Jump to content


Photo

Hijacked, and my nortan wont enable anymore.


  • Please log in to reply
9 replies to this topic

#1 JayFo

JayFo

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 08 July 2004 - 01:22 AM

I keep getting that about:blank page and also now my northan wont enable itself and email protection says error, anyone help me out???

#2 Marikita

Marikita

    Malware Intern

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 1,822 posts

Posted 08 July 2004 - 08:54 AM

Please do this.
Download 'Hijack This!'. http://www.spywarein.../HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
Everything is inconsequential, from a cosmological perspective.

#3 Rellax

Rellax

    Member

  • New Member
  • Pip
  • 1 posts

Posted 08 July 2004 - 10:11 AM

I have exactly the same problem. about:blank as homepage, norton autoprotect wont enable and and error in email protection. I've run hijackthis and spybot (latest versions) and they cant find anything. Anyone knows the problem??

#4 Marikita

Marikita

    Malware Intern

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 1,822 posts

Posted 08 July 2004 - 11:19 AM

Rellax

Please follow my instructions to JayFo and post the problem as a new topic.
Read and listen to the big red letters on the top of this page. =)

Edited by Marikita, 08 July 2004 - 11:21 AM.

Everything is inconsequential, from a cosmological perspective.

#5 JayFo

JayFo

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 08 July 2004 - 02:40 PM

Thanks mate, i did the log thig as you asked and here is my log file, your help is greatly appreciated Marikita!!!!!!!!!!



Logfile of HijackThis v1.98.0
Scan saved at 3:39:22 PM, on 7/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\SVCHOST13.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Soulseek\slsk.exe
C:\Winamp\Winamp.exe
C:\Documents and Settings\Jay\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Jay\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Jay\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Jay\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Jay\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Jay\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Jay\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://sympatico.ca/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A6D91C61-7D42-48DF-AC37-9D14F759EDA0} - C:\WINDOWS\System32\ccek.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows System Manager] winsystem.exe
O4 - HKLM\..\Run: [won update] wapdate.exe
O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSN Update] dllconfg.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKLM\..\Run: [Microsoft Message Machine] SVCHOST13.exe
O4 - HKLM\..\RunServices: [Windows System Manager] winsystem.exe
O4 - HKLM\..\RunServices: [won update] wapdate.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKLM\..\RunServices: [MSN Update] dllconfg.exe
O4 - HKLM\..\RunServices: [Microsoft DirectX] PDSched.exe
O4 - HKLM\..\RunServices: [Microsoft Message Machine] SVCHOST13.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Message Machine] SVCHOST13.exe
O4 - HKCU\..\Run: [aČ] "C:\Program Files\a2\a2guard.exe"
O8 - Extra context menu item: Download all by Net Transport - C:\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{09D09E38-1BCB-4AA3-A023-6192F6AE40B6}: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{09D09E38-1BCB-4AA3-A023-6192F6AE40B6}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{09D09E38-1BCB-4AA3-A023-6192F6AE40B6}: Domain = sympatico.ca
O17 - HKLM\System\CS1\Services\Tcpip\..\{09D09E38-1BCB-4AA3-A023-6192F6AE40B6}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{09D09E38-1BCB-4AA3-A023-6192F6AE40B6}: Domain = sympatico.ca
O17 - HKLM\System\CS2\Services\Tcpip\..\{09D09E38-1BCB-4AA3-A023-6192F6AE40B6}: NameServer = 192.168.2.1
O18 - Filter: text/html - {BE8114BF-C82C-492E-B8A0-7B77224342BD} - C:\WINDOWS\System32\ccek.dll
O18 - Filter: text/plain - {BE8114BF-C82C-492E-B8A0-7B77224342BD} - C:\WINDOWS\System32\ccek.dll

#6 Marikita

Marikita

    Malware Intern

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 1,822 posts

Posted 09 July 2004 - 12:04 PM

Lets try this first,
Download About:Buster created by Rubber Ducky and unzip it to your desktop.
Restart your computer in safe mode.
Start it, hit Ok, Start, And Ok again to start the scan. It will generate a log. Post that log along with a new Hijack this log here.

Edited by Marikita, 09 July 2004 - 12:05 PM.

Everything is inconsequential, from a cosmological perspective.

#7 JayFo

JayFo

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 09 July 2004 - 02:23 PM

WOW, did what you said my comp restarted up at a normal start page heres the log just incase:
Logfile of HijackThis v1.98.0
Scan saved at 12:22:58 PM, on 7/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\system32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\SVCHOST13.exe
C:\Program Files\a2\a2guard.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jay\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Jay\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Jay\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Jay\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Jay\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Jay\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Jay\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://sympatico.ca/
O2 - BHO: (no name) - {17E25EDE-1F12-452D-87D2-42BB291DA996} - C:\WINDOWS\System32\lhnnea.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows System Manager] winsystem.exe
O4 - HKLM\..\Run: [won update] wapdate.exe
O4 - HKLM\..\Run: [Microsoft Update] system32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSN Update] dllconfg.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKLM\..\Run: [Microsoft Message Machine] SVCHOST13.exe
O4 - HKLM\..\RunServices: [Windows System Manager] winsystem.exe
O4 - HKLM\..\RunServices: [won update] wapdate.exe
O4 - HKLM\..\RunServices: [Microsoft Update] system32.exe
O4 - HKLM\..\RunServices: [MSN Update] dllconfg.exe
O4 - HKLM\..\RunServices: [Microsoft DirectX] PDSched.exe
O4 - HKLM\..\RunServices: [Microsoft Message Machine] SVCHOST13.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Message Machine] SVCHOST13.exe
O4 - HKCU\..\Run: [aČ] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Microsoft Update] system32.exe
O8 - Extra context menu item: Download all by Net Transport - C:\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{09D09E38-1BCB-4AA3-A023-6192F6AE40B6}: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{09D09E38-1BCB-4AA3-A023-6192F6AE40B6}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{09D09E38-1BCB-4AA3-A023-6192F6AE40B6}: Domain = sympatico.ca
O17 - HKLM\System\CS1\Services\Tcpip\..\{09D09E38-1BCB-4AA3-A023-6192F6AE40B6}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{09D09E38-1BCB-4AA3-A023-6192F6AE40B6}: Domain = sympatico.ca
O17 - HKLM\System\CS2\Services\Tcpip\..\{09D09E38-1BCB-4AA3-A023-6192F6AE40B6}: NameServer = 192.168.2.1
O18 - Filter: text/html - {052B2A58-50E4-41A7-8579-10CF1EC01930} - C:\WINDOWS\System32\lhnnea.dll
O18 - Filter: text/plain - {052B2A58-50E4-41A7-8579-10CF1EC01930} - C:\WINDOWS\System32\lhnnea.dll



If it looks ok to you, thanks alot mate!!!!!!!!!!

Edited by JayFo, 10 July 2004 - 11:23 AM.


#8 JayFo

JayFo

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 09 July 2004 - 02:59 PM

Nope i still get the about:blank so I guess maybe you could find something in my logfile, thanks.......

#9 Marikita

Marikita

    Malware Intern

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 1,822 posts

Posted 11 July 2004 - 12:21 AM

Did you run about buster in safe mode?
Try running again anyway in safe mode.
Everything is inconsequential, from a cosmological perspective.

#10 Daemon

Daemon

    Security Expert

  • Emeritus
  • PipPipPipPipPip
  • 3,350 posts

Posted 11 July 2004 - 03:02 AM

Hi guys, maybe I can help here - we need to target a different pest in this case. Click here or here to download FindnFix.exe (2K/XP only!) by freeatlast. Double-click on the FINDnFIX.exe and it will install a folder called FINDnFIX on your system. Go to that folder and double-click on !LOG!.bat. The program takes a few minutes to collect the necessary information. When done post the contents of Log.txt in this thread.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button