January 6th, 2005, 11:15 PM
"Smart Security" Home Page Hijacker & Dialer
Can someone help me with a hack that has taken over my IE Homepage and launches Dialers. My homepage has a permanent wallpaper that states a big "warning" that I am vulnerable to spyware attacks etc. unless I buy their software to save me and protect my data. The company the ad points to is "Smart Security". This hack also places an icon on my desktop that says "Teen F*uck Pics" and It has placed some sex site URL info in my system files (see Hijackthis 01 entries).
On top of all this my machine is running very slowly.
I would appreciate any help!!!!!
Here is my Hijackthis log. I have fixed nothing so far.
Any Help is greatly appreciated!!!!!
Logfile of HijackThis v1.98.2
Scan saved at 5:50:14 PM, on 1/6/2005
January 6th, 2005, 11:22 PM
2) Have you tried CWShredder?
Click the CWShredder link to download the program, then run it. If you need more help go to Merjin.org.
EDIT: If you want some help with the Hijackthis log, copy and paste it to here. I also suggest keeping an up to date AdAware SE.
January 7th, 2005, 12:22 AM
Thanks for the suggestion Winds8929
I have tried CWshreder, Spysubtract, spyblock, stopsign, etrust.....
eTrust sends a message (usually soon after EVERY boot) that says It has cured a "win32 startpage.LN Trojan"
Stopsign finds and temporarily cures the following:
Any more ideas?
January 7th, 2005, 12:30 AM
This is the likely culprit:
O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.exe" /b Startup
1: Turn off System Restore (Right-click My Computer, Properties, System Restore, Turn off)
2: Control Panel, Add-Remove Programs, Remove all the Eanthology-related applications, if possible. If not ...
3. SafeMode with networking.
4. Control panel, Add-Remove Programs, Remove all the Eanthology-related applications.
5. Download, install and run Spybot. Then download, install and run Adaware SE.
6. Reboot and make sure that the registry at HKLM\..\Run is clean of all references to eanthology.
Eanthology and WildTangent are potential vectors for getting your IE and OS hijacked. I know some folks like WildTangent (so do I, but I just don't want the baggage). But I kill WildTangent in my network.
January 7th, 2005, 12:33 AM
January 7th, 2005, 01:21 AM
Rapier57 & Soda_Popinski,
I will take your advice and dump stopsign. As Soda says eanthology is Stopsign and it was loaded well after my troubles began, so I don't suspect it in this issue.
Aslo ... I am running WinNT 2000 V5. 2195 Srv Pk 4 But do not have an option to turn system restore off. Is it called System Repair or Recovery console?
I would love to hear any other ideas with regard to a culprit in this issue?
Many thanks to you both for helping so far!!!
January 7th, 2005, 01:34 AM
I believe windows 2000 does not have the system restore option, although I could be wrong...
If you don't have it, don't worry about it. Other than that, it's crucial that everything installed also has updated defenitions, and you give them a run in safe mode (F8 at boot.)
January 7th, 2005, 01:41 AM
I am downloading Ad Aware as we speak and Spybot is next.
will run in protected mode as you suggest.
January 7th, 2005, 03:11 AM
January 7th, 2005, 04:45 PM
I saw a StopSign TV commercial the other day, I think it was the day after new year. One of my new year alerts to staff was to NOT download the software or associate with that organization.
edit: Eanthology is
stopsign antivirus, which has it's roots in unethical, bogus malware scanners. They should be dropped off the face of the earth, (low budget, cheap sfx/gfx commercials included
Cleaning that crap out of systems is a three or four reboot operation.