Jump to content


Photo

Yahoo Messenger Hijack


  • Please log in to reply
1 reply to this topic

#1 mike311

mike311

    Member

  • New Member
  • Pip
  • 2 posts

Posted 15 July 2004 - 09:26 AM

Please help me. When I use yahoo messenger, and try to view a profile, i get hijacked. It takes me to google. When I close google, there is a random geocities porn page sitting behind the google window. After seeing this happen several times I noticed that each time on the taskbar the geocities page shows a taskbar button the says "Javascript Random Link Example" and it quickly turns into the Geocity random porn page. I can not click on any link within messenger chat without this happening.

I have read and followed the info on this site. I have run Ad-aware, spybot, hijack this, Spy Sweeper, and House Call Antivirus.

When I run spybot there are a couple items that it can't fix because it says they are running in memory. I have run this several times with all windows closed... also ran it at startup a couple time and I ran it in safe mode.

Can someone help me please?

Logfile of HijackThis v1.98.0
Scan saved at 8:24:30 PM, on 7/15/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe
C:\Program Files\AnalogX\Pow\pow.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Dad\Desktop\HIJACK~1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://excite.com
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.altavista.com"); (C:\Program Files\Netscape\Users\mike\prefs.js)
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: POW!.lnk = C:\Program Files\AnalogX\POW\pow.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=2c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (WficaCtl Object) - https://nfuse.conste...ents/wficat.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab

Edited by mike311, 15 July 2004 - 07:51 PM.


#2 mike311

mike311

    Member

  • New Member
  • Pip
  • 2 posts

Posted 15 July 2004 - 08:56 PM

Bump.... edited with new info and log file




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button