• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
splinter

having a problem

2 posts in this topic

My browser has been hijacked. A "pop up" usually comes up after the browser opens (with animated catipillars "doing the deed") telling me spyware viruses are using my computer for replication. Spybot search & destroy finds nothing. Ad-aware finds 7 problems and after I remove them & restart, ad-aware just finds them again. Norton anti-virus auto protect is off and I cant enable it and E-mail scanning shows an error. Hijackthis values are listed below. can someone please give me advise.

 

Logfile of HijackThis v1.97.7

Scan saved at 3:34:31 PM, on 6/30/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\mfcyl.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\sdkor.exe

C:\Documents and Settings\Owner\My Documents\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://google.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\luqvg.dll/sp.html#28129

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://luqvg.dll/index.html#28129

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://google.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://luqvg.dll/index.html#28129

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\luqvg.dll/sp.html#28129

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://luqvg.dll/index.html#28129

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\luqvg.dll/sp.html#28129

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://google.com

O2 - BHO: (no name) - {D80CB790-5F03-3A01-0AE8-D0663537CB6F} - C:\WINDOWS\system32\mstt32.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [mfcyl.exe] C:\WINDOWS\mfcyl.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O13 - FTP Prefix:

O13 - Gopher Prefix:

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/19cef756409cf9c0ec17/...ip/RdxIE601.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7609.4434722222

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

Share this post


Link to post
Share on other sites

Hi,

Have you have rebooted your computer since you posted this log? You have to repost a fresh HijackThis log if you did.

 

Alternative Browser

This paticular variant that you are infected with is very hard to get rid of. In the interim, download an alternative browser and do not start Internet Exlorer again until the hijack problem is resolved.

 

http://www.mozilla.org/download.html <= Follow the link to download and install Mozilla FireFox

Edited by stockkbroker

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0