Jump to content


Photo

hijacked by the swarmies!*@*!!


  • Please log in to reply
4 replies to this topic

#1 solaris

solaris

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 26 June 2004 - 10:05 PM

:( well i really did try to "clean" my own mess on my own. ..i am not sure i can....so i googled for "browser hijacking" assistance and after some web surfing i was pleased to fing this forum for possible relief.... yup....after many years of surfing the open waters of the web, i finally got nipped, mugged, run out of my own operating system...i do believe i have been hijacked (browser that is).

so i tried methodically all the recommendations of "mike healan" (spywareinfo.com editor/author)...but after downloading adware and spyware and hi jack this and bho demon...i have a locked browser which directs to the following url: res://eyacu.dll/index.html#37049

i even tried to use the add/remove programs as a solution within the control panel of my computer. ...i did find some entries called...search extender...shopping wizard...and ...home search assistent (yes...that is the way it is spelled in the entry)...but it doesn't remove from the entry...a small window pops up with the instruction to go to http://looking-for.c...chextender.html

when i go there..the web page asks me to download more unknown files...i am not so sure that is a good idea...

..anyway ...i would be most grateful if someone could give me some good news tonite...like...hey buddy...i know just what you are going through...just go here, click this..and save that...and you're done! ( am i hoping for too much?)

...so i am posting an "sos mayday" since my laptop will not browse in my direction but only in the command of this hijcaked browser...please rescue!! tanxsalot :o)

#2 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 27 June 2004 - 06:01 AM

We need a closer look at what's happening.
Please download Hijack this
Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 solaris

solaris

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 27 June 2004 - 08:39 AM

tnx dave ..here it is..

Logfile of HijackThis v1.97.7
Scan saved at 9:30:07 AM, on 6/27/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE
C:\WINDOWS\SYSTEM\APPBM.EXE
C:\WINDOWS\SYSTEM\MSKZ.EXE
C:\WINDOWS\SYSTEM\MSKZ.EXE
C:\WINDOWS\SYSTEM\SYSYA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\MY UTILITIES\HIJACK THIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\SYSYA.EXE
C:\WINDOWS\NETBN.EXE
C:\WINDOWS\NETBN.EXE

:::solaris>

#4 solaris

solaris

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 27 June 2004 - 10:21 AM

sorry for the incomplete log...my browser is simply quitting on me...so i am using mozilla to browse...here is the complete "hijack this" scan...

Logfile of HijackThis v1.97.7
Scan saved at 9:30:07 AM, on 6/27/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE
C:\WINDOWS\SYSTEM\APPBM.EXE
C:\WINDOWS\SYSTEM\MSKZ.EXE
C:\WINDOWS\SYSTEM\MSKZ.EXE
C:\WINDOWS\SYSTEM\SYSYA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\MY UTILITIES\HIJACK THIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\SYSYA.EXE
C:\WINDOWS\NETBN.EXE
C:\WINDOWS\NETBN.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\NETBN.EXE
C:\WINDOWS\SYSTEM\SYSVG.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\MSAGENT\AGENTSVR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eyacu.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://eyacu.dll/index.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://eyacu.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eyacu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://eyacu.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\eyacu.dll/sp.html#37049
O2 - BHO: (no name) - {3962C0AE-4350-9FF5-00AB-A453B9D8DD23} - C:\WINDOWS\APIOH.DLL
O4 - HKLM\..\Run: [APPBM.EXE] C:\WINDOWS\SYSTEM\APPBM.EXE
O4 - HKLM\..\RunServices: [MSKZ.EXE] C:\WINDOWS\SYSTEM\MSKZ.EXE
O4 - HKLM\..\RunServices: [SYSYA.EXE] C:\WINDOWS\SYSTEM\SYSYA.EXE
O4 - HKLM\..\RunServices: [NETBN.EXE] C:\WINDOWS\NETBN.EXE
O4 - HKLM\..\RunServices: [SYSVG.EXE] C:\WINDOWS\SYSTEM\SYSVG.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

::solaris>

#5 solaris

solaris

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 27 June 2004 - 06:37 PM

well...i got to tell you that i downloaded ad-aware, bho demon, hijack this, shredder, spybot and spywareblaster...all are free to download...just google and find their download pages.

i then ran the software and rebooted the computer...and nothing happened.

(except that the browser was still hijacked by this unwanted code)

...so....to make a long story short ..i took some advise from majorgeeks.com website forum and followed the same procedure..except......

i first turned off the computer and started it back up in "safe mode" ..( you can do this by holding the F8 key down steadily at the same time you turn your computer on)...once the computer was up and running in safe mode ...i then ran the each of the software programs separately.

after the last one....i rebooted the computer normally...and WALLAH.. it worked.

I GOT MY BROWSER BACK TO NORMAL.


::)solaris>




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button