Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Being Hijacked


  • This topic is locked This topic is locked
3 replies to this topic

#1 josh30

josh30

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 26 March 2007 - 11:17 AM

Hey there!

Recently I ran into a virus and since then my pc has gone downhill. Fortunately I followed your steps and my cpu usage is no longer at a constant 100% and is no longer rebooting on its own. However I seem to have a rogue dial up, I can connect but am unable to use internet ie Iexplorer/aim/games etc. here is my HJT log.


Logfile of HijackThis v1.99.1
Scan saved at 11:13:48 AM, on 3/26/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {F7EA0C73-1479-4E4A-95CE-619C8A59E96E} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B22EE1B-DBD1-41AE-922B-EDBBA98C5059}: NameServer = 85.255.116.59,85.255.112.188
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC339D0E-9EBB-4C19-AD60-36ADBEA907CE}: NameServer = 205.152.144.252
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.59 85.255.112.188
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.59 85.255.112.188
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.59 85.255.112.188
O20 - AppInit_DLLs: C:\WINDOWS\System32\vecmaaha.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: HHWGW - {CCECE19B-6646-4B31-57E6-4726B00C739F} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

BC AdBot (Login to Remove)

 


#2 josh30

josh30
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 26 March 2007 - 02:57 PM

Open to anything and e-mails from anyone. Ive posted my log elsewhere and can't seem to get a response. Please tell me what i'm doing wrong.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:12 PM

Posted 27 March 2007 - 08:37 AM

Hi,

Please uninstall Microsoft Antispyware, because this version is really outdated. It is called Windows Defender now.

I notice that you do not seem to be running Antivirus software and a Firewall. This is somewhat suicidal in today's digital world.
That's why I want you to install them first!!

Avira, AVG OR Active Virus Shield (uncheck the Security Toolbar during install) are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Comodo OR Kerio are FREE firewalls.

Understanding and using firewalls

Then,


* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: (no name) - {F7EA0C73-1479-4E4A-95CE-619C8A59E96E} - (no file)
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B22EE1B-DBD1-41AE-922B-EDBBA98C5059}: NameServer = 85.255.116.59,85.255.112.188
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.59 85.255.112.188
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.59 85.255.112.188
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.59 85.255.112.188
O20 - AppInit_DLLs: C:\WINDOWS\System32\vecmaaha.dll
O21 - SSODL: HHWGW - {CCECE19B-6646-4B31-57E6-4726B00C739F} - (no file)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Please download FixwareOut from one of the following sites:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
http://downloads.subratam.org/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.

Note: ONLY if you have connection problems after performing above steps - go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

Edited by miekiemoes, 27 March 2007 - 08:38 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:12 PM

Posted 06 April 2007 - 07:40 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users