Jump to content


Photo

HI-JACKED!


  • Please log in to reply
4 replies to this topic

#1 triptonight

triptonight

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 11 July 2004 - 12:31 PM

Hi everyone, i'm new here. Anywho down to bussiness. Everytime i start up my pc, and log in XP, my internet explorer flashes up and goes to this page:
http://www.sodhell.com/survey.html, and asks me to install this stupid survey program. Obviously I don't, and close the the damn thing. I've ran every type of spyware/maleware etc etc remover that I can find, with no luck. I've tried looking for internet explorer files that shouldn't be there, but no luck.
If anyone has ever had an experience of this type and can help me, it would be greatly appreciated.

thanx
triptonight :scratchhead:

sorry, I guess i need that log file don't I

here
Logfile of HijackThis v1.97.7
Scan saved at 10:44:14 AM, on 7/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\srhost.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\windows\winsock16.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\spaceman\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O4 - HKLM\..\Run: [Windows Firewalll] srhost.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\rrvkeyjo.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [XFILTER] C:\Program Files\Enigma Software Group\EnigmaFireWall\ESPfSdk.dll
O4 - HKLM\..\Run: [Explorer32] C:\windows\winsock16.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\RunServices: [Windows Firewalll] srhost.exe
O4 - HKCU\..\Run: [Windows Firewalll] srhost.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8175.7410069444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

Edited by triptonight, 11 July 2004 - 12:45 PM.


#2 triptonight

triptonight

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 11 July 2004 - 12:52 PM

any help?

#3 triptonight

triptonight

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 11 July 2004 - 01:30 PM

any help at all??????

#4 matt4

matt4

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 11 July 2004 - 02:00 PM

The link you have is asking to download The Trojan horse TR/SPY.Briss.H.2
Try turning on your heuristics on your antivirus in the options menu or updating. My guess is you might already have it on your computer You might also try downloading another updated antivirus or disabling your antivirus and preforming and online scan at mcafee or pccillin. Make sure you disable or uninstall your antivirus already installed on your computer when running a different one. Im only guessing but also deleting any temporary internet files or cookies.

#5 triptonight

triptonight

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 11 July 2004 - 04:03 PM

bump




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button