Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti-Phishing Domain Advisor possible infestation


  • This topic is locked This topic is locked
1 reply to this topic

#1 p0p

p0p

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 14 August 2012 - 09:25 AM

I was about to deal with this myself, but the more investigated the more I seemed to be out of my depth.

System information:
Windows 7 Professional 32-bit SP1
Core2Duo E8400 3Ghz

HiJackThis this reports that:
"For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HiJackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click Start, Run, and type:

notepad C:\Windows\System32\drivers\etc\hosts

and press Enter. Find the line(s) HiJackThis reports and delete them. Save the file as 'hosts.' (with quotes), and reboot.'

After that comes a pop-up with "Cannot find the C:\Program Files\Trend Micro\HiJackThis.log file. Do you want to create a new file?"

In the log that appears, there are some entries of interest:

"R3 - URLSearchHook: (noname) - {default} - {no file}"
"O2 - BHO: (noname) - {default} - (no file)"
"O3 - Toolbar: (noname) - {default} - (no file)"
"O4 - HKLM\..\Run: [Anti-Phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

Everything else looks fine.

I tried ticking them and fixing them, to no avail.


In RegEdit, in HKEY_LOCAL_MACHINE/SOFTWARE/Conduit/AppPaths/ there are some residual REG_SZ files from "Free Sound Recorder", that won't go away.
There's also a Tarma Installer folder with some REG_SZ files in it that may be associated with that.


I would appreciate some help - not just to fix the problem, but to understand what's happening in the system.

Thanks in advance.

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:02 PM

Posted 14 August 2012 - 02:37 PM

Good evening. :)

HijackThis is no considered to be worth the effort any more due to Trend Micro's poor updating of it, but i'll offer you a few pointers:

HiJackThis this reports that:
"For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HiJackThis may NOT be able to fix this.

I seem to remember that HJT needs to be run as Administrator in order to access the Hosts file.

I tried ticking them and fixing them, to no avail.

That may also be due to HJT not being run as Admin.

What I suggest you do is to go here, follow the instructions as best you can skipping those that you cannot run for any reason, and then start a new thread and post accordingly.
Please include a brief description of your problem in the new thread, just to keep everything in one place, and somebody will be along as soon as they can to help.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users