Jump to content


Photo

Hijacked


  • Please log in to reply
2 replies to this topic

#1 WickedNeo

WickedNeo

    Member

  • New Member
  • Pip
  • 2 posts

Posted 11 July 2004 - 06:02 PM



Hi, it would appear i am suffering from the same as a lot of other ppl that post here are suffering.
I have read thru those threads and tried the advice given
alas i still have those damn nasty porn popups.
These are not generated by visiting those dodgy sites but appear at random when i am on forums ( www.tranceaddict.com/forum ) i help run and sites i know well which do not have porn pop ups.

they are only generated thru IE

i have run ad-watch and ad-aware and they picked up a couple of dataminers which are now gone, my firewall prevents dataminers sending out anything anyway.

so i have DLed Hijack This and have the following log

anything in there that suggests a nasty addition to my IE ?

Operating System: (Win2K Professional 5.0 Service Pack 4 (Build #2195)

Logfile of HijackThis v1.98.0
Scan saved at 23:52:32, on 11/07/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\mcc.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TransparentW.exe
D:\Program Files\mIRC\mirc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\My Documents\Applications\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINNT\system32\mcc.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: TransparentW.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab

mcc.exe outgoing is blocked by my firewall


Thanks for your time and any info provided


Edited by WickedNeo, 11 July 2004 - 06:36 PM.


#2 WickedNeo

WickedNeo

    Member

  • New Member
  • Pip
  • 2 posts

Posted 17 July 2004 - 08:02 AM


This is still occuring, seems to be mainly happening when you boot up the machine and start surfing.
the first 10 to 15 minutes of surfing brings the pop ups then after that period they stop



#3 jwbirdsong

jwbirdsong

    Slasher O' spyware

  • Emeritus
  • PipPipPipPipPip
  • 2,045 posts

Posted 18 July 2004 - 08:02 PM

Actualy this mcc/telenet thing is fairly new (At lease I'm just starting to see it.) removeal is fairlt straight forward.


1) Right-click on the taskbar at the bottom of the screen and select "Task Manager".
2) Select the tab marked "Processes".
3) Under the "Image Name" select the process for "mcc.exe"
4) With mcc.exe highlighted click "End Process"
5) Close Task Manager.
6) Click on the start>Run> type "regedit" (no quotes
7) Navigate to the registry setting for "hkey_current_user\software\media codecs" and delete the whole registry key.
8) Navigate to "hkey_local_machine\software\microsoft\windows\currentversion\run" and delete the registry value associated with mcc.exe

Now continue on with the rest of the Hijack This log
Move HijackThis to it's own, permanent folder such as c:\HJT\HijackThis.exe <-----Very important; needed to keep/maintain backups in

Press Ctrl+Alt+Del and 'end task' on any of the follow that are present

Put a check next to these in hijackthis:
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINNT\system32\mcc.exe

THEN WITH ALL OTHER WINDOWS CLOSED ,press "Fix".

Make sure you are set to Show Hidden Files and Folders and delete the following files/folders:-
C:\WINNT\system32\mcc.exe
Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!)
[*]C:\Windows\Temp\
[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\
[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <---This will delete your internet cache--including cookies. This is recommended and strongly suggested.
[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temporary Internet Files\
[*]Empty your "Recycle Bin"


Then Reboot and post a fresh log back to this thread.
Things you need(all FREE)
Anti-Virus (Only One of these)
AVG Avast
Firewall (Only One here too)
Kerio(Direct Download) Zone Alarm
Misc. (Use all 3 together)
IE Spyads SpywareBlaster Spyware Guard
Windows Update (Once a week)
get all CRITICAL Updates

Things you want(Still Free)
Mozillia Firefox
Google Toolbar (stops pop-ups)
Ad-Aware
Spybot S&D
MS MVP Hosts file

Please donate to the site to help us help you. Info found HERE

Posted Image
PROUD member Since 2004




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button