Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

home page beign hijacked

Started by honey18 , Jun 12 2005 06:01 AM

  • Please log in to reply

#1
honey18
Posted 12 June 2005 - 06:01 AM

honey18

    New Member

  • Member
  • Pip
  • 8 posts
hi everyone,

my home page is getting hijacked and everytime diverted to some site other than the one i have selected.
i did every thing suggested in do it be4 posting .adaware found 2 - 3 data miner, online scanning also found 4 problems..it deleted two files called osa.exe and two others it said giving problems notepad.com. rest like spybot and cws and tds gave a clean bill. i am posting the log of hijack this down below..thanks for all the gud work u guys r doing..

Logfile of HijackThis v1.99.1
Scan saved at 02:54:52, on 2005/06/12
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\Program Files\Network Associates\VirusScan\avsynmgr.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\myCIO\PFW\MpfService.exe
D:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\SndServ.exe
D:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINNT\system32\suss.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\EPOAgent\naimag32.exe
D:\Program Files\McAfee\Managed Firewall\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
D:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
D:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\kduneja\madhu\software\antispy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocpa.dll/blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpa.dll/asst.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NaimAgent_UI] C:\EPOAgent\naimag32.exe
O4 - HKLM\..\Run: [MpfTray] D:\Program Files\McAfee\Managed Firewall\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "D:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = D:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = D:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://vscan.drsasap...in/myCioAgt.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain
O17 - HKLM\System\CCS\Services\Tcpip\..\{C830DD0F-05DC-4CC1-B994-F485759D199B}: NameServer = 169.183.21.22,169.183.201.22
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - D:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt3.0.0.456.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - D:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\WINNT\myCIO\PFW\MpfService.exe
O23 - Service: McAfee Managed Services Agent (myAgtSvc) - McAfee, Inc. - D:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: NAI ePolicy Orchestrator Agent (NAIMAGENT32) - Network Associates, Inc. - C:\EPOAgent\naimas32.exe
O23 - Service: SOE Send Service (SOE Wrap Send Service) - kd - C:\WINNT\system32\SndServ.exe
O23 - Service: SOE Admin Service (SysExec) - Unknown owner - C:\WINNT\system32\sysexec.exe (file missing)


thanx,
Honey.

PS :i can see RO has the name of page my browser is being directed to but i would act only after getting a reply
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP