Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Help Please - I've been hacked

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 2 posts
Help I've been hacked

IE RESTRICTED SITES - unblocked by malware on SpyBlaster

1 Red Sherriff (2) - Address = Imrworldwide.com cookies

(SNRG or) ShopNav Variant - Dyfuca / Internet Optimizer Variant
Transponder Variant - Vundo.B - ConHook - Win32.Agent.58368
InternetOptimizer / Nem Variant TX4 Adware (11-17 variants)
MyTotalSearch - BaiduBar Variant
Commission Junction (4)

(CCleaner - registry scan shows left behind unused file extensions
.58368, .B, .itms, .itpc, .pcast
invalid or empty file class - HKR\AcroExch.Document)


Suspicious Entries - (From Rooter.exe scan - when scanning "suspicious files"
the program stops. No log, just this from the screen.

1 - Windows tasks: file - SCHEDLGU.TXT
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Started at 02/06/2009 00:35:38 (Various entries then) Exited at 03/06/2009 03:40:15
a - Double-clicking on file "Norton Security Scan for Edith.job" - adds it to a 7-zip file
Even though I uninstalled 7-zip for another compression utility weeks ago.
b - Same for "Norton Internet Security - Edith - Full System Scan.job"
C - Same for "Google Software Updater.job"
d - Same for "Google Software Updater.job"
e - same for "User_Feed_Synchronization-{5D52DB00-175B-4910-A956-
refers to Windows side bar.
f - file SA.DAT appears to be nearly empty. Just " " characters.

2 - Pictures, videos etc placed in Public Folder also a zipped file of my favorites
though I purposely kept this folder empty for security. Also turned off any sharing.
After deleting the folders - thats when I found the above unused file extensions
in CCleaner.
3 - Previous problem with about:blank, googleupdate(had to reinstall)
4 - Numerous Crashes - antivirus shows nothing.
5 - Old versions of Java found when I had deleted them.
6 - My D: Recovery Drive has about 3GB of data deleted

MBAM log (22/06/2009 11:02:05 - No malicious items or infections detected)
Previous - Registry Data Items Infected: 1
12/6/2009 - HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\
Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0)
-> Quarantined and deleted successfully.
20/06/2009 - Reinfected as above deleted.
  • 0


Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP