hotmail site
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: hotmail site

  1. #1
    Junior Member
    Join Date
    Jul 2003
    Posts
    15

    hotmail site

    Which spyware and adware block acces to hotmail site?

    Because i cannot go ead my mail on hotmail, each time the page change for not found site...(404). I make a hijackThis log, but found nothing that can do that.

    Please answer fast.

  2. #2
    Junior Member
    Join Date
    Jul 2003
    Posts
    15
    This is a copy of the log file made bu hijackthis :

    Logfile of HijackThis v1.97.7
    Scan saved at 18:03:11, on 2004-10-23
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ATK0100\Hcontrol.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
    C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe
    C:\Program Files\Asus\Asus Hotkey\Hotkey.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\KaZaA Lite\Kazaa.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\...My Documents\My Received Files\HijackThis(1).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.umontreal.ca:8080
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
    O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
    O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - Global Startup: Real-time Monitor.lnk = ?
    O4 - Global Startup: ASUS Hotkey.lnk = C:\Program Files\Asus\Asus Hotkey\Hotkey.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab27571.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093620201601
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.co...867.5147106481
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
    O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/fr/SysWebTelecom.cab

  3. #3
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Well,

    I cannot think of any. Not really spyware or adware, as it would advertise their presence.

    Have you tried a different browser? Also:

    Obtain, update and run in safe mode:

    1. SpyBot Search & Destroy
    2. AdAware SE
    3. SwatIt (takes a long time)

    Then update your AV and run that in safe mode. The 404 message is NOT typical of a hijack, could it be a friend playing a joke?

    Cheers
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #4
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    Sometimes you can get a problem with the firewall stopping your out bound to the net.
    As you have XP SP2, with a F/W, is there a second F/W ?
    Conflicts..........
    Just disable your SP2 F/W, try and access hotmail.
    Whatever the result. RE-ENABLE the F/W
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  5. #5
    Junior Member
    Join Date
    Jul 2003
    Posts
    15
    but what are the logic with firewall blocking access only at this site?
    I can navigate anywhere else!

    But i will try anyways, thx

  6. #6
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    Nobody said there had to be logic..............
    My system : I have to disable F/W to access my mail [Virgin]
    and again whenever I get a 'webpage not available' message, I disable, and retry the link, 9 out of 10 it connects ?

    My F/W = Symantec Norton NetSec 2004.
    Both Symantec AND Virgin are 'aware' of the fault............
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  7. #7
    Senior Member
    Join Date
    Jun 2004
    Posts
    460
    check your hosts file, make sure the site is not being blocked from there -- i know at work we would sometimes block certain sites using that method
    [gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
    CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM

  8. #8
    Junior Member
    Join Date
    Jul 2003
    Posts
    15
    Sorry guys, but they are what you suggest give nothing!
    but, just a liitle more detail, i can get acces to the page that list the email, but i cannot go read a message or delete it! I don't know if that help but it is just special.

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Sorry EvilNight, can I clear this up in my own mind:

    1. You can get to the HotMail site?
    2. You can enter your login and password?
    3. It shows you a list of your mail?
    4. When you try to open one it gives you a 404 message? (page not found)?

    Sounds almost like one of those secure site/stack corruption problems.

    Just to eliminate a hotmail problem, are the number of messages in the list increasing?

    Cheers
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #10
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    GO here and paste your hijackthis log
    http://hijackthis.de/index.php?langselect=english

    but for you i already did that following are the entries that i found bad


    1. C:\WINDOWS\ATK0100\Hcontrol.exe (unknown process running) check it!!
    2 . 7.exe <== what process is that
    3. C:\WINDOWS\ATK0100\ATKOSD.exe <== what process is that
    4. C:\Program Files\KaZaA Lite\Kazaa.exe <== according to hijackthis this is a nasty process
    5. O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe <== akamai advare.
    6. O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/fr/SysWebTelecom.cab

    okay here are some other things, hijackthis found no antivirus in the log analysis but it seems you use a pc-cillin 2000. you should think of upgrading
    check your host file. search for hotmail entry see that it doesn't have 127.0.0.1 but this shouldnt be the case as you get 404 not found see what ip is there.

    go to http://housecall.antivirus.com get your computer for any virus,trojan etc..
    trojan i think there is a possiblity because 7.exe could be subseven but i am "NOT SURE" just for a quick check go to command mode (cmd.exe.) and type "netstat -an" see if there is a port number
    2773, 54283, 7215, 1243,6776, 27374... SHOW UP LISTING OR EVEN ESTABLISHED THEN THE POSSIBLITY OF SUBSEVEN COULD BE HIGHER ANYWAY IF YOU ANTI VIRUS IS UPDATED THIS SHOULDNT BE A PROBLEM IF YOU HAVE AUTO-PROTECT ON.
    but these are default ports they can be easly conf.

    ANYWAY FOR NOW GET YOU PC CHECKED FOR BOTH SPYWARE / ADWARE AND VIRUSES.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides