Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked Connection And Browser


  • Please log in to reply
12 replies to this topic

#1 debev64

debev64

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 05 December 2006 - 06:23 AM

Good morning. I have a home computer shared with my husband and we have separate accounts on the same computer - Windows XP Home with Norton Internet Security and Norton SystemWorks 2006. I have only vaguely computer-literate so please bear with me. I am posting from work as I am concerned about logging on at home.

In a nutshell, the problem is that both my internet connections and my browser appear to have been hijacked, and both Norton Antivirus and Ad-Aware scans stall and fail to complete so I cannot get get a report. :thumbsup:

A brief history: when husband tried to connect to broadbad he said he'd received a message from Norton Internet Security to say a new nework had been detected and asked him to select a location - away, home, office, custom settings. The message could not be shut down. He chose custom settings as we'd always understood we could trust any messages from Norton. The broadband connection displayed and showed the username as gibberish and then connected to some search engine (I didn't take a note of its name). It would not revert to Google.com.

I've tried to run both full system scans several times and they always stall at the same programs. Firstly, they both stalled at Napster (so I removed it), then at Lexmark (got rid of the printer so I removed that too) and now they both stall at KMaestro (I don't know what that is).

I went into internet connections and reset my defaults. The following was changed: my username and password, broadband phone number, internet protocols (TCP/IP). I reset these and tried to connect. This time my correct user details displayed but I connected to Google.co.uk/ig?hl=en and the new network detected message came up again. I did not click anything this time. I checked my internet connections again - user and password changed and the number, but not the TCP/IP this time.

Without being able to run the scan, I'm clueless, and just don't know how to proceed, or even if I should be online. I'd really appreciate some help.

BC AdBot (Login to Remove)

 


#2 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:10:08 PM

Posted 05 December 2006 - 07:09 AM

First try this :

Do you know exactly when (what date) this problem first began - for either game?

If you do, try Windows System Restore

click start/programs/accessories/system tools/system restore

choose a date from before the problem began

follow directions on-screen.

#3 graveangel

graveangel

  • Members
  • 399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham England Home to the Hood of Robin
  • Local time:10:08 PM

Posted 05 December 2006 - 07:29 AM

Hello debev64,

If your AV scan keeps stopping at different folders each time you delete one, dont delete them yet. It maybe malware designed for you to help destroy your own system by deleteing files and folders that are needed.

'KMaestro' is is a multi-media keyboard manager, its used and needed if you use multi-media keys, its safe and no harm at all, there's no need to delete it.

What site has your browser been high-jacked to???

First, try to scan in safe mode, this only allows important items and software to run, reducing the chance of malware hiding from your scanners, and helping to prevent them from starting up.

To load up safe mode, almost as soon as you turn on your PC, keep tapping the F8 key on your keyboard, this will bring up a screen with several options on it. Scroll and Highlight the option for Safe Mode and press the Enter key.
When your system loads up, you will see it looks a little different, dont worry its normal. Now, try running each of your scanners again, lets us know what happens and save any logs it may produce, if it does manage a complete scan.

Another thing (not likely but possible) your system network connection may have changed from your original setting, to a previous network connection that was previously used on your system. Just have a quick check.
Click Start, Network Places then open up and see how many are there. The one which you will be using at that point will say 'Connected' underneath it. Dont go changing these unless you see one that you know is your previous connection setting and it says it is now disconnected.

Edited by graveangel, 05 December 2006 - 08:04 AM.

....And on the 8th day God said, "When my children are intelligent, and create the Computer, for my sake may they never screw around with the registry or subscribe to AOL"Posted Image

#4 debev64

debev64
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 05 December 2006 - 09:47 AM

Thanks for your responses. I'll try these when I get home (ETA 4 hours!) and let you know. Thanks. Graveangel - I didn't take a note of the first site we were sent to - it was a search engine I'd not heard of before, but now it's google.co.uk/ig?hl=en and it won't change from that. :thumbsup:

#5 debev64

debev64
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 05 December 2006 - 01:04 PM

I'm afraid I could do neither.
I tried to run system restore for the day before, and it said it could not perform the restore and I tried an earlier date, but this was not performed either.
I pressed F8 like a fool for several attempts of turning on the computer but the option screen did not appear.

Any other ideas? Thank you.

#6 graveangel

graveangel

  • Members
  • 399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham England Home to the Hood of Robin
  • Local time:10:08 PM

Posted 05 December 2006 - 01:48 PM

Please read HERE, this will show you other ways on how to start up in Safe Mode. Reverse the process to put things back if you need to do things the long way, otherwise the system will revert to normal next time you re-boot.

It sounds like your System Restore folder might be corrupt which is why you can't restore to an earlier date.

Did you check your network connections?

Let us know!
:thumbsup:
....And on the 8th day God said, "When my children are intelligent, and create the Computer, for my sake may they never screw around with the registry or subscribe to AOL"Posted Image

#7 debev64

debev64
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 05 December 2006 - 04:30 PM

Well, nothing's ever easy! I used the long way to get to safe mode. Ad-Aware still stalled at KMaestro; when I went to run Norton Antivirus, first message said that Norton Internet Security "cannot run in safe mode", then "the Norton Antivirus options are corrupt or missing. Please reinstall" then it started the full system scan. It took two hours and then stopped at KMaestro saying that Norton Antivirus had "encountered a problem and had to stop" and created a report for Microsoft (which I couldn't send because my broadband wasn't recognised in safe mode.

I have gone back in in normal mode and I have re-set my internet connections for a seventh time - they keep reverting to a gibberish username and password and the number reverts to this foreign number. It has not, as yet, changed the TCP/IP settings (as it did before).

I haven't seen any difference in my network connections but I'm not really sure what to look for (!)

Is there hope?? :thumbsup:

#8 graveangel

graveangel

  • Members
  • 399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham England Home to the Hood of Robin
  • Local time:10:08 PM

Posted 05 December 2006 - 08:09 PM

There is always hope, just takes time! :thumbsup:

Seems that your Norton AV is corrupt as it suggests, but if you have not done anything in order to make it that way, and with all of your connection entries being changed, you might want to post a log into the High Jack This section.
The guys and girls will be able to look into your system deeper through the help of a program called High-Jack-This, and they will be able to help tell if you have been infected or not.
It will take time, but i think you will agree, in order to make things good again it will be worth it. Let them know what the issue is there, and copy and paste the web address above into the entry you make there, so they can have a look at this topic.

Please read Preparation Guide for use before posting a HighJackThis Log

Once you have done that, post a High-Jack-This log into the HJT forum section. It may take a little time in order to fix your problem, depending on the strength of infection. But, a team member there will talk you through what to do and help you fix your system.

The forum is always busy, and so are the HJT team, so please bare with them. Please allow up to 5 days for a reply. If you do not receive a reply after the 5 days, you can use the 'Have not had a reply in 5 days' log at the top of the HJT forum to let the team know.

Please DO NOT try to bump your post by adding another reply to it first time around.
The team will look for logs that have 0 replies, if you add somthing else after your original post, then you will give yourself a reply and the HJT team will think someone is already helping you and may pass it by.This will then take more time for you to recieve any help.

IMPORTANT: Once you have posted your HJT log, do not attempt to fix anything yourself , please wait for the team to help.

Good luck

Kind Regards
Graveangel!
....And on the 8th day God said, "When my children are intelligent, and create the Computer, for my sake may they never screw around with the registry or subscribe to AOL"Posted Image

#9 debev64

debev64
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 06 December 2006 - 05:09 AM

I will try that. Thank you very much.

#10 debev64

debev64
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 06 December 2006 - 06:19 PM

:thumbsup: Well, I've been at this screen for 4 and a half hours and haven't run anything successfully. The cleanup of the temp files halted in the same way as NAV. Ad-Aware stalls. I think Spybot ran successfully - it mainly found cookies, but did find one .exe - Zlob. I pressed fix and big green ticks appeared - does that mean they're gone? Who knows, it didn't tell me (I didn't run it again because it took 2 hours). Tried to run Housecall - I've sat here for 45 minutes whilst it said it was scanning - but there were no green bars running and it's quarter past 11!! I am despairing. I checked my internet connections again, and they're still reverting as before. I'll try Housecall again tomorrow unless anything I've told you has given you a clue. I wish I knew more. Thanks.

#11 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,943 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:08 PM

Posted 07 December 2006 - 12:22 AM

If the on-line scans don't work, don't worry about it. Just follow the other steps. Make note of what worked, didn't work, the problems you have encountered and make sure you include that information when you post your HiJack This log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#12 graveangel

graveangel

  • Members
  • 399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham England Home to the Hood of Robin
  • Local time:10:08 PM

Posted 07 December 2006 - 05:50 AM

Hi debev64,

Do as Orange Blossom suggests. If scanning is not working, go straight down to the HJT download, i think its the last one on there, and download it. Do as the instructions suggest for the programme and then get that HJT log posted so the team can have a look.

Dont worry about scanning for now, but while you wait for a reply to your HJT post (please remember it will take a few days, but once someone starts helping,it will be more timely and frequent replies) try not to use your home PC, especially for things like banking and shopping sites.

Bare with the team, they'll get you there one way or another.

Good luck with it! :thumbsup:

Graveangel
....And on the 8th day God said, "When my children are intelligent, and create the Computer, for my sake may they never screw around with the registry or subscribe to AOL"Posted Image

#13 debev64

debev64
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 07 December 2006 - 06:36 PM

Will do. Thanks again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users