Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My PC got Hijacked


  • Please log in to reply
7 replies to this topic

#1 fssp

fssp

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 18 December 2008 - 09:16 AM

Hello Everyone,

This is my 1st time here, I was highly recommended by a friend about this, he say the people at this forum are very friendly and helpful for this pc problem.

My PC's specifications:
Pentium III 500 Mhz and 128 MB SD Ram running on Windows 98 SE connected to a ADSL 512MB Broadband Internet service using Prolink Hurricane 9000.

My Problem:
a)I had installed utorrent on PC not long ago and had opened one of my Ports using Port Forwarding methods.

b)After that I notice something odd happened-The mouse pointer started to move by its own trying to click at other things that I didn't aim at especially towards the Network Neighbourhood when I am online.

c)In addition to that, there is a strange new desktop icon named "microsoft directX helper - ddhelper". Since then I had uninstalled utorrent and disabled the Port Forward process by closing the specific port. But I didn't touch or delete this new "file".

d)Now, I never go online eversince through that pc but one thing happen later. Even when the pc's on and the desktop has nothing- it crashes and could not restart to reach Win 98 desktop at all, it just stops at BIOS screen only. Then later part of the day I tried and it went through this time.

d)Is there a way to find out what is affecting my PC. If is possible not to reformat, I would greatly appreciate it. As I understand that even after formatting, the virus/malware/etc may still be there, is this true?

e)Plus I am wondering, since my old pc's affected. Will it be safe to plug into my new pc using the same Prolink Hurricane 9000 ADSL modem to connect to the Internet? I heard stories that it may affect the new units since the Hijack went through the same ASDL modem...is it true?

I thank you in advance and kindness for reading and bearing with my explantion.

From,

Sean

Edited by boopme, 18 December 2008 - 02:47 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:00 PM

Posted 18 December 2008 - 02:50 PM

Hi and weelcome ,hopefully you can run this SAS scan and get us a log. It will probably take over an hour.

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 fssp

fssp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 19 December 2008 - 08:22 AM

Hi boopme,

Thank you for your reply. I will get the log posted when I get it done as soon as possible. Sorry for the slow reply because I only get the chance to use the Internet at my workplace to prevent further damage to my home pc, so I hope you don't mind. Thank you so much for helping and I'll be back as fast as I can.

From,
Sean

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:00 PM

Posted 19 December 2008 - 09:55 AM

Take your time,we're here. We volunteer here so you may sometimes get a delayed response. but all in all we try to stay on top.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 fssp

fssp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 20 December 2008 - 08:43 PM

Alright I got the SAS log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/19/2008 at 07:01 AM

Application Version : 4.23.1006

Core Rules Database Version : 3680
Trace Rules Database Version: 1659

Scan type : Complete Scan
Total Scan Time : 01:18:06

Memory items scanned : 58
Memory threats detected : 0
Registry items scanned : 2235
Registry threats detected : 0
File items scanned : 10931
File threats detected : 137

Adware.Tracking Cookie
C:\WINDOWS\Cookies\owner@atdmt[1].txt
.serving-sys.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.serving-sys.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.serving-sys.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.serving-sys.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.bs.serving-sys.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.serving-sys.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.serving-sys.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.2o7.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.2o7.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.2o7.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.2o7.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.2o7.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.2o7.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.2o7.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.2o7.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.2o7.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.2o7.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.2o7.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.2o7.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.2o7.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.2o7.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.2o7.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.2o7.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.112.2o7.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.revsci.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.revsci.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.revsci.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.revsci.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.revsci.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
iklan.emedia.com.my [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
iklan.emedia.com.my [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.123count.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.123count.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.adinterax.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.adopt.euroclick.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.ads.pointroll.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.ads.pointroll.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.ads.pointroll.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.ads.pointroll.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.ads.pointroll.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.ads.pointroll.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.ads.pointroll.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.ads.pointroll.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.adserver.adtechus.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.adtech.de [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.advertising.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.advertising.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.advertising.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.advertising.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.atdmt.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.atwola.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.bsch.serving-sys.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.cbs.112.2o7.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.collective-media.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.collective-media.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.countercentral.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.countercentral.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.dmtracker.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.findarticles.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.iacas.adbureau.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.imrworldwide.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.imrworldwide.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.indextools.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.indextools.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.interclick.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.interclick.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.kontera.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.kontera.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.list.ru [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.local.rian.user.madbanner.ru [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.local.rian.user.madbanner.ru [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.local.rian.user.madbanner.ru [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.lstat.youku.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.lstat.youku.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.metacafe.122.2o7.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.msnbc.112.2o7.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.qnsr.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.qnsr.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.rambler.ru [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.realmedia.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.realmedia.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.realmedia.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.richmedia.yahoo.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.specificclick.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.specificclick.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.specificclick.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.specificclick.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.specificclick.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.specificclick.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.spylog.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.stat.4u.pl [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.stat.youku.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.superstats.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.tacoda.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.tacoda.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.tacoda.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.tacoda.net [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.tns-counter.ru [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.track.cbs.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.tracking.keywordmax.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.tribalfusion.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.tripod.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.tripod.lycos.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.webstats4u.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.xiti.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
.yadro.ru [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
ad.yieldmanager.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
ad.yieldmanager.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
ad.yieldmanager.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
ad.yieldmanager.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
ad.yieldmanager.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
ad.zanox.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
ad3.clickhype.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
adserver.killeraces.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
advertising.goldseek.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
asianmedia.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
banner3.malaysiakini.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
caloriecount.about.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
clicktorrent.info [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
clicktorrent.info [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
count.rbc.ru [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
findarticles.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
findarticles.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
findarticles.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
my.2.cqcounter.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
pbs-juliachild.onstreammedia.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
pbs-juliachild.onstreammedia.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
pbs-juliachild.onstreammedia.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
rotabanner2.rian.ru [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
vvi.onstreammedia.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
web4.realtracker.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
www.addfreestats.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
www.etracker.de [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
www.media-partners.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
www.statssheet.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]
www6.addfreestats.com [ c:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\5elzayd0.default\cookies.txt ]

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:00 PM

Posted 22 December 2008 - 11:14 AM

These are onlt tracking cookies not a serious threat. What firewall is installed and what antivirus tools.?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 fssp

fssp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 23 December 2008 - 01:51 AM

Dear boopme,

I use Sygate Agnitum Firewall & Avast Home Edition Antivirus for my PC.

Is there anything I can do next?

From,
Sean

#8 fssp

fssp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 23 December 2008 - 09:36 AM

Dear boopme,

I have to apologize ahead to you, my Mom just inform a while ago that she forgotten to let me know what she had done earlier before I use SAS program.

She had use the following program to scan-Ad-Aware, Spybot-Search & Destroy, Xoftspy and Avira Antivirus PE. Luckily she had kept the logs, at least perhaps there could be some clues here. The list below are the results:

1) Xoftspy
<DebugMsg event="REGKEY_FOUND" data="software\folder manager" system-message="The operation completed successfully." malwareName="IBIS/Hunt Toolbar"/>

2) Avira Antivirus PE
Begin scan in 'C:\' <NEW VOLUME>C:\Program Files\Spybot - Search & Destroy\SDFiles.exe

[DETECTION] Contains suspicious code HEUR/Malware

[INFO] The file was moved to 'b5b35348.qua'!

We notice another odd thing about Spybot-Search & Destroy, in the Start Menu->Programs there are 2 of the same Spybot folders but each having different names-one is called "Spybot 1.6.0" and the other call "Spybot-Search & Destroy". The weird part, one of them has 2 Uninstaller Options in it.

Sorry to trouble you boopme. I hope all this info helps.

From,
Sean




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users