Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Win 98se hijacked!


  • Please log in to reply
8 replies to this topic

#1 codajohn

codajohn

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 06 January 2005 - 12:59 PM

Hi everyone,
Due to a system crasch(not because of this problem) and a complete operating system reinstall, I have been reinstalling all or most of all my disked applications. As the days have gone by I have been remembering some, hopefully all, the applications I have downloaded from the Web over the years. Well, I was downloading what I thought was a Winmx 2.6 setup. NOT! I ended up downloading Netwebsearch. Knowing that I had not installed Winmx, I deleted it from my ADD/Remove Programs as well as anything in the File Find under the name it was hidden in(winmx....). After doing this, I noticed I was getting a blank window who's name is netwebsearch. Well I was able to set my pop-up blocker to handle it's constant intrusion. I also noticed at times I was not able to close or open IE without using Control/Alt./DEl first. When I did this there was 2-3 IE's open at one time. I believe I've been hijacked! This is a first for me. I'd like to get my hands on this person. Anyway, I ran Spybot, Ad-aware, Norton Virus Scan, Micro Trend's House Call(from their website. There were a few things but everytime I opened IE it would still have a flash of this netwebsearch window before my pop-up blocker would close the window. My pop-up blocker which came with HISTORY KILL2003 has now been disabled. Probably due to netwebsearch. I'm going to have to reinstall History Kill after I can hopefully remove netwebsearch. It also wouldn't let me seasrch for any info on how to remove this piece of s--t!

After what happened with my hard drive crash a week ago, I'm pretty mad.
Please, Please help!
I need some help figuring out what to do.

I have moved this to the more appropriate Forum. ~Scarlett :thumbsup:

Edited by codajohn, 06 January 2005 - 10:13 PM.

Dell Inspiron 9100 Laptop, Windows XP Home SP 2, 2.80 gh Pent 4, ST94811A 40.01 GB, External 250 GB Maxtor HD, 2GB Ram, NEC DVD+RW ND-6100A, External LG-5163D, ATI MOBILITY RADEON 9700

IBM ThinkCenter 8189, XP Pro, 3.2gh Pent4, 120gb HD, 1GB Ram, BenqDW 1650 BCIC, Nvidia GeForce FX 5200

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:03:13 AM

Posted 06 January 2005 - 02:57 PM

Download the latest version of HijackThis (HJT), from here.

Put HijackThis in a Permanent folder:
Click My Computer / C: / File / New / Folder / name the folder; HijackThis
Put HijackThis.exe, in this folder.
This is a mandatory step, for the backup and restore functions, of HijackThis, to be able to work.

Read the pinned post in the HJT forum, here

Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
Please, be patient, these people are volunteers. They will help you out, as soon as possible.

That way we can eliminate the possibility of spyware/malware, being the cause of your
problem.

If this doesn't help with your problem, then post back in the appropriate forum. In your
post, mention that you have already submited a HJT log, and it was cleaned.
This way we can start looking for the problem on a clean machine.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 codajohn

codajohn
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 06 January 2005 - 08:02 PM

tj1911
Thank you sooooooooooooo.....much! I have been reading the different posts. IS NETWEDSEARCH A HIJACKER? This forum site is GREAT. The only problem I have is that I lost my winzip application in my hijacked computer last week due to a hard drive crash. Is there any free decompression application I can download to take care of this? Thanks for your advice.
Codajohn
Dell Inspiron 9100 Laptop, Windows XP Home SP 2, 2.80 gh Pent 4, ST94811A 40.01 GB, External 250 GB Maxtor HD, 2GB Ram, NEC DVD+RW ND-6100A, External LG-5163D, ATI MOBILITY RADEON 9700

IBM ThinkCenter 8189, XP Pro, 3.2gh Pent4, 120gb HD, 1GB Ram, BenqDW 1650 BCIC, Nvidia GeForce FX 5200

#4 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:03:13 AM

Posted 06 January 2005 - 10:51 PM

You're quite welcome.

Netwebsearch is an adware toolbar.
http://www.spywareguide.com/spydet_1281_netwebsearch.html

Here's a couple of sites with, free software, you can check for zip utilities:

Majorgeeks
Snapfiles
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#5 codajohn

codajohn
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 07 January 2005 - 09:06 AM

I didn't see a tool bar in the right had corner as per the site information. All the Adware and Spyware programs I am running did't seem to remove this garbage. any other Ideas? I'm also having problems opening OWA from the desktop.
Thanks.
Dell Inspiron 9100 Laptop, Windows XP Home SP 2, 2.80 gh Pent 4, ST94811A 40.01 GB, External 250 GB Maxtor HD, 2GB Ram, NEC DVD+RW ND-6100A, External LG-5163D, ATI MOBILITY RADEON 9700

IBM ThinkCenter 8189, XP Pro, 3.2gh Pent4, 120gb HD, 1GB Ram, BenqDW 1650 BCIC, Nvidia GeForce FX 5200

#6 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:03:13 AM

Posted 07 January 2005 - 09:19 AM

Run a HijackThis log, as per the previous post, and post it in the HJT forum at this link.

Are you using these security programs, also?
aČ free-a complementary product to antivirus software which is specialized in protection against harmful software. Antivirus software often features an inadequate protection against Trojans, Dialers and Spyware. aČ fills this gap.
SpywareBlaster-A good program that prevents spyware from being installed on your computer in the first place. This program is always running in the background, protecting your computer. It prevents the installation of bad active X controls found in web pages.
SpywareGuard-A nice compliment to SpywareBlaster. This allows you the option to prevent downloads that contain bad active X controls.

If not, you need to. These programs, updated and used regularly, along with Ad-aware & Spybot, will do a lot to keep your computer clean of spyware, trojans, keyloggers, browser hijackers, etc...

Download them, update them, and then run them.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#7 codajohn

codajohn
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 07 January 2005 - 10:19 AM

Hi tg1911,
I have posted a log on the now third page of logs under codajohn.
I run Adaware and Spybot. They didn't seem to find Netwebsearch when I ran a scan yesterday with both. I run these programs at least once a week. I have Norton System Works 2003. I have a yearly subscripton to udate everything in Norton. I have the auto start-up andupdate enabled. A2free sounds interesting. I try it when I get home from work. I tried to install sypwareguard last night as per suggestions. When I booted up this morning it mentioned one file was not installed properly. Is this because of antivirus program runnig during installation?
I also installed WINRAR on the computer last night. Found a copy on Shareaza about a week ago. I had it on my lapxp and burned a disk to install in on my desktop 98se. I decompressed the Hijackthis program first on my lap and then burned a copy of the data files onto disk. Is this program O.K.?
Thanks so much for your help and information.
You guys clearly are the best.
Speak to you soon,
Codajohn
P.S.
The link to the Netwebsearch removal info talkes about a tool bar deletion to remove this garbage. Is this toolbar in the Netwebsearch window or in the IE window? When shutting down IE, the window disappears but my desktop function is lost until I got into Alt/Crtl/Delete and find that IE is stll running. I have to end task and then my desktop fuction come back. Is this a part of Netwebsearch? Sorry for the long P.S.

Edited by codajohn, 07 January 2005 - 12:57 PM.

Dell Inspiron 9100 Laptop, Windows XP Home SP 2, 2.80 gh Pent 4, ST94811A 40.01 GB, External 250 GB Maxtor HD, 2GB Ram, NEC DVD+RW ND-6100A, External LG-5163D, ATI MOBILITY RADEON 9700

IBM ThinkCenter 8189, XP Pro, 3.2gh Pent4, 120gb HD, 1GB Ram, BenqDW 1650 BCIC, Nvidia GeForce FX 5200

#8 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:03:13 AM

Posted 07 January 2005 - 11:01 AM

I have Norton System Works 2003. I have a yearly subscripton to udate everything in Norton. I have the auto start-up andupdate enabled.

I also use Norton, not System Works, just the antivirus. Something I've noticed, and you might want to check this out, is that on their auto updates, you don't always get the full update. I've got in the habit of running Live Update once a week, just to make sure I'm fully updated. Several times, there were additional updates to be had. Just a heads-up.

I tried to install sypwareguard last night as per suggestions. When I booted up this morning it mentioned one file was not installed properly. Is this because of antivirus program runnig during installation?

I'm not sure if that was the cause, but it's a good idea to turn off your AV, and any other running programs, before you install a new program. Try uninstalling Spywareguard, and then reinstalling. See if that helps.

I also installed WINRAR on the computer last night. Found a copy on Shareaza about a week ago. I had it on my lapxp and burned a disk to install in on my desktop 98se. I decompressed the Hijackthis program first on my lap and then burned a copy of the data files onto disk. Is this program O.K.?

I don't use the program, but I have seen others that do. I haven't heard anything bad about it, and the ones that use it, seem to be happy with it.

The link to the Netwebsearch removal info talkes about a tool bar deletion to remove this garbage. Is this toolbar in the Netwebsearch window or the IE window?

I not familiar with the with the workings of all of the spyware/malware out there, but the HJT Team member that takes care of your log, should be able to give you more info on this.

I hope we can get all of your problems taken care of, and if you have any more questions, be sure to ask. If I can't help you, I'm sure one of our 7000+ members can.
When you have free time, be sure to check out our Tutorials. There's a lot of very good information to be had there.

Welcome to BC, and I hope you enjoy your stay.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#9 codajohn

codajohn
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 07 January 2005 - 12:52 PM

tg1191,
Again, thank you very much for your assistance. I knew about the auto up-date. I always hit the live update button myself a few times a week.I look forward to heaing about my log.
Codajohn

Edited by codajohn, 07 January 2005 - 12:55 PM.

Dell Inspiron 9100 Laptop, Windows XP Home SP 2, 2.80 gh Pent 4, ST94811A 40.01 GB, External 250 GB Maxtor HD, 2GB Ram, NEC DVD+RW ND-6100A, External LG-5163D, ATI MOBILITY RADEON 9700

IBM ThinkCenter 8189, XP Pro, 3.2gh Pent4, 120gb HD, 1GB Ram, BenqDW 1650 BCIC, Nvidia GeForce FX 5200




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users