Jump to content


Photo

hijacked homepage


  • Please log in to reply
2 replies to this topic

#1 hijackedpage

hijackedpage

    Member

  • New Member
  • Pip
  • 2 posts

Posted 30 June 2004 - 08:46 AM

hey, my hompeage has been hijacked. can anyone help?

my log is below:

Logfile of HijackThis v1.98.0
Scan saved at 05:22:16, on 30/06/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\CCWTUP32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\CONFSVR.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\ELABORATE BYTES\CLONECD\CLONECDTRAY.EXE
C:\PROGRAM FILES\SAVE\SAVE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
D:\TELEPHONE CODE LOCATOR\UKPHONE2\PHONES.EXE
C:\WINDOWS\TWAIN_32\A4S2_600\WATCH.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
D:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\GBTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\MSCAN\MSOFFICE\PANEL.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=megad
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=megad
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.terra.es/...rl/s/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.terra.es/...rl/s/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.fin...iteyouneed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=megad
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=megad
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Madasafish
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\SYSTEM\CGMOPENBHO.DLL
O2 - BHO: (no name) - {00110011-4B0B-44D5-9718-90C88817369B} - C:\WINDOWS\sys_ext.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar2.dll
O2 - BHO: (no name) - {DAD65D01-CA47-11D8-9BAD-00C07065F825} - C:\WINDOWS\SYSTEM\ADONOFA.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 98\IOMON98.EXE"
O4 - HKLM\..\Run: [Gearbox] "D:\Program Files\Gearbox Connection Kit\bin\confsvr.exe"
O4 - HKLM\..\Run: [RealTray] D:\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] D:\KAZAA.EXE /SYSTRAY
O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
O4 - HKLM\..\RunServices: [IOMON98.EXE] "C:\Program Files\Trend PC-cillin 98\IOMON98.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows Internet Protocol] C:\WINDOWS\SYSTEM32\WINPROC32.EXE
O4 - Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
O4 - Startup: CheckIt ToolBox.lnk = C:\TSC\CheckIt\ToolBox.exe
O4 - Startup: UK Phone Codes Pop Up.lnk = D:\Telephone code locator\ukphone2\phones.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\A4S2_600\watch.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\MESSENGER\MESSENGER\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\MESSENGER\MESSENGER\YPAGER.EXE (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Freeserve - {934354E0-298C-11D3-9BAC-F56A5F68C051} - http://www.freeserve.net/ (file missing) (HKCU)
O12 - Plugin for .hcvm: d:\NetscapePlugin.dll
O12 - Plugin for .sgvm: d:\NetscapePlugin.dll
O18 - Filter: text/html - {DAD65D00-CA47-11D8-9BAD-00C01F295DBE} - C:\WINDOWS\SYSTEM\ADONOFA.DLL
O18 - Filter: text/plain - {DAD65D00-CA47-11D8-9BAD-00C01F295DBE} - C:\WINDOWS\SYSTEM\ADONOFA.DLL
O21 - SSODL: System - {C68DECE0-A9BE-11D8-9BAD-00C0DFF01871} - C:\WINDOWS\system32\system32.dll

#2 hijackedpage

hijackedpage

    Member

  • New Member
  • Pip
  • 2 posts

Posted 30 June 2004 - 09:32 AM

i have deleted all ths ones with about:blank in the title, but the hijacked homepage still keeps coming back

please can someone advise me on which ones to delete?

Edited by hijackedpage, 30 June 2004 - 09:33 AM.


#3 The Fist

The Fist

    Member

  • Full Member
  • Pip
  • 50 posts

Posted 30 June 2004 - 05:04 PM

Before you delete anything else, Move Hijack This into its own directory (e.g. c:\HJT) so that it will backup anything you delete that you shouldn't. First, run CWShredder, Ad-Aware and Spybot S&D. I reccomend the fix detailed by BobO HERE. If you can't find the .dll file under System Hooks, I would reccomend trying the fix I posted for Windows ME (it should work in a similar fashion in 98). HERE.

Also, you should (as detailed in my post) be able to delete any of the entries with sp.html.

Let me know how it goes.

The Fist

Edited by The Fist, 30 June 2004 - 05:05 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!