• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
drtaha

Malware change words to active links

2 posts in this topic

On my computer i found that.... any time a web page open ((( any web page ))) that will have the word ((( DISCOVER ))) in any text on any page, it will change to a ((( LINK ))) with a different color that will take me to

 

http://www.ncsreporting.com/LinkTrack/Redi...LinkID=DCF10260

 

then it will redirect me to Discover card web site, no matter where this word will appear on any page ...on any web site

 

I also realized the the word ((( Hotels ))) and ((( Mortgage ))) will do the same thing on any web site and on any page and it will redirect me to www.expedia.com and www.eloans.com respectivly

 

 

I tried to trace the origin of the problem by placing the word (( discover )) on some web sites that i created and still getting the same result on my computer.

 

please advice the possibility of removing this unwanted functionality from my PC.it is really very disturbing ...

 

No virus scanner or spyware was able to detect this virus / trojan

 

thank you

 

Thank u Dave38 <<<< here is the Hijak this log file >>>>>>

 

Logfile of HijackThis v1.98.0

Scan saved at 2:12:42 AM, on 7/30/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 .

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\nvsvc32.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\snmp.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\inetsrv\inetinfo.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\CTHELPER.EXE

C:\WINNT\system32\PwsTray.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINNT\system32\RUNDLL32.EXE

C:\Program Files\Outlook Express\MSIMN.EXE

E:\Download\HiJackThis_Last.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {40D20724-5D3A-43C8-9FF5-2B6F209DBD27} - C:\WINNT\system32\bhrw.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [PWSTray] PwsTray.exe

O4 - HKLM\..\Run: [Microsoft Security Hot Fix] "%SystemRoot%\mshotfix.exe"

O4 - HKLM\..\Run: [MS_Critical_Update] c:\CriticalUpdate.exe

O4 - HKLM\..\Run: [RegistryMon] c:\registry.pif

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

 

 

Email address deleted. Not a good idea to post it in a public forum.:

Edited by drtaha

Share this post


Link to post
Share on other sites

We need a closer look at what's happening.

 

Please download Hijack this . Unzip it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0