Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help Please - I've been hacked

Started by Concerned674 , Jun 23 2009 06:39 AM

  • Please log in to reply

#1
Concerned674
Posted 23 June 2009 - 06:39 AM

Concerned674

    New Member

  • Member
  • Pip
  • 2 posts
Help I've been hacked


IE RESTRICTED SITES - unblocked by malware on SpyBlaster

1 Red Sherriff (2) - Address = Imrworldwide.com cookies


(SNRG or) ShopNav Variant - Dyfuca / Internet Optimizer Variant
Transponder Variant - Vundo.B - ConHook - Win32.Agent.58368
InternetOptimizer / Nem Variant TX4 Adware (11-17 variants)
MyTotalSearch - BaiduBar Variant
Commission Junction (4)

(CCleaner - registry scan shows left behind unused file extensions
.58368, .B, .itms, .itpc, .pcast
invalid or empty file class - HKR\AcroExch.Document)

-----------------------------------------------------------------------------------------------

Suspicious Entries - (From Rooter.exe scan - when scanning "suspicious files"
the program stops. No log, just this from the screen.

1 - Windows tasks: file - SCHEDLGU.TXT
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Started at 02/06/2009 00:35:38 (Various entries then) Exited at 03/06/2009 03:40:15
a - Double-clicking on file "Norton Security Scan for Edith.job" - adds it to a 7-zip file
Even though I uninstalled 7-zip for another compression utility weeks ago.
b - Same for "Norton Internet Security - Edith - Full System Scan.job"
C - Same for "Google Software Updater.job"
d - Same for "Google Software Updater.job"
e - same for "User_Feed_Synchronization-{5D52DB00-175B-4910-A956-
refers to Windows side bar.
f - file SA.DAT appears to be nearly empty. Just " " characters.

2 - Pictures, videos etc placed in Public Folder also a zipped file of my favorites
though I purposely kept this folder empty for security. Also turned off any sharing.
After deleting the folders - thats when I found the above unused file extensions
in CCleaner.
3 - Previous problem with about:blank, googleupdate(had to reinstall)
4 - Numerous Crashes - antivirus shows nothing.
5 - Old versions of Java found when I had deleted them.
6 - My D: Recovery Drive has about 3GB of data deleted
_____________________________________________________________________________________

MBAM log (22/06/2009 11:02:05 - No malicious items or infections detected)
Previous - Registry Data Items Infected: 1
12/6/2009 - HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\
Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0)
-> Quarantined and deleted successfully.
20/06/2009 - Reinfected as above deleted.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP