Got a hijacked browser... - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 12-27-2003, 12:56 PM   #1 (permalink)
Newb Techie
 
Join Date: Oct 2002
Posts: 16
Default Got a hijacked browser...

Did read post below with no help for me. Start page goes to this little bastard...just.find-itnow com. Anyone familiar with this site/problem and how to rid myself of it? Almost ready to pop-in the original CD's and start anew.
Installed SpyBot S&D, Ad Aware and X-cleaner(from earlier post), to no avail.
Didnt notice anything while doing the msconfig thingy. Wasnt about to delete anything without being absolutely sure.
Running XP Home.
Be advised that when I used the word 'thingy' I'm not that literate with PC's. A newbie with a sledgehammer type.
An early thanks,
therat
__________________

Therat is offline  
Old 12-27-2003, 01:08 PM   #2 (permalink)
Monster Techie
 
Join Date: Jul 2003
Posts: 1,179
Send a message via AIM to Emily
Default

Have you run a virus scan? Ad-Aware should take care of it... did it come up with any adware or spyware at all?

Maybe look in your add/remove programs list and see if there's anything suspicious in there.
__________________

__________________
www.upstark.com
Emily is offline  
Old 12-27-2003, 03:42 PM   #3 (permalink)
Wizard Techie
 
Join Date: Jul 2003
Posts: 3,937
Default

you could try to download a trial version of norton anti-virus and do a complete system scan. that has gotten rid of download trojans that download advertisements off the internet on some computers for me.
ekÆsine is offline  
Old 12-28-2003, 09:16 PM   #4 (permalink)
True Techie
 
Join Date: May 2003
Posts: 221
Default

Download hijack this , unzip it and do a scan then save the generated log file. Next step would be to copy and paste the log herer for review.
mobo is offline  
Old 04-03-2004, 12:32 PM   #5 (permalink)
Newb Techie
 
Join Date: Apr 2004
Posts: 1
Angry have i been hijacked

hope you can help. I think that Ive got a problem with downloading avg and window updates. My internet connection keeps closing when connecting, (sometime only o n for a few seconds).

my log is here..

Logfile of HijackThis v1.97.7
Scan saved at 6:13:48 PM, on 3/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
laroc is offline  
Old 04-03-2004, 02:04 PM   #6 (permalink)
True Techie
 
Join Date: Mar 2004
Posts: 228
Send a message via Yahoo to jaun1477
Default

This detection is for trojans written in Borland Delphi intended to modify the Internet Explorer search and start page settings.

When executed these trojans typically modify the Internet Explorer
Search and Start pages to specific URLs hardcoded in the trojan. For example, the following URLs have been used:

http:// allneedsearch.com
http:// just.find-itnow.com
http:// listincestsites.com
Commonly, several other porn links are added to the Internet Explorer Favorites list.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the current engine and the specified DATs (or higher). Older engines may not be able to remove all registry keys created by this threat.
the alias related StartPage-AU, W32.Bizten (NAV)
Distribution channels include IRC, peer-to-peer networks, newsgroup postings, email, etc.
Name: Generic StartPage
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 1/20/2004
Date Added: 1/22/2004
Origin: Unknown
Length: Varies
Type: Trojan
SubType: Settings Change
DAT Required: 4318
this is so we undestand what we are dealing with (a trojan virus)
so just use your antivirus
GOOD LUCK!
__________________
EL VAQUERO
_________________
amd athlon xp 2400+
1 apacer 256mb unb pc2700 cl2.5
motherboard msi kt4av via kt400a chipset based
1 ??? 512 mb pc2700
1 agp 8x/4x (geforce 4 predator mx4408x)
2 year old 21 magnavox monitor
1 aquos sharp 15\"tv
Seagate 40gb hd
DC Output: 420Watts Total: +5V/0~42A, +12V/0~18A
+3.3V/0~26A, -5V/0~0.8A, -12V/0~1.0A, +5VSB/0~2.5A.
http://img44.photobucket.com/albums/...vantar_gif.gif
jaun1477 is offline  
Old 04-03-2004, 05:07 PM   #7 (permalink)
True Techie
 
Join Date: May 2003
Posts: 221
Default Re: have i been hijacked

Quote:
Originally posted by laroc
hope you can help. I think that Ive got a problem with downloading avg and window updates. My internet connection keeps closing when connecting, (sometime only o n for a few seconds).

my log is here..

Logfile of HijackThis v1.97.7
Scan saved at 6:13:48 PM, on 3/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe





This isn't the entire log...
__________________

mobo is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 05:28 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.