site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > browser jacked can't fix it

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies


Solid_Snake
Snakeonia
Premium
join:2002-01-14
Fort Collins, CO
1 edit

reply to Solid_Snake

Re: browser jacked can't fix it

anti vir found a BDS/ServU-Based... how can i remove this have found little info on the net. other than its a backdoor trojan
to forum · permalink · 2004-09-01 23:12:57 ·


Solid_Snake
Snakeonia
Premium
join:2002-01-14
Fort Collins, CO
3 edits

hijackthis.zip 1,265 bytes
(hijackthis.log)
»www.pestpatrol.com/pestinfo/b/ba···ased.asp

followed them steps and neither file came up..

i have ran ad aware and updated

updated spybot

shedder but im unable to update that

tds-3, which found no problems

antivir which found two files but only listed name of 1

online macafee did not find any viruses...

if i change my homepage, to www.ebay.com it works like it is supposed to the first time, but when i close browser and open it again it comes back to the makemesearch page...
--
Why Am I Fighting To Live,
If Im Just Living To Fight.
Why Am I Trying To See,
When There Aint Nothing In Sight.
Why Am I Trying To Give,
When No One Gives Me A Try.
Why Am I Dying To Live,
When Im Just Living To Die
to forum · permalink · 2004-09-01 23:30:51 ·


dp
Premium,MVM
join:2000-12-08
Greensburg, PA
kudos:7

Log Listing for Solid_Snake See Profile

Logfile of HijackThis v1.97.7
Scan saved at 9:32:14 PM, on 9/1/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINBLOWS\System32\smss.exe
C:\WINBLOWS\system32\winlogon.exe
C:\WINBLOWS\system32\services.exe
C:\WINBLOWS\system32\lsass.exe
C:\WINBLOWS\system32\svchost.exe
C:\WINBLOWS\System32\svchost.exe
C:\WINBLOWS\system32\spoolsv.exe
C:\WINBLOWS\system32\LEXPPS.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINBLOWS\System32\nvsvc32.exe
C:\WINBLOWS\System32\svchost.exe
C:\WINBLOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINBLOWS\system32\LEXBCES.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\SNAKE\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »www.makemesearch.com/?said=114
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »www.makemesearch.com/?said=114
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINBLOWS\SYSTEM\blank.htm
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINBLOWS\System32\MTC.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINBLOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: Win32 Classes -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - »download.macromedia.com/pub/shoc···r/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - »messenger.zone.msn.com/binary/Mi···8578.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - »akamai.downloadv3.com/binaries/I···N_XP.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - »messenger.zone.msn.com/binary/Me···8578.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »download.macromedia.com/pub/shoc···lash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - »download.mcafee.com/molbin/iss-l···scan.cab
--
Write your questions down on the back of a $20 dollar bill and send them to me

to forum · permalink · 2004-09-02 08:10:37 ·


Solid_Snake
Snakeonia
Premium
join:2002-01-14
Fort Collins, CO

reply to Solid_Snake
got another one... sorry guys

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »www.ebay.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = »www.ebay.com/
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINBLOWS\localNRD.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINBLOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nuhtbtr] C:\WINBLOWS\System32\hfhkkqs.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [px] C:\WINBLOWS\System32\px.exe
O4 - HKCU\..\Run: [win87em] C:\WINBLOWS\System32\win87em.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - »download.macromedia.com/pub/shoc···r/sw.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - »messenger.zone.msn.com/binary/Mi···8578.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - »messenger.zone.msn.com/binary/Me···8578.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »download.macromedia.com/pub/shoc···lash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - »download.mcafee.com/molbin/iss-l···scan.cab
--
Why Am I Fighting To Live,If Im Just Living To Fight.Why Am I Trying To See,When There Aint Nothing In Sight.Why Am I Trying To Give, When No One Gives Me A Try.Why Am I Dying To Live, When Im Just Living To Die

to forum · permalink · 2004-09-06 18:36:47 ·


CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
kudos:8

That's only half the log. We need the whole thing. It begins with this part:

Logfile of HijackThis v1.97.7
Scan saved at 6:55:28 PM, on 9/1/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Also, have you gotten those service packs and critical security updates installed yet? Otherwise, as I said, this will be an ongoing occurence for you
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum
Proud Member of ASAP (Alliance of Security Analysis Professionals) »www.a-sap.org/

to forum · permalink · 2004-09-06 19:22:42 ·
Forums > Broadband Tech > Security > Security

Monday, 04-Jun 14:47:07 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics