Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help please, I think I've been hijacked


  • This topic is locked This topic is locked
3 replies to this topic

#1 Ziva

Ziva

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 06 October 2009 - 08:23 PM

Hello,

I'm re-doing this since I screwed up the first time. Please note that I am not PC saavy. I hope the RootRepeal report is readable this time I didn't realize that it was not showing up when posted, though I can read it on my desktop.

I have an HP Pavillion laptop PC, and since Sunday evening I've been having a problem with Google in Firefox. When I use the search bar and click open a link I get re-directed to another site. My Webroot Spysweeper kicks in and blocks the site from opening.

The problem started after I was viewing a website that I've gone to numerous times before. Suddenly without any reason or prompting from me my Acrobat 6 PDF viewer came up. I have dial-up and the PDF viewer, which I dislike, always loads slowly. So I clicked to prevent cancel it. It took several moments and my FF/Google start page when a blank white for a few more moments before things cleared up. I then immediately disconnected and ran Malwarebytes which found Roolkit.TDSS and a few other nastys. It quarantined the bad stuff and then re-booted my computer. I rescanned and all came up cleanr. I also scanned with my AVAST Home Free anti-virus and that was clean as well. Webroots spysweeper also came up clean.

Yet I still cannot use search in FF with Google or Yahoo without being re-directed. I can use Google and Yahoo with no problems using my MSN browser. So the problem seemed to be latched to FF. I can still view my Gmail account in FF and all my bookmarks work.

Can anyone tell me please if I am infected? I've (hopefully) have the 3 reports requested attached right. The RootRepeal I've tried twice already and each time it attached as a php file. Hopefully the third time has worked.

Thank you for looking, and thank you for any help and suggestions.

I am unable to post the RootRepeal Log. I can upload it, but when after posting message it does not open when I click on it. It wants to D/L. I am also having a problem removing the report. I've gone to Manage Current Attachments and delete the file, it indicates that it was deleted but when I look at post the ark.txt is still there.

Please help.

Attached Files


Edited by Ziva, 07 October 2009 - 06:17 PM.


BC AdBot (Login to Remove)

 


#2 Ziva

Ziva
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 07 October 2009 - 03:55 PM

I just realized that I goofed up on properly doing the Root Repeal report. Mis-read the instructions. I've attached the "correct" file this time.

Attached Files

  • Attached File  Ark.txt   15.42KB   3 downloads


#3 Ziva

Ziva
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 07 October 2009 - 04:16 PM

Darn. I cannot get the RootRepeal report to load so it can be seen. I can read it on my desktop. I've tried uploading it 3 times now. No dice. I've tried deleting it from my posts by going to Manage Current Attachments. I've cliked the red flag to delete and it says the file was deleted from my post, but as you can see it was not.

I'm am posting -- hopefully - my Hijack this report in the hopes that it can be read.Attached File  HJT.txt   7.79KB   5 downloads

Edited by Ziva, 07 October 2009 - 08:40 PM.


#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:24 PM

Posted 16 October 2009 - 12:41 AM

Double

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users