OrthodoxChristianity.net
November 26, 2014, 05:49:10 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Reminder: No political discussions in the public fora.  If you do not have access to the private Politics Forum, please send a PM to Fr. George.
 
   Home   Help Calendar Contact Treasury Tags Login Register  
Pages: 1   Go Down
  Print  
Author Topic: need computer help  (Read 2294 times) Average Rating: 0
0 Members and 1 Guest are viewing this topic.
mourad
Jr. Member
**
Offline Offline

Posts: 49


Mia, not mono!


« on: August 03, 2004, 03:42:25 AM »

would anyone know anything about these registry entries that coming up on my comp eventhough i keep deleting them? they are called "Possible Browser Hijack attempt", it keeps making my home page "about:blank" and it does not let me check out my hotmail account. HELP!... please!
Logged
Robert
"Amazing"
Archon
********
Offline Offline

Posts: 2,442



« Reply #1 on: August 03, 2004, 04:18:05 AM »

Hey M,

Your computer is infested with the notorious entity known as "spyware."

Luckily, it can be fixed by using several free software utilities on the web.

First and formost, I would download Spybot: Search and Destroy. It can be found at http://www.safer-networking.org   Make sure you do an UPDATE once you install it to ensure your definitions are the latest.

Second, I would download AdAware. This program can be found at http://www.lavasoftusa.com/software/adaware/

Again, run an update after it installs to ensure the latest version.

Finally, I would invest your time in getting a decent anti-virus package for your PC.  There is NO reason to buy Norton, McAfee, etc. They are overpriced and work no better than my personal favorite, AVG.
http://www.grisoft.com   You can download the AVG-FREE edition, which is free for home usage, and is updated near daily.

The combination of these three programs should prove helpful in fixing your PC.  If you have any questions, feel free to post.

Robert
Logged
mourad
Jr. Member
**
Offline Offline

Posts: 49


Mia, not mono!


« Reply #2 on: August 03, 2004, 04:29:27 AM »

Rob!

thanks so much bro, really appreciate it. BTW, awesome logo, ROfL
Logged
Robert
"Amazing"
Archon
********
Offline Offline

Posts: 2,442



« Reply #3 on: August 03, 2004, 04:30:14 AM »

No prob. Let me know how it goes, I'm glad to be of assistance.

R
Logged
mourad
Jr. Member
**
Offline Offline

Posts: 49


Mia, not mono!


« Reply #4 on: August 03, 2004, 04:54:29 AM »

you won't believe it, i download Spybot, run it, all seems well, i already had ad-aware, ran that, same 8 registry entries came back, deleted those, then i come to download AVG, i send in my email to so as to get the link to download it, BANG! same "Search for it" page comes up with its pop ups, and it won't let me get to my email either on yahoo or hotmail.

HELP!

thanks,
M
Logged
Robert
"Amazing"
Archon
********
Offline Offline

Posts: 2,442



« Reply #5 on: August 03, 2004, 07:46:53 AM »

Hey M,

Try this one thing for me.

Can you tell me what (if any) entries taht SpyBot or Ad-Aware bring up. (i.e. the name of the spyware that is on your computer)

I can give you more explicit instructions on how to clean it once I know this.  Some of it, as you can tell, is very tricky.

You might want to try a program called: Hijack This! found at: http://www.spywareinfo.com/~merijn/downloads.html

In fact, while you are on that webpage, try downloading and running CWShredder and BugKiller.

Let me know,

R
Logged
mourad
Jr. Member
**
Offline Offline

Posts: 49


Mia, not mono!


« Reply #6 on: August 03, 2004, 10:52:37 AM »

Hiyas again Rob,

my first hijackthis log is as follows:

Logfile of HijackThis v1.98.0
Scan saved at 10:51:45 AM, on 8/3/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTsystem32svchost.exe
C:WINNTsystem32spoolsv.exe
C:WINNTSystem32msdtc.exe
C:WINNTSystem32svchost.exe
C:WINNTSystem32
vsvc32.exe
C:WINNTsystem32egsvc.exe
C:WINNTsystem32MSTask.exe
C:WINNTSystem32   cpsvcs.exe
C:WINNTSystem32snmp.exe
C:WINNTSystem32WBEMWinMgmt.exe
C:WINNTsystem32mspmspsv.exe
C:WINNTsystem32svchost.exe
C:WINNTSystem32inetsrvinetinfo.exe
C:WINNTSystem32mqsvc.exe
C:WINNTExplorer.EXE
C:WINNTSystem32svchost.exe
C:Program FilesCommon FilesRealUpdate_OBealsched.exe
C:WINNTsystem32mdnp.exe
C:WINNTsystem32wuauclt.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsdodiMy DocumentsDowloaded_execsHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://searchmiracle.com/sp.php

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1dodiLOCALS~1Tempsp.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1dodiLOCALS~1Tempsp.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1dodiLOCALS~1Tempsp.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1dodiLOCALS~1Tempsp.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C:DOCUME~1dodiLOCALS~1Tempsp.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C:DOCUME~1dodiLOCALS~1Tempsp.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.google.ca/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {93E58BBE-A93D-486A-9018-6044FA5EEE4B} - C:WINNTsystem32msdoh.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA880F} - C:WINNTEliteBarEliteBar version 35.dll
O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINNTSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBealsched.exe"  -osboot
O4 - HKCU..Run: [Cwoqwt] C:WINNTsystem32mdnp.exe
O4 - Startup: PalNetaware.lnk = C:Program FilesPaltalkpnetaware.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:program filesgoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:program filesgoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:program filesgoogleGoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~3Office10EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:program filesgoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:program filesgoogleGoogleToolbar1.dll/cmtrans.html
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O17 - HKLMSystemCCSServicesTcpip..{E5453779-B2A4-4FE5-AF01-3D152E756DB2}: NameServer = 198.235.216.134,198.235.216.135
O18 - Filter: text/html - {519BDAEF-A6D1-4613-9F21-746AE4623A1B} - C:WINNTsystem32msdoh.dll
O18 - Filter: text/plain - {519BDAEF-A6D1-4613-9F21-746AE4623A1B} - C:WINNTsystem32msdoh.dll

Logged
mourad
Jr. Member
**
Offline Offline

Posts: 49


Mia, not mono!


« Reply #7 on: August 03, 2004, 10:55:55 AM »

Here is wat spybot brought up before:

Alexa Related
VX2/f
BlazeFiind.Bridge
DSO exploit
DyFuCA
DyFuCA.InternetOptimizer
n-Case
Roings
SeaqrchForIt
Twain Tech

All of which i had deleted after running Spybot the first time.
Logged
Robert
"Amazing"
Archon
********
Offline Offline

Posts: 2,442



« Reply #8 on: August 03, 2004, 01:06:08 PM »

OK Mourad,

You need to do the following.

1) Verify you have no applications running. Make sure the taskbar at the bottom is empty.
2) Run the Hijack This! Program
3) Do the scan
4) Place a CHECK in the following boxes:

O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA880F} - C:WINNTEliteBarEliteBar version 35.dll
O4 - HKCU..Run: [Cwoqwt] C:WINNTsystem32mdnp.exe
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab

So you should have 3 check marks.  Click on the "fix" button.

5) Restart computer. Run spybot/ad aware combo again. Then restart, and now try.

Let me know.

R
Logged
Jakub
Archon
********
Offline Offline

Posts: 2,748



« Reply #9 on: August 03, 2004, 01:50:32 PM »

I've been using a trial version of "Trojan Remover Ver 6.2.7 and find it works good, I also use a spyware remover with my Earthlink total access.

Them Trojans are mean demons.

james
Logged

An old timer is a man who's had a lot of interesting experiences -- some of them true.

Grant me the senility to forget the people I never liked anyway, the good fortune to run into the ones I do, and the eyesight to tell the difference.
yBeayf
High Elder
******
Offline Offline

Posts: 708

/etc


« Reply #10 on: August 03, 2004, 03:01:28 PM »

You might also try downloading SpySweeper, which is a *slow* scanner but very thorough. The Adaware/Spybot/SpySweeper trifecta is what we use at my workplace whenever someone's been infected with spyware.

Once you're clean, you also might look into running the new Spybot TeaTimer, which pops up a confirmation dialog box every time a program tries to make a change to your system settings.
Logged
The young fogey
Archon
********
Offline Offline

Posts: 2,798


I'm an alpaca, actually


WWW
« Reply #11 on: August 03, 2004, 03:13:01 PM »

If you do a search on my blog you'll find a link to download an app that kills the spyware called look2me. I think it's called kill2me - it's great! Did the job when Spybot failed.
Logged

mourad
Jr. Member
**
Offline Offline

Posts: 49


Mia, not mono!


« Reply #12 on: August 04, 2004, 01:51:31 AM »

Rob,
thank you so much, it worked like a charm,
The Lord keep you,
thanks again,
mourad
Logged
Robert
"Amazing"
Archon
********
Offline Offline

Posts: 2,442



« Reply #13 on: August 04, 2004, 02:14:37 AM »

No problem.

Glad to be of service.

R

Logged
Tags:
Pages: 1   Go Up
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.065 seconds with 40 queries.