Jump to content


Photo

Hijacked


  • Please log in to reply
4 replies to this topic

#1 jasmith28

jasmith28

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 01 July 2004 - 03:23 PM

Please see my saved log below from Hijack This. This hijacker will not go away no matter what I do. Can anyone help? I will be eternally grateful! Thank you.

Logfile of HijackThis v1.97.7
Scan saved at 3:18:56 PM, on 7/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\winzr.exe
C:\WINDOWS\netwy32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 23 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hnbgx.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://hnbgx.dll/index.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://hnbgx.dll/index.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hnbgx.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://hnbgx.dll/index.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hnbgx.dll/sp.html#37794
O2 - BHO: (no name) - {C2044FCB-A8B0-DAA2-3C2A-53A0D46D3E5B} - C:\WINDOWS\appxn32.dll
O4 - HKLM\..\Run: [netwy32.exe] C:\WINDOWS\netwy32.exe

#2 Rootkit

Rootkit

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 01 July 2004 - 03:26 PM

Hi,jasmith28

Please download the Latest Ver, rescan post Logfile

http://www.spywarein.../hijackthis.zip

Gday :wave:

#3 jasmith28

jasmith28

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 01 July 2004 - 03:54 PM

Hello Rootkit,

I tried and it seemed to work, but then the problem came back. Here's the logfile:

Logfile of HijackThis v1.98.0
Scan saved at 3:51:28 PM, on 7/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\winzr.exe
C:\WINDOWS\system32\mssj.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 28 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\djutg.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://djutg.dll/index.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://djutg.dll/index.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\djutg.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\djutg.dll/sp.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://djutg.dll/index.html#37794
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {C2044FCB-A8B0-DAA2-3C2A-53A0D46D3E5B} - C:\WINDOWS\appxn32.dll
O4 - HKLM\..\Run: [mssj.exe] C:\WINDOWS\system32\mssj.exe
O4 - HKLM\..\RunOnce: [winzr.exe] C:\WINDOWS\system32\winzr.exe
O4 - HKLM\..\RunOnce: [atlmp32.exe] C:\WINDOWS\system32\atlmp32.exe

Thanks for your help!

:wtf:

#4 jasmith28

jasmith28

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 02 July 2004 - 08:30 AM

Help please.

#5 jasmith28

jasmith28

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 02 July 2004 - 11:24 AM

I think I found the culprit. Under Control Panel, Add or Remove Programs I found "Home Search Assistent" That is the correct spelling. I tried to remove the program and I got this message:

Problem with Shortcut
Unable to open "http://looking-for.c...ssistant.html".

Can anyone out there help with this?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button