Jump to content


Photo

browser hijacker(s)


  • This topic is locked This topic is locked
6 replies to this topic

#1 jkrasj

jkrasj

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 29 April 2007 - 05:03 PM

unsure how, but i got infected with the following:
spy.goldun
vundo.TX
vundo.Trojan
YazzleBundle
outerinfo
PurityScan

I am able to remove these using XoftSpySE and SpyNoMore so the system looks clean, but I still get popups from either
89.188.16.10 or url.cpvfeed.com
The HijackThis log is clean after disinfecting; VundoFix says that Vundo isn't there
when I reboot, the stuff reinstalls itself.

Any help is appreciated

Please read our Forum FAQ in order to find out what info we need (HijackThislog) so we can help you.

Edited by miekiemoes, 30 April 2007 - 03:25 AM.


#2 jkrasj

jkrasj

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 30 April 2007 - 09:03 PM

unsure how, but i got infected with the following:
spy.goldun
vundo.TX
vundo.Trojan
YazzleBundle
outerinfo
PurityScan

I am able to remove these using XoftSpySE and SpyNoMore so the system looks clean, but I still get popups from either
89.188.16.10 or url.cpvfeed.com
The HijackThis log is clean after disinfecting; VundoFix says that Vundo isn't there
when I reboot, the stuff reinstalls itself.

Any help is appreciated

Please read our Forum FAQ in order to find out what info we need (HijackThislog) so we can help you.



actually, I think I solved the problem by looking at other posts on this site. Combofix appears to be the primary solution. I will post my HJT log to make sure everything looks OK in the eyes of an expert, tho.

Logfile of HijackThis v1.99.1
Scan saved at 10:02:05 PM, on 4/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jay Krasner\Desktop\Security\hijackthis\KillMalware.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Browser protection - {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - C:\PROGRA~1\SPYNOM~1\SNMIEG~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O15 - Trusted Zone: http://moneycentral.msn.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral....bs/pmupd806.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

#3 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 01 May 2007 - 05:44 PM

Good to hear you already solved the issue.

Your HijackThislog looks clean, but there is however a very important thing you should do though..

I notice that you do not seem to be running Antivirus software and a Firewall. This is somewhat suicidal in today's digital world.
That's why I want you to install them first!!

Avira, AVG OR Active Virus Shield (uncheck the Security Toolbar during install) are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Comodo OR Kerio are FREE firewalls.

Understanding and using firewalls
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#4 jkrasj

jkrasj

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 02 May 2007 - 08:08 PM

Good to hear you already solved the issue.

Your HijackThislog looks clean, but there is however a very important thing you should do though..

I notice that you do not seem to be running Antivirus software and a Firewall. This is somewhat suicidal in today's digital world.
That's why I want you to install them first!!

Avira, AVG OR Active Virus Shield (uncheck the Security Toolbar during install) are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Comodo OR Kerio are FREE firewalls.

Understanding and using firewalls



#5 jkrasj

jkrasj

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 02 May 2007 - 08:12 PM


Good to hear you already solved the issue.

Your HijackThislog looks clean, but there is however a very important thing you should do though..

I notice that you do not seem to be running Antivirus software and a Firewall. This is somewhat suicidal in today's digital world.
That's why I want you to install them first!!

Avira, AVG OR Active Virus Shield (uncheck the Security Toolbar during install) are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Comodo OR Kerio are FREE firewalls.

Understanding and using firewalls

Thanks for your help. As I noted, I used XoftSpy and SpyNoMore to find help find the viruses.
SpyNoMore has antiirus detection built in, which I enabled.
I also downloaded and enabled SpyWareBlaster after reading other posts on this site.
Is this sufficient fore realtime protection (as opposed to scanning)?
I will take your advice and install a firewall
Thanks
jkrasj

#6 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 03 May 2007 - 12:16 AM

Spynomore and XofSpy are NO Antivirus. They are Antispyware scanners and won't protect against Viruses and backdoors.
So I suggest you install an Antivirus :)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#7 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 07 May 2007 - 12:08 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please tell the moderating team by replying here
This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button