-
March 10th, 2006, 05:28 PM
#1
-
March 10th, 2006, 05:44 PM
#2
Re: HiJack this entry
Hi MLF
Got this from Merjin's site...
O17 - Lop.com domain hijacks
What it looks like:
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = W21944.find-quick.com
O17 - HKLM\Software\..\Telephony: DomainName = W21944.find-quick.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{D196AB38-4D1F-45C1-9108-46D367F19F7E}: Domain = W21944.find-quick.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = gla.ac.uk
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.57.146.14,69.57.147.175
What to do:
If the domain is not from your ISP or company network, have HijackThis fix it. The same goes for the 'SearchList' entries.
For the 'NameServer' (DNS servers) entries, Google for the IP or IPs and it will be easy to see if they are good or bad.Merjin's
Winupdates is a concern:...
Full Name:
Windupdates Websearch
Type: Adware
Also Known as: Windows AdTools winad DeskAd Service DeskAd.Service
Created by: WINDUPDATES
SG Index: 5 [Explain]
Removal tools: List of products that detect/remove/protect against Windupdates:
# X-Cleaner
# RegBlock
# RTGuardian
Category Description: Adware: Program that creates advertisments on your Pc.
Note that many websites have their own advertising, unrelated to adware.
Adware is any software application in which advertising is displayed while the program is running. The authors of these applications include additional code that delivers the ads, which can be viewed through pop-up windows or through a bar that appears on a computer screen and sometimes through text links or in search results. Adware may or may not track personal information. It may also gather information anonymously or in aggregate only.
Comment: From the Website:
You downloaded Wind Updates from a Website that is able to offer its content for free because it shows the Wind Updates ActiveX popup. You also specifically agree to abide by the Software Licensing Agreement and Terms and Conditions of Golden Palace.com, n-CASE Privacy Policy, BetterInternet End User License Agreement and Bargain Buddy License Agreement.
Information URL: http://www.windupdates.com/
Spywareguide
To really get rid of files try this app...KILLBOX
Luck..
PC Registered user # 2,336,789,457...
"When the water reaches the upper level, follow the rats."
Claude Swanson
-
March 10th, 2006, 07:14 PM
#3
You must spread your AntiPoints around before giving it to dalek again.
Thank you...just finished the online scan from panda...it found 286 peices of spyware that both Norton and adaware did not find...1 dialer and on virus...
Thank you for your help dalek....I am off to manually remove them....see if they come back
thanks for the links too
I owe you a beer....or 2
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
March 10th, 2006, 07:23 PM
#4
Morgan:
If it's one of those that keeps returning you're in for some fun... Especially if you don't want to reformat and reinstall... which I don't like doing on people's personal boxes unless I have to... I spent 4 hours on one yesterday... It had infected Winlogon.exe... I determined that by using Process Explorer from Sysinternals... Really handy tool for this... Use it to look through the running processes for the rogue threads.
Try not to have too much fun with it... on a Friday...
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
March 10th, 2006, 07:43 PM
#5
Funny that you mention winlogon.exe....cause I had an error earlier....thought it was to do with Norton...hadnt run the live update yet (fresh install of the app)...
Thanks for the tips.... have lotsa handy tools on my jump drive....I REALLY dont want to reload this machine
this along with the accounting meeting........woohoo...fun fun fun
I definately will have earned a nice bottle of australian shiraz...or 2... by this evening
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
March 10th, 2006, 07:48 PM
#6
You get the two bottles for the accounting meeting... You deserve another one or two for the box...
The "nasty" this box had was WinFixScan or something... It would generate processes that had random filenames of 5 or 6 chars that, in my case, always started with an A... Since they were unkillable it was then I took out procexp to see which system process was protecting them... Yes I would get several Winlogon errors after log in, (winxp box), and norton was installed but the subscription was expired so it was doing nothing. I eventally got rid of it by d/ling Avast AV and having it do a pre-boot scan... It repaired it...
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
March 10th, 2006, 08:11 PM
#7
winfixer....oh ya what a PITA piece of crap software.
My guys kids come over and stay on weekend and they go some warning about the machine being infected...use this winfixer to repair..
The thing is almost imposile to remove....pops up with crap like y"you have 5000 security threats"
buy now to fix.....
98 machine.....
anyway off to the fun fun fun
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
March 10th, 2006, 08:47 PM
#8
Hi MLF
As it's winfixer, then you will need VUNDO Remover
It's a Trojan.....
Winfixer is also known as: Virtumonde, and Msevents, and more appropriately: Trojan.Vundo. Trojan.Vundo is a component of a Spyware program and is known to be installed by visiting a web site link contained in a spammed email.
Luck....
PC Registered user # 2,336,789,457...
"When the water reaches the upper level, follow the rats."
Claude Swanson
-
March 10th, 2006, 08:59 PM
#9
Again dalak thanks a bunch for your help...
I havent had the time to reseach all the crap...too busy with accounting ( I would rather be shoving a pen in my eye...over and over..)
anyway..your help is greatly appreciated....
I think I will have to get both you and Tiger beer....
May have to change my rates from wine to beer just to pay you guys....
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
March 10th, 2006, 09:56 PM
#10
May have to change my rates from wine to beer just to pay you guys....
Do you deliver? *snikker*
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|