how-to block ads
|
LeeD300
join:2003-04-21
Santa Clara, CA
1 edit | Google hijack?
Google attack!
(112303Firewallviolationaccesscomputerthroughremotecontrol.JPG) |
This has already happened a few times. Sometimes things are fine, while others it seems like Google is trying to access my computer.
Each time that I do search in the Google, and this happens, IE window shows an error and nothing is searched in Google.
Anybody else having this problem? I've already emailed Google.
--
LeeD300Z | |
|  
Zupe
Premium,MVM
join:2001-11-29
New York, NY
clubs:
2 edits | Re: Google hijack? I can't view the larger version of your screenshot, probably because the file name is so long. Can you try renaming it to something shorter and uploading it again?
What exactly do you mean by "Google trying to access your computer"?
In the meantime, check your C:\Windows\Help directory for a file called Hosts, and if you find it there, delete it. Also try downloading and running the QHosts removal tool from Symantec here: »www.symantec.com/avcenter/FixQhost.exe
Finally, can you download and run the program Hijack This from here: »www.spywareinfo.com/~merijn/file···this.zip
On the opening screen, click the scan button, then choose save log file, save it somewhere, open the log file with a text editor and copy and paste the contents here.
--
Brain: Pinky, are you pondering what I'm pondering?
Pinky: I think so, Brain, but "Snowball for Windows"? | |
| | | LeeD300
join:2003-04-21
Santa Clara, CA
| 
Google hijack? |
--
LeeD300Z | |
| | LeeD300
join:2003-04-21
Santa Clara, CA
2 edits | Re: Google hijack? * Thanks for the help!!
Logfile of HijackThis v1.97.7
Scan saved at 4:50:20 PM, on 11/23/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\E_S00RP2.EXE
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\GEARSEC.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Sony Handheld\AlarmApp.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Documents and Settings\My Documents\XP Software\- Security\Hijack this\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »www.emachines.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo 825] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 825" /O6 "USB001" /M "Stylus Photo 825"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe" /EMBEDDING
O4 - HKLM\..\Run: [taskmanager] c:\windows\taskmgr.com
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [EPSON Stylus Photo 825] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\System32\E_S1C08.tmp"
O4 - Startup: Alarm Manager.LNK = C:\Program Files\Sony Handheld\AlarmApp.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: iSiloX Clipper (HKCU)
O9 - Extra 'Tools' menuitem: iSiloX Clipper... (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - »www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - »download.microsoft.com/download/···9VCM.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - »download.mcafee.com/molbin/share···sctl.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - »f1.pg.photos.yahoo.com/ocx/us/ye···_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »download.macromedia.com/pub/shoc···lash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D15F707F-CCD3-47EF-86BD-6BA48E220401}: Domain = attbi.com
--
LeeD300Z | |
| | | 
Keizer
I'M Your Huckleberry
Premium,MVM
join:2003-01-20
| Re: Google hijack? said by exocet_cm  :
Do you have the google toolbar installed on your computer?
--
He that feeds a disease, feeds an enemy. Some diseases are starved. Starve your sins by fasting and humiliation. Either kill your sin, or your sin will kill you. - Thomas Watson Harmless as doves 131
I was wondering the same thing.....it might be making phone calls!
Keizer | |
| | | LeeD300
join:2003-04-21
Santa Clara, CA
| Re: Google hijack? Yes I do have the toolbar.
I'm also thinking similar, but I don't think it's the toolbar it'self though.
Also, if I try to go to www.google.com, I get the same response.
I didn't start getting this unill reciently. Not sure if it's related (don't think so), but a few days ago I upgraded from McAfee Firewall 4 to Firewall 5.
--
LeeD300Z | |
|
Keizer
I'M Your Huckleberry
Premium,MVM
join:2003-01-20 | How is your google tool bar set up?
Keizer | |
| | | LeeD300
join:2003-04-21
Santa Clara, CA
| Re: Google hijack? hmmm... That's good to know.
It seems to always access 80 S.Port, but a different D.Port on every access.
The strang thing is that I don't get this access every time, although the last 10 or so it's been every time.
The thing that really freaked me out was near the begining, It accessed a port that my firewall told me was frequently was "used by the popular remote control applicatio, Timbuktu." I thought, "Google or somebody's trying to access my computer with a remote control application!"
Thanks for the info. I still won't change anything on my side. I'll continue to monitor things here, use a different search engine (by the way it still does it after uninstalling Google) and wait for Google to respond to my email.
--
LeeD300Z | |
| | | LeeD300
join:2003-04-21
Santa Clara, CA | Re: Google hijack? I'm especially jumpy after about 2 weeks ago, I found somebody had created another log-on account on my computer.
My computer is only access by me, in my room, and when I'm not there, the door is locked.
--
LeeD300Z | |
| | | | | |
|
·
·
·
