|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
05-31-2004, 09:52 PM
|
#1 |
|
Member (7 bit)
Join Date: Jan 2003
Location: California, US
Posts: 107
 |
I need help with something annoying......
Ok, I couldn't help myself the other night and I started browsing some porn sites. One site that was open in IE (I had like 3 windows open) appeared to be locked up. A moment later, it went back to normal. I was able to browse the page. Ever since that little "freeze" moment, everytime I open IE to connect to the internet, I have 4 bookmarked Porn sites that are in my favorites folder and my IE always wants to connect to some porn search engine.
I ran Norton; nothing. I ran LavaSoft Spyware; picked up some things but it still didn't fix the problem. I tried deleting the bookmarks and reseting the page to blank; doesn't work. I asked for help on a different website and got nothing crappy responses. Any ideas how to get rid of this crap? Thanks. |
|
|
|
05-31-2004, 10:01 PM
|
#2 |
|
Retired
Join Date: Apr 2000
Location: Modesto,Calif
Posts: 4,042
|
|
|
|
|
|
05-31-2004, 10:03 PM
|
#3 |
|
Member (7 bit)
Join Date: Jan 2003
Location: California, US
Posts: 107
|
My bad, i forgot to mention that I already tried that and it didn't work. Any other ideas? I mean, I was told to download Spyware S&D and run it. I ran it, it came back with some errors, fixed them.....but i still get the bookmarks and IE still was to startup connecting to the one page.
Any other ideas? Did I not use Spyware S&D right? |
|
|
|
|
05-31-2004, 10:06 PM
|
#4 |
|
Retired
Join Date: Apr 2000
Location: Modesto,Calif
Posts: 4,042
|
|
|
|
|
|
05-31-2004, 10:36 PM
|
#5 |
|
Member (7 bit)
Join Date: Jan 2003
Location: California, US
Posts: 107
|
Ok, that stuff didn't work either. I tried it just it said to.
Here is the website that IE always wants to connect to: http://mypoiskovik.com/index.htm Here are the bookmarks that it keeps putting into My Favorites: FREE HIDDEN CAMS WORLD FREE SPY CAM FREE WEB CAMS CHAT GET THIS 4 FREE *EDIT* Kubie, I just noticed you're in Modesto. I'm in Newman. Last edited by rapidarp; 05-31-2004 at 11:22 PM. |
|
|
|
|
05-31-2004, 11:05 PM
|
#6 |
|
Lest we forget
Join Date: Jun 2003
Location: Ontario, Canada
Posts: 1,870
|
post a hijackthis log
you can get it at www.spywareinfo.com/~merijn just click scan then save log, this will give you the results in notepad so you can post them. Dont fix anything yet, most of the stuff is harmless and even needed. btw, I dont think its a good idea to post the links
__________________
redqueen: Antec Sonata, Pentium-D 2.5GHz, MSI G31M3-L, 2GB ram, 320 GB HDD, OpenBSD hal9000: Lenovo T61, 2GB ram, 120 GB HDD, FreeBSD |
|
|
|
|
05-31-2004, 11:26 PM
|
#7 |
|
Member (7 bit)
Join Date: Jan 2003
Location: California, US
Posts: 107
|
Hmm, I noticed that Notepad won't open. I had to change the file type to .doc in order to open it. Anyway, here's the log:
Logfile of HijackThis v1.97.7 Scan saved at 8:24:46 PM, on 5/31/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe C:\WINDOWS\LTSMMSG.exe C:\WINDOWS\System32\ezSP_Px.exe C:\WINDOWS\System32\WScript.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\sony\giga pocket\usbsircs.exe C:\Program Files\Sony\VAIO Action Setup\VAServ.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogin.exe C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe C:\Program Files\Sony\giga pocket\GPVSvr.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe c:\progra~1\Support.com\client\bin\tgcmd.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe D:\PROGRA~1\DAP\DAP.EXE D:\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://mypoiskovik.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mypoiskovik.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mypoiskovik.com/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mypoiskovik.com/index.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mypoiskovik.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mypoiskovik.com/index.htm R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program Files\Yahoo!\Common\ycheckh.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Giga Pocket Remocon Driver.lnk = ? O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: VAIO Action Setup (Server).lnk = ? O4 - Global Startup: winlogin.exe O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{87D11145-131E-4387-B7B6-0A346ABF062D}: NameServer = 66.81.0.251 66.81.0.252 |
|
|
|
|
06-01-2004, 02:22 AM
|
#8 |
|
Member (7 bit)
Join Date: Jan 2003
Location: California, US
Posts: 107
|
*bump*
I posted the HijackThis results.....anyone care to help? I'm still having the problem. |
|
|
|
|
06-01-2004, 03:06 AM
|
#9 |
|
Member (11 bit)
Join Date: May 2003
Location: Houston, Texas
Posts: 1,340
  |
delete these,
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://mypoiskovik.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mypoiskovik.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mypoiskovik.com/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mypoiskovik.com/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mypoiskovik.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mypoiskovik.com/index.htm |
|
|
|
|
06-01-2004, 04:02 AM
|
#10 | |
|
Member (7 bit)
Join Date: Jan 2003
Location: California, US
Posts: 107
|
Quote:
|
|
|
|
|
|
06-01-2004, 04:24 AM
|
#11 |
|
Member (9 bit)
Join Date: Jan 2004
Location: Watsontown, PA.
Posts: 408
|
In IE did you try:
Tools, Internet options, click on connections, and put a "dot" (check) never dial a connection? Give that a try and let us know if that works. Don't forget to click "apply" and click "OK" on your way out. One of the sites may have changed it to "always dial my default connection". |
|
|
|
|
06-01-2004, 04:27 AM
|
#12 |
|
Member (10 bit)
Join Date: Jan 2002
Location: Edmonton, AB, Canada
Posts: 628
|
Once when my homepage was being hijacked like this I was able to fix it by using system restore to the day before it started happening, that may work for you.
|
|
|
|
|
06-01-2004, 07:24 AM
|
#13 |
|
Lest we forget
Join Date: Jun 2003
Location: Ontario, Canada
Posts: 1,870
|
this is used to start many viruses
C:\WINDOWS\System32\WScript.exe R3 - Default URLSearchHook is missing im not very good with logs so I might have missed something but it seems norton let something pass through. Try scanning with housecall http://housecall.trendmicro.com A system restore as Trent Steel said might help but if it doesnt turn it off to remove all restore points since many viruses like to hide there becaus AV's cant get them there. |
|
|
|
|
06-01-2004, 10:05 AM
|
#14 |
|
Shiro Usagi
Premium Member
Join Date: Sep 1999
Location: Kaneohe, Hawaii
Posts: 34,002
|
|
|
|
|
|
06-01-2004, 11:22 AM
|
#15 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 36,460
|
Are you sure you are updating Ad-Aware and Spybot S&D before running them, and are you using the latest versions? Are you sure virus scans are coming up clean with updated definitions? You need to crosscheck Norton with an online scan - try housecall.trendmicro.com . Your HJT log is definitely showing malware.
Winlogin.exe is a Trojan virus. You also have "Bundleware" which is like VX2 and Look2Me, and is very difficult to remove. Try this: http://www.look2me.com/cgi-bin/UnInstaller You are running XP - and without SP1 you are vulnerable to some exploits. I also don't see a firewall running. |
|
|
|
|
06-01-2004, 11:03 PM
|
#16 |
|
Member (7 bit)
Join Date: Jan 2003
Location: California, US
Posts: 107
|
Well, unfortunately, I could not solve the problem. I've tried multiple help files from google and nothing worked. In the end, I had to reformat. Everything is A-ok......for now. Thanks to everyone who helped.
|
|
|
|
|
06-02-2004, 02:29 AM
|
#17 |
|
The Boneshaker
Join Date: Jun 2003
Location: Ohio
Posts: 1,266
|
This is just a lesson to everyone that it is just better to download your porn from mIRC. lol
__________________
Leave it to me as I find a way to be Consider me a satellite, forever orbiting I knew all the rules, but the rules did not know me Guaranteed ---Eddie Vedder, “Guaranteed”. Rest in Peace, Evan. 2.11.71 - 9.8.08 |
|
|
|
|
06-02-2004, 08:11 PM
|
#18 |
|
Member (8 bit)
Join Date: Oct 2002
Location: Las Vegas, NV
Posts: 139
|
Wow... just saw this. : / In case anyone else has this problem and your IE is updated then you can try going to tools, internet options, advanced then look through the list for something that says, "Enable 3rd Party Browser Extensions." Uncheck it then restart the computer.
That's saved a lot of people from having to reformat. Taking away some dinky third party software's ability to take over the browser rocks. |
|
|
|
|
06-06-2004, 01:32 AM
|
#19 |
|
Member (11 bit)
Join Date: Jun 1999
Location: Memphis, Tn
Posts: 1,828
|
I just saw this as I come to PcMech only on weekends. You have (had) the bookmarker worm. For more information go to http://securityresponse.symantec.com...marker.gen.htmThen Then do a search using bookmarker as the only word in the searchbox
__________________
Carl Have you noticed? Despite the high cost of living it is still the most popular option available. Integrity is it's own reward! The rarest animal in the world is a liberal using his own money. It is easy to be a liberal when the result of your politics still leaves you very well-off. Try letting all that spending hurt and you'll see how many folks are for it! Last edited by Carl Price; 06-06-2004 at 01:36 AM. |
|
|
|
|
06-06-2004, 03:11 AM
|
#20 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 36,460
|
Make that html instead of htm and you get the right page.
That tells me that your Norton was NOT up to date when you scanned. Antivirus programs are almost worthless if they are not kept updated religiously. |
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Cricket
Linear Mode
