-
April 23rd, 2005, 01:06 AM
#1
Merijn Warning! Please Read-:-spyware HJT Site
Hi guys spyed this one..
It is a warning.. be AWARE of this new trap..
Just a short note on the domain HIJACK-THIS.NET: this is not mine! It has been registered by XoftSpy (who are also on the Rogue Antispyware List on SpywareWarrior.com) and they are luring people into downloading their software believing it is HijackThis. Also, they have registered a few AdWords at Google leading to the same result. I have contacted them about this and received no reply (how surprising). Google can't do much about it since there is no copyright being breached. We'll see where this goes.
In the meantime, if you want to download any of my programs, the official domain is and always will be www.merijn.org.
Found here: BroadBandReports
Lovely bunch ..huh..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
April 23rd, 2005, 08:42 AM
#2
This also goes to http://hijack-this.com which listed PestBot, also in the rogue antispyware list.
-
April 23rd, 2005, 12:19 PM
#3
Hi Und3rtak3r,
I don't remember which site I went to...but I assume it was the right one...because I got the link off of this forum...
so...hijackthis is really...www.merijn.org....and everything else is fake ? There's alot of places that link you to hijackthis...how can you tell you're downloading from the right site?
If scammers can duplicate bank web pages or link from and to them...how difficult would it be for spyware to do the same thing with getting people to download from a copy of the real site ?
Eg
-
April 23rd, 2005, 04:00 PM
#4
I have been complaining lately about ppl clicking on a direct link to safer-networking.org only to end up at a download for one of the payfor craps..
Advice to customers when looking for Anti-Spyware software DONT USE GOOGLE or any other search engine for that matter.. I now email a direct download link for my customers.. or have them pay for my time to burn a CD with some of these tools.. or they pay for ALL of my time..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
April 23rd, 2005, 06:37 PM
#5
I made a search for "Hijack" wayback April 13 and the first on the list was that XofSpy. I don't really remember if it advertised itself as a shareware. Anyway, I downloaded it (size is 1,473KB) but I held back installing it. I asked Wiskic about it thru PM and he gave me a cautionary note.
After 2 days, I installed it. It immediately scanned my unit and reported more than 350 problems and asked me if I wanted to remove them. I agreed. Then it asked for the product registry code (or something like that) or click to obtain it on-line. I clicked on-line then came the catch: I MUST MAKE A ONE-TIME PURCHASE FIRST before the program proceeds. So I exited the program then looked for Ad-Aware and SpybotSD (which was endorsed many times in the forum threads here).
Both programs, when they scanned my unit reported less than 200 registry and data miners, ads and other malware. These were removed (Wiskic said that was rather an overkill) then I ran both again in safe mode and removed a few more.
Issue is: XofSpySetup410 appears to have exaggerated the infestations then, for a rather naive user like me, trigger a panic attack that will motivate me to shell out payment first before it proceeds to work.
... Just to add my bit of caveat for the unsuspecting newbies like me.
Si vis pacem, para bellum!
-
April 23rd, 2005, 07:42 PM
#6
Egaladeist, there are other places you can download it from like majorgeeks and download.com and obviously any of his mirrors but his site is www.merijn.org. I just love how people would mess with the guy, he is so smart and is helping so many people, its soo cool that people would try to mess around like that with HJT, his site has already been dosed more than once. Ok I lied it isnt cool.
-
April 30th, 2005, 09:35 AM
#7
Update: better news..
Update* April 29, 2005:
I just received word from Paretologic (who own XoftSpy) that the affiliate responsible for the page has been terminated and the site will be taken down. That's one down, one to go.
found at: http://www.spywareinfo.com/~merijn/index.html
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
May 1st, 2005, 02:50 AM
#8
Junior Member
Dear All,
Im New In This Forum , I Need Some Help With Spot reasults. And Some Icons That Keep Appearing In My DeskTop , If You Need My Log its under. I Have Installed plvx2cleaner But I Wish You Can Guide Me Through The Steps. Thank You
Logfile of HijackThis v1.99.1
Scan saved at 4:50:09 AM, on 5/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\windows\system32\segein.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Sam AbuL\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [qsjrkqi] c:\windows\system32\segein.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/I...ve/HS_live.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1103928608874
O16 - DPF: {77AAD261-A84E-4564-BEC2-C51FF6A7187F} (MRActivXUI Class) - http://66.35.195.125/webcomp/ver6.1.2.0/wbaxuiph612.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/BM2/BM2.dll
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\j8p0li7m18.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Truly I Need To Fix This Experts
Thank You So Much
-
May 1st, 2005, 04:40 AM
#9
You will get better results If you had posted this in a new thread..
I take it you have done Scanns with Adaware SE 1.05 (the adaware from http://www.lavasoft.nu/software/adaware/ And I hope that is also where you got plvx2cleaner.. but i cant find a link to it there.. (there is a CRAPWARE version on AdAware out there.. that claims to be..
plvx2cleaner is a VX2 cleaner.. so it on its own WILL not clean your machine..
So basicly you will need to Install and Update the following progs:
Adaware
Spybot Search and Destroy ( http://www.safer-networking.org/en/download/index.html )
Restart you PC in Safe Mode.. run the two programs in turn ..Spybot SnD first
restart the machine Again into safe mode.. do another HJT scan and repost the log
O4 - HKLM\..\Run: [qsjrkqi] c:\windows\system32\segein.exe
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\j8p0li7m18.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
you may need LSP-Fix for the latter.. http://www.cexx.org/lspfix.htm
but do the scans I mention and repost the HJT log..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
May 2nd, 2005, 03:35 AM
#10
LOL and its even funnier that on http://pestbot.com/index.asp?siteid=...0-&revid=lllll if you look at the icons, they look very similar to the MS antispyware beta...particularly the one with the "bulls-eye" icon. hmmmm wonder if that could get them in trouble
Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|