Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 05-31-2005, 01:01 PM   #1
Baseband Member
 
Join Date: Dec 2004
Posts: 90
Send a message via AIM to Nimandir
Default Hijacker+Trojans=My Dad's Computer (Help)

Well, my dad has had a Hijacker on his computer for a few days now. I went on his computer to investigate and attempted to go to google. Instead of Google, a website (topsearch10 I think) appeared. Instantly, McAfee went crazy and said it stopped a trojan and suggested to scan the computer about 15+ times. McAfee is currently scanning and has found two trojans:

Quote:
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\Cash\Javapi\v1.0\jar\clas sload.jar-1543d5aa-287ded45.zip

and

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\Cash\Javapi\v1.0\jar\msjl d.jar-6ecc4ec7-78f4315c.zip
Every time topsearch10 appears, these two trojans always appear. I'm going to try using HijackThis to see if that will help. Any suggestions would also be nice

Oh, also, my dad doesn't use a Firewall on his computer (He just has Anti-Virus). The Router we have has a built in Firewall, so he just goes just with that. When he picked up the Hijacker, he insisted that I had picked it up (even though I have only used it once in about 3 months, just to go on amazon.com). How might he have picked up this hijacker?


Thanks ahead of time for anyone who helps!
__________________

__________________
"We are the knights who say...NI!"
Nimandir is offline   Reply With Quote
Old 05-31-2005, 01:11 PM   #2
Baseband Member
 
Join Date: Dec 2004
Posts: 90
Send a message via AIM to Nimandir
Default

Just ran HijackThis and it suggested I ask for an expert's opinion on what to fix. This is the log that HijackThis gave me (Part 1):

Quote:
Logfile of HijackThis v1.99.1
Scan saved at 1:06:39 PM, on 5/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 3.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Sonique\sqstart.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\COMMON~1\AOL\110091~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110091~1\EE\AOLServiceHos t.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\gearsec.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\mcafee.com\vso\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O1 - Hosts: 66.199.231.174 www.google.com
O1 - Hosts: 66.199.231.174 google.com
O1 - Hosts: 66.199.231.174 www.google.co.uk
O1 - Hosts: 66.199.231.174 google.co.uk
O1 - Hosts: 66.199.231.174 www.google.ca
O1 - Hosts: 66.199.231.174 google.ca
O1 - Hosts: 66.199.231.174 www.google.es
O1 - Hosts: 66.199.231.174 google.es
O1 - Hosts: 66.199.231.174 www.google.de
O1 - Hosts: 66.199.231.174 google.de
O1 - Hosts: 66.199.231.174 www.google.fr
O1 - Hosts: 66.199.231.174 google.fr
O1 - Hosts: 66.199.231.174 www.google.com.au
O1 - Hosts: 66.199.231.174 google.com.au
O1 - Hosts: 66.199.231.173 www.yahoo.com
O1 - Hosts: 66.199.231.173 yahoo.com
O1 - Hosts: 66.199.231.172 www.msn.com
O1 - Hosts: 66.199.231.172 msn.com
O1 - Hosts: 66.199.231.172 search.msn.com
O1 - Hosts: 66.199.231.171 astalavista.com
O1 - Hosts: 66.199.231.171 www.astalavista.com
O1 - Hosts: 66.199.231.171 astalavista.box.sk
O1 - Hosts: 66.199.231.171 www.astalavista.box.sk
O1 - Hosts: 66.199.231.171 warez.com
O1 - Hosts: 66.199.231.171 www.warez.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
__________________

__________________
"We are the knights who say...NI!"
Nimandir is offline   Reply With Quote
Old 05-31-2005, 01:12 PM   #3
Baseband Member
 
Join Date: Dec 2004
Posts: 90
Send a message via AIM to Nimandir
Default

Here is the last part of the log (Part 2):

Quote:
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 3.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100912088\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [7kgau6hp] C:\WINDOWS\system32\7kgau6hp.exe
O4 - HKLM\..\Run: [v3tg3nR] shfatm.exe
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [e02mRhd2U] sfmtab.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Active Whois - {BAB9A4F4-C201-4fcf-A5D3-BA77BC9FBEB2} - C:\Program Files\Active Whois\ieshow.exe
O9 - Extra 'Tools' menuitem: Active Whois - {BAB9A4F4-C201-4fcf-A5D3-BA77BC9FBEB2} - C:\Program Files\Active Whois\ieshow.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab
O16 - DPF: {D9EA64B2-B966-E177-332C-78B69886526D} (MNPerformer Class) - http://download.newaol.com/bkpromo/d...ormerSetup.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: SLPMONX - ProdEx Technologies - C:\WINDOWS\System32\slpservice.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
__________________
"We are the knights who say...NI!"
Nimandir is offline   Reply With Quote
Old 05-31-2005, 01:36 PM   #4
Golden Master
 
mark thorpe's Avatar
 
Join Date: Feb 2005
Posts: 7,366
Send a message via MSN to mark thorpe Send a message via Yahoo to mark thorpe
Default Re: Hijacker+Trojans=My Dad's Computer (Help)

wow... all i can think of is to keep on running mcafee loads of times, and delete what it comes up with...

also, try downloading:

Spybot search and destroy
Lavasoft ad-aware
CCleaner

all of these are freeware, and are good at getting rid of spyware etc...

also, as your browser, are you using IE or firefox?
If your using IE without a firewall, then thats probably how he got the trojans... IE has alot of security flaws, so personally i use firefox web browser...

you could also download AVG free edition, this is a good anti virus program, and would help you to get rid of any viruses/trojans that you might have on your computer...
__________________
'I may be drunk, Miss, but in the morning I will be sober and you will still be ugly.'

Winston Churchill, 11/30/1874 - 01/24/1965
mark thorpe is offline   Reply With Quote
Old 05-31-2005, 01:42 PM   #5
Dan
In Runtime
 
Dan's Avatar
 
Join Date: Nov 2003
Posts: 177
Send a message via AIM to Dan Send a message via MSN to Dan Send a message via Yahoo to Dan
Default Re: Hijacker+Trojans=My Dad's Computer (Help)

Not saying that you should.. but if all that was happening.. I would backup what I could.. and just format the computer. I had to do that to my laptop..
__________________
Dell Dimension 3000
Windows XP Home - 17" LCD
Pentium 4, 2.8 GHz - 512 MB Ram
40GB HDD - 80GB WD HDD
Creative Sound - CD-Rw/DVD+/-RW Dual Layer
Dan is offline   Reply With Quote
Old 05-31-2005, 01:51 PM   #6
Baseband Member
 
Join Date: Sep 2004
Posts: 95
Default Re: Hijacker+Trojans=My Dad's Computer (Help)

Ok, I am far from a master at HijackThis logs, but I can point you in the right direction. Remember that you are doing this on your own free will and I will not be held responsible for any problems that occur.

With that being said, and I wasn't trying to be rude, the first thing you should do is delete these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O1 - Hosts: 66.199.231.174 http://www.google.com
O1 - Hosts: 66.199.231.174 google.com
O1 - Hosts: 66.199.231.174 http://www.google.co.uk
O1 - Hosts: 66.199.231.174 google.co.uk
O1 - Hosts: 66.199.231.174 http://www.google.ca
O1 - Hosts: 66.199.231.174 google.ca
O1 - Hosts: 66.199.231.174 http://www.google.es
O1 - Hosts: 66.199.231.174 google.es
O1 - Hosts: 66.199.231.174 http://www.google.de
O1 - Hosts: 66.199.231.174 google.de
O1 - Hosts: 66.199.231.174 http://www.google.fr
O1 - Hosts: 66.199.231.174 google.fr
O1 - Hosts: 66.199.231.174 http://www.google.com.au
O1 - Hosts: 66.199.231.174 google.com.au
O1 - Hosts: 66.199.231.173 http://www.yahoo.com
O1 - Hosts: 66.199.231.173 yahoo.com
O1 - Hosts: 66.199.231.172 http://www.msn.com
O1 - Hosts: 66.199.231.172 msn.com
O1 - Hosts: 66.199.231.172 search.msn.com
O1 - Hosts: 66.199.231.171 astalavista.com
O1 - Hosts: 66.199.231.171 http://www.astalavista.com
O1 - Hosts: 66.199.231.171 astalavista.box.sk
O1 - Hosts: 66.199.231.171 http://www.astalavista.box.sk
O1 - Hosts: 66.199.231.171 warez.com
O1 - Hosts: 66.199.231.171 http://www.warez.com


The way you do this is by checking the box next to the item and then hit fix selected.

Also, get rid of these:

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [7kgau6hp] C:\WINDOWS\system32\7kgau6hp.exe
O4 - HKLM\..\Run: [v3tg3nR] shfatm.exe
O4 - HKCU\..\Run: [e02mRhd2U] sfmtab.exe

As I said, removing these could be dangerous to system integrity. If this were my machine, these are the entries I would remove first and see if that helps. After doing these tasks, restart the machine and run hijackthis again and see if any of the entries returned.
__________________
As the sun sets, the earth shall prepare
ksb007 is offline   Reply With Quote
Old 05-31-2005, 03:40 PM   #7
Baseband Member
 
Join Date: Dec 2004
Posts: 90
Send a message via AIM to Nimandir
Default

Thanks ksb007, I removed everything from the list you gave me and the Hijacker appears to be gone. I can go to google, which it always redirected to topsearch10. Everything appears perfect, save a little message at startup:

[quote][b]Runner Error[b]

Invalid BackWeb application id "1940576"[quote]

I know my dad would agree that having that little message pop up is much better than a hijacker. My dad didn't even know what was going on until I told him it was a hijacker. I will try my best to insist he get a software firewall and not rely on just the hardware firewall in our router. I'll also go ahead and install Firefox and suggest my dad try it out. He uses IE when he browses the web. Personally, I stick with Firefox unless I have no other choice.
__________________
"We are the knights who say...NI!"
Nimandir is offline   Reply With Quote
Old 05-31-2005, 03:57 PM   #8
Baseband Member
 
Join Date: Sep 2004
Posts: 95
Default Re: Hijacker+Trojans=My Dad's Computer (Help)

Go to Start->Run-> and type msconfig
go to the tab that says 'startup' and untick the box that says backweb service or anything that deals with backweb. Restart and this should fix that little problem. Don't worry about backweb, it is a program that comes with compaq that sends info to the compaq center. Don't worry about stopping it, it isn't important.
__________________
As the sun sets, the earth shall prepare
ksb007 is offline   Reply With Quote
Old 06-01-2005, 06:06 AM   #9
Fully Optimized
 
technoman's Avatar
 
Join Date: Dec 2004
Posts: 3,382
Default Re: Hijacker+Trojans=My Dad's Computer (Help)

its not a hacker but spyware download Ad-aware
__________________

__________________
~~~ tEcHnOmAn ~~~
technoman is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 12:34 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0