-
November 8th, 2004, 07:29 PM
#11
let me be more specific:
start > run >cmd
netstat -o
find what pid is running on port 7212
do a :
tasklist /svc
and match up pid 7212 with a exeecutable
kr5kernel
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
-
November 8th, 2004, 07:45 PM
#12
Junior Member
Soooo what exactly is netstat?
Oh, and let me say thanks cause you've been really helpful
-
November 8th, 2004, 08:01 PM
#13
netstat is a command that comes with windows that shows processes listening for connections on your machine. You have it already. Follow the steps above.
kr5kernel
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
-
November 8th, 2004, 08:03 PM
#14
Junior Member
ok, did that.....7212 does not even show up on there
-
November 8th, 2004, 08:07 PM
#15
are you sure? try a netstat -a -o
it should be on the left side of the screen and say
YOURCOMPUTERNAME:8080
or YOURCOMPUTERNAME:7212
kr5kernel
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
-
November 8th, 2004, 08:07 PM
#16
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about :NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about :NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about :NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about :NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int
ernet Settings,ProxyServer = 127.0.0.1:7212
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: (no name) - {C18A70F9-6155-4670-BB6F-3BBAB02EF91D} - C:\WINDOWS\System32\gfb.dll
Check and fix the above using Hijackthis. Then in safe mode delete the file: C:\WINDOWS\System32\IETie.dll
I'd get rid of wild tangent and weather bug and ghost surf if i where you also.
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
November 9th, 2004, 12:29 AM
#17
Member
I had problems with the same thing basically except my homepage was always hijacked and redireced to coolwebsearch or something like that. It was called the Homesearch bug or something like that. Just find somebody that can help u a little more in depth on what to remove using hijack this, run adaware, spybot, make sure they are updated. Not gonna lie to you, it took my like six hours of going around finding somebody to help me and figuring out what to do exactly but I finally got rid of it. I'm guessing that because you wiped harddrive that you got rid of it but perhaps u went back to the same site and got it again? Use firefox, not too many people writing exploit code for that.
-
November 9th, 2004, 02:08 AM
#18
I believe that about:blank is a vatiety of CoolWebSearch.
You might have to format.
Here is a link to the new CWShredder that Intermute now owns>>
CWShredder
This might help.
-
November 9th, 2004, 05:36 PM
#19
Junior Member
I downloaded cwshredder and ran it. It came up saying that there were not probs. I am currently running my ad-aware again and so far there are some issues showing up. Here is a question though.....several people have told me to ditch ghostsurf. Why is that? I mean, I can see that the spy ware seems to be getting through....but I thought ghostsurf was suppose to stop it from getting through. When I bring up the log it is showing me all the stuff that it blocked.....so is it just some kind of huge scam or something? If so what CAN I do to try and keep this crap out of my system?
-
November 9th, 2004, 05:52 PM
#20
Junior Member
I just finished running ad-aware and what it mostly had on it was coolwebsearch, it also had something called tracking...., something called possible..., and mru list (?) I had no clue what any of those are.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|