Merijn Warning! Please Read-:-spyware HJT Site
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Merijn Warning! Please Read-:-spyware HJT Site

  1. #1
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744

    Merijn Warning! Please Read-:-spyware HJT Site

    Hi guys spyed this one..
    It is a warning.. be AWARE of this new trap..
    Just a short note on the domain HIJACK-THIS.NET: this is not mine! It has been registered by XoftSpy (who are also on the Rogue Antispyware List on SpywareWarrior.com) and they are luring people into downloading their software believing it is HijackThis. Also, they have registered a few AdWords at Google leading to the same result. I have contacted them about this and received no reply (how surprising). Google can't do much about it since there is no copyright being breached. We'll see where this goes.
    In the meantime, if you want to download any of my programs, the official domain is and always will be www.merijn.org.
    Found here: BroadBandReports

    Lovely bunch ..huh..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  2. #2
    Senior Member Falcon21's Avatar
    Join Date
    Dec 2002
    Location
    Singapore
    Posts
    252
    This also goes to http://hijack-this.com which listed PestBot, also in the rogue antispyware list.

  3. #3
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Posts
    3,171
    Hi Und3rtak3r,

    I don't remember which site I went to...but I assume it was the right one...because I got the link off of this forum...

    so...hijackthis is really...www.merijn.org....and everything else is fake ? There's alot of places that link you to hijackthis...how can you tell you're downloading from the right site?

    If scammers can duplicate bank web pages or link from and to them...how difficult would it be for spyware to do the same thing with getting people to download from a copy of the real site ?


    Eg

  4. #4
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    I have been complaining lately about ppl clicking on a direct link to safer-networking.org only to end up at a download for one of the payfor craps..

    Advice to customers when looking for Anti-Spyware software DONT USE GOOGLE or any other search engine for that matter.. I now email a direct download link for my customers.. or have them pay for my time to burn a CD with some of these tools.. or they pay for ALL of my time..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  5. #5
    Member
    Join Date
    Apr 2005
    Posts
    97
    I made a search for "Hijack" wayback April 13 and the first on the list was that XofSpy. I don't really remember if it advertised itself as a shareware. Anyway, I downloaded it (size is 1,473KB) but I held back installing it. I asked Wiskic about it thru PM and he gave me a cautionary note.

    After 2 days, I installed it. It immediately scanned my unit and reported more than 350 problems and asked me if I wanted to remove them. I agreed. Then it asked for the product registry code (or something like that) or click to obtain it on-line. I clicked on-line then came the catch: I MUST MAKE A ONE-TIME PURCHASE FIRST before the program proceeds. So I exited the program then looked for Ad-Aware and SpybotSD (which was endorsed many times in the forum threads here).

    Both programs, when they scanned my unit reported less than 200 registry and data miners, ads and other malware. These were removed (Wiskic said that was rather an overkill) then I ran both again in safe mode and removed a few more.

    Issue is: XofSpySetup410 appears to have exaggerated the infestations then, for a rather naive user like me, trigger a panic attack that will motivate me to shell out payment first before it proceeds to work.

    ... Just to add my bit of caveat for the unsuspecting newbies like me.
    Si vis pacem, para bellum!

  6. #6
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,053
    Egaladeist, there are other places you can download it from like majorgeeks and download.com and obviously any of his mirrors but his site is www.merijn.org. I just love how people would mess with the guy, he is so smart and is helping so many people, its soo cool that people would try to mess around like that with HJT, his site has already been dosed more than once. Ok I lied it isnt cool.

  7. #7
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Update: better news..

    Update* April 29, 2005:
    I just received word from Paretologic (who own XoftSpy) that the affiliate responsible for the page has been terminated and the site will be taken down. That's one down, one to go.
    found at: http://www.spywareinfo.com/~merijn/index.html
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  8. #8
    Junior Member
    Join Date
    May 2005
    Posts
    8
    Dear All,

    Im New In This Forum , I Need Some Help With Spot reasults. And Some Icons That Keep Appearing In My DeskTop , If You Need My Log its under. I Have Installed plvx2cleaner But I Wish You Can Guide Me Through The Steps. Thank You

    Logfile of HijackThis v1.99.1
    Scan saved at 4:50:09 AM, on 5/1/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    c:\windows\system32\segein.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Sam AbuL\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
    O4 - HKLM\..\Run: [qsjrkqi] c:\windows\system32\segein.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
    O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/I...ve/HS_live.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1103928608874
    O16 - DPF: {77AAD261-A84E-4564-BEC2-C51FF6A7187F} (MRActivXUI Class) - http://66.35.195.125/webcomp/ver6.1.2.0/wbaxuiph612.cab
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/BM2/BM2.dll
    O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\j8p0li7m18.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe






    Truly I Need To Fix This Experts

    Thank You So Much

  9. #9
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    You will get better results If you had posted this in a new thread..

    I take it you have done Scanns with Adaware SE 1.05 (the adaware from http://www.lavasoft.nu/software/adaware/ And I hope that is also where you got plvx2cleaner.. but i cant find a link to it there.. (there is a CRAPWARE version on AdAware out there.. that claims to be..

    plvx2cleaner is a VX2 cleaner.. so it on its own WILL not clean your machine..

    So basicly you will need to Install and Update the following progs:

    Adaware
    Spybot Search and Destroy ( http://www.safer-networking.org/en/download/index.html )

    Restart you PC in Safe Mode.. run the two programs in turn ..Spybot SnD first
    restart the machine Again into safe mode.. do another HJT scan and repost the log


    O4 - HKLM\..\Run: [qsjrkqi] c:\windows\system32\segein.exe
    O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\j8p0li7m18.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

    you may need LSP-Fix for the latter.. http://www.cexx.org/lspfix.htm

    but do the scans I mention and repost the HJT log..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  10. #10
    Senior Member
    Join Date
    May 2002
    Posts
    256
    LOL and its even funnier that on http://pestbot.com/index.asp?siteid=...0-&revid=lllll if you look at the icons, they look very similar to the MS antispyware beta...particularly the one with the "bulls-eye" icon. hmmmm wonder if that could get them in trouble
    Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides