Browser Hijack - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 01-31-2004, 09:00 PM   #1 (permalink)
Newb Techie
 
Join Date: Jan 2004
Posts: 14
Question Browser Hijack

I am running Windows XP home, with IE. I was able to restore my computer back to normal after a browser hijack. I really don't want to go through this again, and was wondering if there is any way to prevent this from happening in the future. .........thanks
__________________

pepsisteve is offline  
Old 01-31-2004, 09:47 PM   #2 (permalink)
True Techie
 
Join Date: Jan 2004
Posts: 106
Default

Use Mozilla Firebird for windows, great browser and does not have exploits like IE

I will not put a hot link, since im a newbie, so just leave out the ///

////http://www.mozilla.org/products/firebird/

you can download and use separte,from your IE,its quick & Free
__________________

__________________
Square thing
With Lotsa wires & Thingy\'s
ByTeDeMoN is offline  
Old 01-31-2004, 10:10 PM   #3 (permalink)
Ultra Techie
 
Join Date: Jan 2003
Posts: 584
Default

Quite true.. good call.

However, if you still find you need IE for windows updates and such, you can download Sybot- Search And Destroy, Hijack this, and Regseeker. You can find all of these on CNET. Run all of these

(if not more, posted by other members)
This will take all the crap out.
__________________
A+ Core Hardware, Software Certified (May 13 2005)
the new beast...

AMD Athlon XP 3200+ Barton running at 2.16 Ghz.
GeForce MX 4000 (mainly takes the load off the main system)
Creative Labs Audigy 24-bit sound.
Some Case from tigerdirect
512 MB Ultra DDR RAM.
80GB Seagate HDD
LiteOn CD-RW / DVD ROM drive.
currently looking at a litescribe drive at staples, due to its ability to label the CD shortly after being burned.
mrdinkel is offline  
Old 01-31-2004, 11:58 PM   #4 (permalink)
Super Techie
 
Join Date: Jul 2003
Posts: 300
Default

yes in spybot there are settings to stop hijacks and the like - consult the help or just look around they are quite easy to spot
__________________
*PyRo* is offline  
Old 02-01-2004, 02:22 AM   #5 (permalink)
Junior Techie
 
Join Date: Jan 2004
Posts: 61
Default

Well i feel Opera (Java ver) is a pretty good browser and is much fatser too...... and I think adware 6.0 from lavasoft is a good software in case of browser hijack besides the coolweb shredder
__________________
;) Don\'t misunderstand its a TOOL which is required to fix up the computer...;)

http://images2.deviantart.com/i/2004...e/Order_63.gif
ScrewDriver is offline  
Old 02-01-2004, 06:35 AM   #6 (permalink)
Newb Techie
 
Join Date: Jan 2004
Posts: 14
Default

Thanks for the quick replies.... When the browser was in the hijack mode, I did run Adware 6, Spybot, and Hijack This. However on "Hijack this", I was not sure what items on its list were causing this problem.... I'll probably try another browser out, like "Mozilla?" however IE has been very dependable up to this point, that and I have never used another browser before....steve
pepsisteve is offline  
Old 02-01-2004, 01:06 PM   #7 (permalink)
ADZ
Master Techie
 
Join Date: May 2003
Posts: 2,231
Send a message via Yahoo to ADZ
Default

If you screenshot the results of Hi-Jack this, then we can show you which ones to get rid of.
ADZ is offline  
Old 02-02-2004, 08:10 AM   #8 (permalink)
True Techie
 
Join Date: Dec 2003
Posts: 204
Default

The best and the easiest to use software is x-cleaner, it has the option to protect your ie page too.
http://www.webattack.com/download/dlxcleaner.shtml
__________________
One disk to rule them all,
One disk to bind them,
One disk to hold the files
And in the darkness grind \'em.
maverick_teck is offline  
Old 02-02-2004, 09:21 AM   #9 (permalink)
Newb Techie
 
Join Date: Jan 2004
Posts: 14
Default

ADZ and others, here's a screenshot of "Hijack This"... if you could let me know what ones are not needed, no good or useless it would be appreciated, thanks....steve

Logfile of HijackThis v1.97.7
Scan saved at 6:00:01 AM, on 2/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\My Documents\computer\MozillaFirebird\MozillaFirebird \MozillaFirebird.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.1.5.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://di.imgag.com/imgag/cp/install/AxCtp.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.g...tl_0_0_0_1.ocx
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...849.2282291667
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9341952-383E-476A-BC25-DFFF565BE186}: NameServer = 206.13.29.12 206.13.30.12
pepsisteve is offline  
Old 02-02-2004, 10:20 AM   #10 (permalink)
ADZ
Master Techie
 
Join Date: May 2003
Posts: 2,231
Send a message via Yahoo to ADZ
Default

I'd hit up the site that maverick_teck provided, that way u can see for your self which ones you want to keep. Looks like a decent site to me.

Consider it bookmarked.
__________________

ADZ is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 04:28 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.