Plz Check whether my browser has been hijacked or not!!

View previous topic View next topic Go down

Plz Check whether my browser has been hijacked or not!!

Post by tarzan on 23rd April 2009, 10:20 am

Hi

I had been visiting a website and may be my browser is hijacked, i guess
Plz verify...
Tarzan

the log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:36 PM, on 4/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\WordWeb\wweb32.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\EpiValley\TATA Indicom Dialer\TATA Indicom Dialer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{0462E63F-0CF4-498F-A5BD-85ACD45F00C1}: NameServer = 61.1.96.69,61.1.96.71
O17 - HKLM\System\CCS\Services\Tcpip\..\{20F2E73D-094A-4108-9E1A-08CC8B7743FA}: NameServer = 203.197.12.30 202.54.1.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{0462E63F-0CF4-498F-A5BD-85ACD45F00C1}: NameServer = 61.1.96.69,61.1.96.71
O17 - HKLM\System\CS2\Services\Tcpip\..\{0462E63F-0CF4-498F-A5BD-85ACD45F00C1}: NameServer = 61.1.96.69,61.1.96.71
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 7283 bytes

tarzan
Leader
Leader

Posts Posts : 427
Joined Joined : 2008-10-31
Gender Gender : Male
OS OS : xp.pro,vista, Windows 7
Points Points : 30028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Plz Check whether my browser has been hijacked or not!!

Post by Belahzur on 23rd April 2009, 10:38 am

Hello.
What problems are you having?

The few common Google (or browser) hijackers won't appear in Hijack This, so I need to know what the current symptoms are?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Plz Check whether my browser has been hijacked or not!!

Post by tarzan on 23rd April 2009, 10:45 am

Whenever i open this address [You must be registered and logged in to see this link.] i get the error that
Acrobat 8 is not responding ..send error report.
happens only with that site
after that it freezes my Browser, IE8 and Firefox like a virus attack
jus wanted to make sure that nothing's wrong with my laptop as i do my financial transaction...

tarzan
Leader
Leader

Posts Posts : 427
Joined Joined : 2008-10-31
Gender Gender : Male
OS OS : xp.pro,vista, Windows 7
Points Points : 30028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Plz Check whether my browser has been hijacked or not!!

Post by Belahzur on 23rd April 2009, 3:55 pm

Hello.
Chrome tells me that website maybe malicious, what is that website?

Don't visit it, it could be hosting malware.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Plz Check whether my browser has been hijacked or not!!

Post by tarzan on 23rd April 2009, 5:48 pm

I meant I do my ebanking on my Laptop and worried whether my browser is having a Keylogger/Tracking/Spy Scripting... after i visited that website [You must be registered and logged in to see this link.]

tarzan
Leader
Leader

Posts Posts : 427
Joined Joined : 2008-10-31
Gender Gender : Male
OS OS : xp.pro,vista, Windows 7
Points Points : 30028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Plz Check whether my browser has been hijacked or not!!

Post by Belahzur on 23rd April 2009, 6:13 pm

Okay, the log looks fine, but we need to update some software.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Plz Check whether my browser has been hijacked or not!!

Post by tarzan on 23rd April 2009, 6:25 pm

Here you go!

Active@ Hard Disk Monitor
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8
Broadcom 802.11 Wireless LAN Adapter
CCleaner (remove only)
CloneCD
Combined Community Codec Pack 2008-09-21 16:18
Command & Conquer Generals
Command & Conquer Generals Zero Hour
Conexant HD Audio
DVD Suite
FLV Player 2.0 (build 25)
Free PDF to Word Converter 1.3
Google Gmail Notifier
Google Talk (remove only)
GTK+ Runtime 2.14.6 rev a (remove only)
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
HP Wireless Assistant
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 7
K-Lite Codec Pack 3.8.0 Full
LiveUpdate 3.3 (Symantec Corporation)
Microsoft .NET Framework 2.0
Microsoft Calculator Plus
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.9)
MP3 Cutter 1.3
MSXML 4.0 SP2 (KB954430)
Nero 7 Essentials
neroxml
Network Stumbler 0.4.0 (remove only)
Pdf995
Picasa 3
Pidgin
PowerDVD
PowerpointImageExtractor
PowerProducer
REALTEK GbE & FE Ethernet PCI NIC Driver
Security Task Manager 1.7h
Stickies 6.7a
Swarm
Symantec Endpoint Protection
TATA Indicom Dialer
TeamViewer 4
Tweak UI
ValueFirst VelocityPlus
VirtualCloneDrive
WinASO Registry Optimizer 3.1
Windows Internet Explorer 8 Beta 2
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR archiver
WordWeb
Yahoo! Messenger

tarzan
Leader
Leader

Posts Posts : 427
Joined Joined : 2008-10-31
Gender Gender : Male
OS OS : xp.pro,vista, Windows 7
Points Points : 30028
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Plz Check whether my browser has been hijacked or not!!

Post by Belahzur on 23rd April 2009, 7:44 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • Adobe Reader 8
  • Java(TM) 6 Update 7

Then download and install [You must be registered and logged in to see this link.]

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Select the first option where it says "This release includes the highly anticipated...".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    - Java 2 Runtime Environment, SE v1.4.2
    - J2SE Runtime Environment 5.0
    - J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe that you downloaded to install the newest version.
Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from [You must be registered and logged in to see this link.]

  • First, unzip it.
  • Then run JavaRa. (If you are running Vista, you will need to right click JavaRa > select "Run as administrator")
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum