Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hacked user settings


  • This topic is locked This topic is locked
9 replies to this topic

#1 Sfielding

Sfielding

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 11 October 2004 - 03:18 PM

I had a hacker last week and discovered the they had hidden my user settings. I had to log in as the administrator becaues my user settings were not visible. I tried to add me back in, in the control panel, users and passwords, and it said that my user settings were listed. I believe the hacker hid my settings and the computer won't allow me to login. What do I do?
Logfile of HijackThis v1.98.2
Scan saved at 2:24:36 PM, on 10/11/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\sfielding\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\RunOnce: [BrandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
O4 - HKLM\..\RunOnce: [Regsister WScript] wscript -regserver
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

Edited by Sfielding, 11 October 2004 - 03:28 PM.


BC AdBot (Login to Remove)

 


#2 curly1880

curly1880

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 11 October 2004 - 07:43 PM

A HJT leader will be with your shorlty.

#3 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:03:34 AM

Posted 12 October 2004 - 10:19 AM

Hi Sfielding,

I'll take a look at your log and hopefully get back to you this evening.

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:34 PM

Posted 12 October 2004 - 12:23 PM

If you look through all the posts that I work on you will see that I do not say this lightly. Personally I think you should reinstall your computer. If you were compromised as you say it may be impossible to get your computer back to the proper condition it was in before it was hacked.

You really need to update the operating system so it has the latest service packs after you reinstall.

If you want us to try we will, but I advise against it as you will be better off just backing up your data and reinstalling

#5 Sfielding

Sfielding
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 12 October 2004 - 02:17 PM

What is it that you will try? you mentioned "If you want us to try we will, but I advise against it as you will be better off just backing up your data and reinstalling"

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:34 PM

Posted 12 October 2004 - 02:22 PM

We will try to see why you can not log in. Just not making any promises as to whether or not we can fix it

#7 Sfielding

Sfielding
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 12 October 2004 - 02:54 PM

Whatever you do will be greatly appreciated. Let me know what you need me to do. Thanks

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:34 PM

Posted 12 October 2004 - 03:41 PM

Ok first post a new log.

Also what do you mean by hiding user settings? And are you able to log in as another user other than administrator?

#9 Sfielding

Sfielding
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 13 October 2004 - 01:31 PM

No, I can only log in as Administrator. This happened once before, and the hacker simply changed my settings so my usual login was changed.

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:34 PM

Posted 13 October 2004 - 10:30 PM

When you say your usual login was changed what do you mean? WHat error do you get logging in with your normal user? I need as much detail as you can give me for me to be able to help you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users