Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hacked?


  • Please log in to reply
4 replies to this topic

#1 GrlRacer

GrlRacer

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bronx, NY
  • Local time:02:41 AM

Posted 19 February 2008 - 11:00 PM

Hello.

For a couple of days of letting my teenage sons on my computer, I have an issue of a web address automatically being typed into the address bar of IE and AOL IM.

This is what it types by itself:

naked o.o http;//mail.xeross.net/18nakedq4bo.jpg.exe

I ran my Norton Internet Security, nothing showed.
I ran Spybot daily for the last 3 days, removed 61 entries.
I even changed passwords online to the IM's (yahoo, aol)....but my son uses www.meebo.com for IM'ing.

What can I do to remove this?

BC AdBot (Login to Remove)

 


#2 GrlRacer

GrlRacer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bronx, NY
  • Local time:02:41 AM

Posted 21 February 2008 - 06:37 PM

I guess I omitted some info and maybe that's why my question hasn't been addressed???

I am using Windows XP home on a desktop. I have Norton Internet Security 2008 running and after running a full scan, all it picks up is a tracking cookie and I select "fix".

I also ran Spybot again as I previously mentioned. Everything is up to date.
I don't know what else to do...please help.

Thanks in advance!

#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:41 AM

Posted 21 February 2008 - 07:49 PM

Hi GrlRacer
See if this helps.

Download MsnCleaner.zip from here, but don't use it yet.
http://www.forospyware.com/Msncleaner/MsnCleaner.zip
(Copy/Paste the URL into the address bar or use "Save Target As")

Extract the content of MsnCleaner.zip to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

Now:
  • Double-click MsnCleaner_eng.exe to run it.
  • Click the Analyze button.
  • A report will be created once after you finish scan.
  • If it finds an infection, click the Deleted button.
  • Now, please reboot back to normal mode.
Download and scan with SUPERAntiSypware Free for Home Users
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.

    Close SuperAntiSpyware.

    Please reboot your computer in Safe Mode by doing the following :

    * Restart your computer
    * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    * Instead of Windows loading as normal, a menu with options should appear;
    * Select the first option, to run Windows in Safe Mode, then press "Enter".
    * Choose your usual account.
    Restart SuperAntiSpyware.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
Let us know if this has helped at all.

Edited by Starbuck, 21 February 2008 - 08:27 PM.

BBPP6nz.png


#4 GrlRacer

GrlRacer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bronx, NY
  • Local time:02:41 AM

Posted 22 February 2008 - 07:43 PM

I did all that you asked and after 4 hours of scanning my computer, all it found was 134 Adware tracking cookies and I removed them.

It didn't help.

What should I do now?
It's still showing up when I go to type anything, for instance a posting, like once or twice per hour.

et/18nakedq4bo.jpg.exe

It usually pops up on IE7, AIM and it just did it again now as I was posting this. (see abovethat I made bolder)

#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:41 AM

Posted 23 February 2008 - 03:20 AM

I suggest you post a HijackThis log for examination.
A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.

Read the Preparation Guide before posting a HijackThis Log.
Please read, and follow, all directions carefully

Run a log, and post it in the HijackThis Logs and Analysis forum.

Do not, post it in this topic.
Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response from the HJT Team, because they are very busy. Please, be patient, as these people are volunteers. They will help you, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.


If you haven't heard back from them in 5 days, go to this topic, Haven't Had A Reply In Five Days?, and carefully follow all directions.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users