Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hi jack this log


  • This topic is locked This topic is locked
10 replies to this topic

#1 Mikeellis39

Mikeellis39

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 28 June 2004 - 02:56 PM

can anyone tell me which of these I should get rid of so that I can get rid of a browser hijacker?

Attached Files



BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:08:58 AM

Posted 28 June 2004 - 05:25 PM

You have a special type of CWS infection.

Click here to download FindnFix.exe (2K/XP only!) by freeatlast. Double-click on the FindnFix.exe and it will install a folder called FindnFix on your system. Go to that folder and double-click on !LOG!.bat. The program takes a few minutes to collect the necessary information. When done post the contents of Log.txt in this thread.



#3 Mikeellis39

Mikeellis39
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 29 June 2004 - 01:51 PM

Thanks for your help so far. I enclose the file that you wanted

Attached Files

  • Attached File  log.txt   0bytes   26 downloads


#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:08:58 AM

Posted 29 June 2004 - 02:57 PM

Go ahead and post your log in the thread. It helps others that may be having the same problem. (Without having to download a file) :thumbsup:

Open the FINDnFIX folder and then open the keys1 folder. Right-click on the MOVEit.bat file and select 'edit'. That will open the file as an empty text file - copy and paste this line into the blank file:

move %WinDir%\System32\HLPDNA.DLL %SystemDrive%\junkxxx\HLPDNA.DLL

Save the file and close. The next step will cause a restart. Still in the keys1 folder, double click on FIX.bat. You will get an alert of about 15 seconds before reboot - allow it to reboot.

On restart, open the FINDnFIX folder again and double-click on RESTORE.bat. When it is finished, in FINDnFIX folder, there will be a file called Log1.txt - post it's contents in your next reply.



Occasionally when trying to edit the MOVEit.bat file the following error occurs: "Windows cannot find "C:FINDnFIX\keys1\MOVEit.bat. Make sure you typed the name correctly then try again."

If that happens, skip that step and proceed this way instead. In the keys1 folder, double click on FIX.bat. You will get an alert of about 15 seconds before reboot - allow it to reboot. On restart, open Explorer and navigate to C:\Windows\System32 folder, find the HLPDNA.DLL file (it should be visible now). Highlight the file and using top menu, click Edit>Move to folder...

Select C:\junkxxx as destination. Move the file.

Open the FINDnFIX folder again and double-click on RESTORE.bat. When it is finished, in FINDnFIX folder, there will be a file called Log1.txt - post it's contents in your next reply.



#5 Mikeellis39

Mikeellis39
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 30 June 2004 - 01:00 PM

Again thanks for your help. Just one problem. When I right click on the Moveit.bat file there is no command that says edit. Am I being stupid?

#6 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:08:58 AM

Posted 30 June 2004 - 01:05 PM

Use the second part of the fix instead....

#7 Mikeellis39

Mikeellis39
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 30 June 2004 - 01:22 PM

Thanks again so I have done that and now enclose the required file

Attached Files



#8 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:08:58 AM

Posted 30 June 2004 - 01:24 PM

Well done :D Nearly there, open the FindnFix folder again and open the Files2 folder. Double-click on the ZIPZAP.bat. It will quickly clean the rest and will make a copy of the bad file(s) in the same folder (junkxxx.zip) and open your email client with instructions. Simply drag and drop the junkxxx.zip file from the folder into the mail message and submit to the specified addresses.

Please be sure to include a link to this thread in the body of your email. When done, please delete the entire FindnFix folder. Rescan with HJT and post a new log in your next reply.



#9 Mikeellis39

Mikeellis39
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 30 June 2004 - 05:46 PM

Could I just ask why am I e mailing files surely its just best to get rid of them and why am Iposting logs? Sorry if this appears a bit cynical its just that having fallen victim to this problem I want to make sure it doesn't happen again.

#10 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:08:58 AM

Posted 30 June 2004 - 06:05 PM

The person that created the tool wants to see those files, I assume for purposes of future development and refinement of the tool. If you are worried about getting spam email, then don't send it....

It is my understanding that FAL checks posts where the tool has been used, whether to make sure it is being used correctly, or to make sure there are no problems with it, all I know is that I am grateful for the tool. If it requires files being emailed to ensure the the tool continues to be available, then I have no problem with it.

It's entirely up to you.:D

Edited by groovicus, 30 June 2004 - 06:07 PM.


#11 Mikeellis39

Mikeellis39
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 01 July 2004 - 02:19 AM

:thumbsup: :flowers: :trumpet: :inlove: Thanks very much for your help. I don't think I would have got anywhere without it It seems to have cured the problem. Sorry if yesterdays post seem a bit off, I probably was being cynical and thinking why should anyone offer advice for free, so thanks again. I guess I'm just going to have to be a bit more 'security conscious' in future.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users