"Smart Security" Home Page Hijacker & Dialer
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: "Smart Security" Home Page Hijacker & Dialer

  1. #1
    Junior Member
    Join Date
    Jan 2005
    Posts
    4

    "Smart Security" Home Page Hijacker & Dialer

    Can someone help me with a hack that has taken over my IE Homepage and launches Dialers. My homepage has a permanent wallpaper that states a big "warning" that I am vulnerable to spyware attacks etc. unless I buy their software to save me and protect my data. The company the ad points to is "Smart Security". This hack also places an icon on my desktop that says "Teen F*uck Pics" and It has placed some sex site URL info in my system files (see Hijackthis 01 entries).

    On top of all this my machine is running very slowly.

    I would appreciate any help!!!!!

    Here is my Hijackthis log. I have fixed nothing so far.

    Any Help is greatly appreciated!!!!!

    Logfile of HijackThis v1.98.2
    Scan saved at 5:50:14 PM, on 1/6/2005

  2. #2
    Senior Member
    Join Date
    Dec 2004
    Posts
    104

    sigh

    1) JFGI

    2) Have you tried CWShredder?


    Click the CWShredder link to download the program, then run it. If you need more help go to Merjin.org.



    EDIT: If you want some help with the Hijackthis log, copy and paste it to here. I also suggest keeping an up to date AdAware SE.
    http://www.AntiOnline.com/sig.php?imageid=745
    http://www.AntiOnline.com/sig.php?imageid=746
    -- Be a part of the team! Join Protochaderin and help us build the game you want to play! --
    - http://img.photobucket.com/albums/v6...m/devlogo2.gif -

  3. #3
    Junior Member
    Join Date
    Jan 2005
    Posts
    4
    Thanks for the suggestion Winds8929

    I have tried CWshreder, Spysubtract, spyblock, stopsign, etrust.....

    eTrust sends a message (usually soon after EVERY boot) that says It has cured a "win32 startpage.LN Trojan"

    Stopsign finds and temporarily cures the following:

    Dialer.Tibs Cured
    Dialer.Tibs Cured
    Dialer.Tibs Cured
    Trojan.Searcher Cured
    Trojan.Favadd Cured

    Any more ideas?

    Many thanks

  4. #4
    Banned
    Join Date
    Apr 2003
    Posts
    1,147
    This is the likely culprit:

    O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.exe" /b Startup

    1: Turn off System Restore (Right-click My Computer, Properties, System Restore, Turn off)
    2: Control Panel, Add-Remove Programs, Remove all the Eanthology-related applications, if possible. If not ...
    3. SafeMode with networking.
    4. Control panel, Add-Remove Programs, Remove all the Eanthology-related applications.
    5. Download, install and run Spybot. Then download, install and run Adaware SE.
    6. Reboot and make sure that the registry at HKLM\..\Run is clean of all references to eanthology.

    Eanthology and WildTangent are potential vectors for getting your IE and OS hijacked. I know some folks like WildTangent (so do I, but I just don't want the baggage). But I kill WildTangent in my network.

  5. #5
    Get stopsign off your box immediatly, it used to be bogus and I don't trust them nor will I ever.

    Get Spybot S&D, Ad-Aware, and maybe the new MS beta AntiSpyware if you feel like it. Run them in "Safe Mode" by pressing F8 during your boot process.
    More details here:
    http://www.antionline.com/attachment...achmentid=4913

    The only thing that irks me as much as "use linux" comments is "use google" comments. This is a perfectly valid problem that deserves better advice than a link to google.

    -----------------------------
    edit: Eanthology is stopsign antivirus, which has it's roots in unethical, bogus malware scanners. They should be dropped off the face of the earth, (low budget, cheap sfx/gfx commercials included )

  6. #6
    Junior Member
    Join Date
    Jan 2005
    Posts
    4
    Rapier57 & Soda_Popinski,


    I will take your advice and dump stopsign. As Soda says eanthology is Stopsign and it was loaded well after my troubles began, so I don't suspect it in this issue.

    Aslo ... I am running WinNT 2000 V5. 2195 Srv Pk 4 But do not have an option to turn system restore off. Is it called System Repair or Recovery console?

    I would love to hear any other ideas with regard to a culprit in this issue?

    Many thanks to you both for helping so far!!!

  7. #7
    I believe windows 2000 does not have the system restore option, although I could be wrong...

    If you don't have it, don't worry about it. Other than that, it's crucial that everything installed also has updated defenitions, and you give them a run in safe mode (F8 at boot.)

  8. #8
    Junior Member
    Join Date
    Jan 2005
    Posts
    4
    Thanks Soda,

    I am downloading Ad Aware as we speak and Spybot is next.

    will run in protected mode as you suggest.

  9. #9
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,053

  10. #10
    Banned
    Join Date
    Apr 2003
    Posts
    1,147
    edit: Eanthology is stopsign antivirus, which has it's roots in unethical, bogus malware scanners. They should be dropped off the face of the earth, (low budget, cheap sfx/gfx commercials included )
    I saw a StopSign TV commercial the other day, I think it was the day after new year. One of my new year alerts to staff was to NOT download the software or associate with that organization.

    Cleaning that crap out of systems is a three or four reboot operation.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •