Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help Please - I've been hacked

Started by Concerned674 , Jun 23 2009 06:39 AM

  • Please log in to reply

#1
Concerned674
Posted 23 June 2009 - 06:39 AM

Concerned674

    New Member

  • Member
  • Pip
  • 2 posts
Help I've been hacked


IE RESTRICTED SITES - unblocked by malware on SpyBlaster

1 Red Sherriff (2) - Address = Imrworldwide.com cookies


(SNRG or) ShopNav Variant - Dyfuca / Internet Optimizer Variant
Transponder Variant - Vundo.B - ConHook - Win32.Agent.58368
InternetOptimizer / Nem Variant TX4 Adware (11-17 variants)
MyTotalSearch - BaiduBar Variant
Commission Junction (4)

(CCleaner - registry scan shows left behind unused file extensions
.58368, .B, .itms, .itpc, .pcast
invalid or empty file class - HKR\AcroExch.Document)

-----------------------------------------------------------------------------------------------

Suspicious Entries - (From Rooter.exe scan - when scanning "suspicious files"
the program stops. No log, just this from the screen.

1 - Windows tasks: file - SCHEDLGU.TXT
"Task Scheduler Service"
6.0.6001.18000 (longhorn_rtm.080118-1840)
"Task Scheduler Service"
Started at 02/06/2009 00:35:38 (Various entries then) Exited at 03/06/2009 03:40:15
a - Double-clicking on file "Norton Security Scan for Edith.job" - adds it to a 7-zip file
Even though I uninstalled 7-zip for another compression utility weeks ago.
b - Same for "Norton Internet Security - Edith - Full System Scan.job"
C - Same for "Google Software Updater.job"
d - Same for "Google Software Updater.job"
e - same for "User_Feed_Synchronization-{5D52DB00-175B-4910-A956-
refers to Windows side bar.
f - file SA.DAT appears to be nearly empty. Just " " characters.

2 - Pictures, videos etc placed in Public Folder also a zipped file of my favorites
though I purposely kept this folder empty for security. Also turned off any sharing.
After deleting the folders - thats when I found the above unused file extensions
in CCleaner.
3 - Previous problem with about:blank, googleupdate(had to reinstall)
4 - Numerous Crashes - antivirus shows nothing.
5 - Old versions of Java found when I had deleted them.
6 - My D: Recovery Drive has about 3GB of data deleted
_____________________________________________________________________________________

MBAM log (22/06/2009 11:02:05 - No malicious items or infections detected)
Previous - Registry Data Items Infected: 1
12/6/2009 - HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\
Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0)
-> Quarantined and deleted successfully.
20/06/2009 - Reinfected as above deleted.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP