Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection Of Some Kind


  • Please log in to reply
1 reply to this topic

#1 Miccon

Miccon

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 10 March 2007 - 01:25 AM

I have an infection of some sort in my computer where websites such as symantec.com and MacFee.com were redirected with an IP address of 1.1.1.1. It seemed that at any site where a fix could be found, the browser could not find the web page. 63 sites in total. A file that was installed at the time was placed in the c:\windows\system32\xgoafcaatql\csrss.exe. I have deleted this and ran highjack this and deleted the redirected IP addresses. This is all that I have removed. When I first ran Norton it found a bloodhound sonar1 infected file and was removed. There have been no other files detected in Norton or AdWare that give me a clue to what I have. I never removed anything else from highjack this as I am not to sure. If anyone can help me with this diagnosis, I would greatly appreciate it.

Thanks in Advance

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:06:00 PM

Posted 10 March 2007 - 02:22 AM

You should never attempt to fix anything using HijackThis, until someone who is experienced at reading the log outputs, has a chance to review it.
Fixing the wrong items can make your computer unbootable.

Spaces, extra characters, spelling, file location, plus numerous other subtle changes, all make the difference between a good, or bad, file entry.

Removing entries in HJT before the problem is properly identified, and correct removal instructions posted, can make the problem undetectable to other detection and removal tools.
Hijack this should only be used to clean up the entries left behind, after you have properly removed the offending program, file, trojan, worm, hijacker, etc.
And this usually requires help.

I suggest you post a HJT log for our Team to examine.
They'll take you through the fix, step by step.

Once you post your log, don't make any changes to your system, as that could change the results of the posted log, making it more difficult to properly clean your system.

Read Preparation Guide for use before posting a HijackThis Log.
Please read, and follow, all directions carefully!!!

Then, run a log, and post it in the HijackThis Logs and Analysis forum, >at this link<.
Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users