Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 06-17-2004, 11:35 AM   #1
Beta Member
 
Join Date: Jun 2004
Posts: 5
Default Smart Search: my browser has been hijacked

My hompage has been hijacked by smart search - which i believe is a varient of cool web search. I have run CWShredder, Spybot S&D, Ad-Aware and it's still there. This is my hijack this log:

Logfile of HijackThis v1.97.7
Scan saved at 14:23:39, on 17/06/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\netdde.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\faxsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\ntvdm.exe
C:\WINNT\System32\cidaemon.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Ben\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Ben\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Ben\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Ben\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINNT\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINNT\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O1 - Hosts: 213.159.117.235 auto.search.msn.com
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCDRealtime] C:\WINNT\realtime.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &iSearch The Web - res://C:\WINNT\system32\toolbar.dll/SEARCH.HTML
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/ado...nailFrame.html
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.235/buka.chm::/x.exe
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...112.2365856481
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...19/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D7C5FED-87D3-4556-B5A5-98C78A50A45E}: NameServer = 217.37.83.214,217.37.83.214
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D7C5FED-87D3-4556-B5A5-98C78A50A45E}: NameServer = 217.37.83.214,217.37.83.214
O17 - HKLM\System\CS2\Services\Tcpip\..\{1D7C5FED-87D3-4556-B5A5-98C78A50A45E}: NameServer = 217.37.83.214,217.37.83.214
O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}


If someone could help i would be most grateful

Thanks in advance

Ben
__________________

broady1214 is offline   Reply With Quote
Old 06-17-2004, 06:39 PM   #2
Beta Member
 
TechOne's Avatar
 
Join Date: Jun 2004
Posts: 2
Default Re: Smart Search: my browser has been hijacked

Just go into internet options and set your homepage back...

if it happens again get ZoneAlarm you dummy
__________________

TechOne is offline   Reply With Quote
Old 06-18-2004, 04:42 AM   #3
Beta Member
 
Join Date: Jun 2004
Posts: 5
Default Re: Smart Search: my browser has been hijacked

I really isnt quite that simple, i've tried changing my homepage in internet options, and i have also change my homepage in the registry. But whenever i open up a new exporer window the Smart Search is back.

I have tried downloading ZoneAlarm but it doesnt fix it.

Anyone that could help i'd be grateful
broady1214 is offline   Reply With Quote
Old 06-18-2004, 07:32 AM   #4
Fully Optimized
 
Slayer's Avatar
 
Join Date: Mar 2003
Posts: 3,111
Send a message via AIM to Slayer Send a message via MSN to Slayer Send a message via Yahoo to Slayer
Default Re: Smart Search: my browser has been hijacked

Try running your Anti virus ... sometimes mine has picked up Spyware/AdWare threats that neither Spybot S&D or Ad Aware have.
Slayer is offline   Reply With Quote
Old 06-18-2004, 07:39 AM   #5
Beta Member
 
Join Date: Jun 2004
Posts: 5
Default Re: Smart Search: my browser has been hijacked

Rocker,

Thanks for the advice - i will run my virus scan and let you know how i get on
broady1214 is offline   Reply With Quote
Old 06-18-2004, 08:37 AM   #6
Beta Member
 
Join Date: Jun 2004
Posts: 5
Default Re: Smart Search: my browser has been hijacked

I tried running my Virus Scan (Mcafee v.8) but it didnt pick up anything.

Any other suggestions you have would be most appreciated
broady1214 is offline   Reply With Quote
Old 06-18-2004, 11:19 AM   #7
Fully Optimized
 
Slayer's Avatar
 
Join Date: Mar 2003
Posts: 3,111
Send a message via AIM to Slayer Send a message via MSN to Slayer Send a message via Yahoo to Slayer
Default Re: Smart Search: my browser has been hijacked

Yeah - have you made sure you've got all the updates for AdAware, Spybot S&D and your AV?
Slayer is offline   Reply With Quote
Old 06-18-2004, 11:58 AM   #8
Beta Member
 
Join Date: Jun 2004
Posts: 5
Default Re: Smart Search: my browser has been hijacked

Yeh they are all up to date
broady1214 is offline   Reply With Quote
Old 06-19-2004, 02:10 AM   #9
Beta Member
 
Rawlo's Avatar
 
Join Date: Jun 2004
Posts: 1
Default

Try this link, maybe it'll help.http://www.kephyr.com/spywarescanner...ch/index.phtml
__________________

Rawlo is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 02:20 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0