thumb:

    Go to Start > Run
    Type:
    • regedit
    Click OK.
    • On the leftside, click to highlight My Computer at the top.
    • Go up to "File > Export"
      • Make sure in that window there is a tick next to "All" under Export Branch.
        Leave the "Save As Type" as "Registration Files".
        Under "Filename" put backup
    • Choose to save it to C:\ or somewhere else safe so that you will remember where you put it (don't put it on the desktop!)
    • Click save and then go to File > Exit.
    This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.

    Click Start > Run > and type in notepad and click OK
    Copy and paste the text in the quote box into the Notepad window (including the Windows Registry Editor Version 5.00)

    Click File and then select Save As
    In the ‘Save in’ box - Save it to your Desktop
    In the ‘File name’ box – type in fix.reg
    In the ‘Save as type’ box - use the drop down arrow and select All Files
    Click Save
    Close Notepad


    Close all open windows and Browsers


    Double Click fix.reg on your Desktop
    When it asks you if you want to merge the contents to the registry, click yes/ok.
    A window saying “Information in fix.reg has been successfully entered into the registry” should come up – Click OK.

    It could be that a reboot is required for the changes to take effect.
    This should remove Nero from your list in Add/Remove Software.
    Note that it wil not remove anything else.

    Going over your list I got the impression that this may not be the only (Administrator) account on that computer. Can you confirm that?
    The other account may have the Remove options for some that you are missing.

    Regards,

    Pieter
     
Loading...
Thread Status:
Not open for further replies.