WiredWX Hobby Weather ToolsLog in

 


Hijacked home page

2 posters

descriptionHijacked home page - Page 4 EmptyRe: Hijacked home page

more_horiz
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Full Scan, and press Scan. Remove selected, and post the log in your next reply.

descriptionHijacked home page - Page 4 EmptyRe: Hijacked home page

more_horiz
mbytes log

Malwarebytes' Anti-Malware 1.42
Database version: 3414
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23/12/2009 11:25:47 PM
mbam-log-2009-12-23 (23-25-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 289351
Time elapsed: 2 hour(s), 24 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP140\A0048107.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP145\A0055151.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP146\A0055360.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP146\A0055445.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP147\A0055756.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP147\A0055757.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP147\A0055759.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP120\A0041601.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP122\A0042886.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP124\A0044198.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP125\A0045090.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP126\A0045928.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP126\A0046020.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

descriptionHijacked home page - Page 4 EmptyRe: Hijacked home page

more_horiz
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

descriptionHijacked home page - Page 4 EmptyRe: Hijacked home page

more_horiz
Looks good?

Malwarebytes' Anti-Malware 1.42
Database version: 3418
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24/12/2009 6:42:23 AM
mbam-log-2009-12-24 (06-42-23).txt

Scan type: Quick Scan
Objects scanned: 146226
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionHijacked home page - Page 4 EmptyRe: Hijacked home page

more_horiz
Yes.

Right On!

descriptionHijacked home page - Page 4 EmptyRe: Hijacked home page

more_horiz
Thanks mate I appreciate all your time. I'll be heading off to the "donate" page shortly :-)

I have symantec endpoint protection as part of my work stuff. I now have superantispyware, spyware blaster running. Just the free versions. Is there a benefit in getting the paid version of either of these? Real time protection?

Also how about that vbs.runauto thingy on my thumb drives. Is it bad?

see ya and Merry Christmas

descriptionHijacked home page - Page 4 EmptyRe: Hijacked home page

more_horiz
You can remove those. That is Symantec's reaction to autorun.

descriptionHijacked home page - Page 4 EmptyRe: Hijacked home page

more_horiz
do you know what the tsp1.dll error on start up is related to. It says reinstalling the program may help. Which program? I repaired Active sync that didn't help

see ya

descriptionHijacked home page - Page 4 EmptyRe: Hijacked home page

more_horiz
See if you can find the following file:

c:\windows\system32\Tsp1.dll

Then let me know if you see it.

descriptionHijacked home page - Page 4 EmptyRe: Hijacked home page

more_horiz
Nope, it's not there.

descriptionHijacked home page - Page 4 EmptyRe: Hijacked home page

more_horiz
You need that file. Not sure how you would get it. But, since that file is not there, you will get that error continually.

descriptionHijacked home page - Page 4 EmptyRe: Hijacked home page

more_horiz
Thanks for all your help. I have been away for a while. Just got back.

An attempt to change the home page just occurred. I ran Malwarebytes (full version now) and it found nothing.

My web access is still OK. I tried to download combifix from BleepingComputer.com and I noticed it is blocked by the list in my new hosts file.

Any clues?

see ya

descriptionHijacked home page - Page 4 EmptyRe: Hijacked home page

more_horiz
Go to C:\windows\system32\drivers\etc

You will see something that says HOSTS

Double-click on it, and open it with Notepad.

Please post the contents of that in your next reply.

descriptionHijacked home page - Page 4 EmptyRe: Hijacked home page

more_horiz
It's over 2mbs and keeps freezing things when I cut to paste.
Should I send it in bits?

descriptionHijacked home page - Page 4 EmptyRe: Hijacked home page

more_horiz
Take a different route here:

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.
Hijacked home page - Page 4 Icon13 Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.Hijacked home page - Page 4 2hd457o

Hijacked home page - Page 4 34gul1w

Set it to Maximum

Hijacked home page - Page 4 2n9gldh

Hijacked home page - Page 4 Icon13 IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.Hijacked home page - Page 4 2ekm73m

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

descriptionHijacked home page - Page 4 EmptyRe: Hijacked home page

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum