Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

I think I was Hijacked- HELP

Started by Crush , Feb 03 2006 02:58 PM

  • This topic is locked This topic is locked
33 replies to this topic

#31 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 15 February 2006 - 01:47 PM

Crush, I am so sorry for all your troubles. :angry: You seem to have had a time with it. You cant load windows xp from a floppy, you need to put in the windows CD and have the bios set to boot from the CD. It gets kind of tricky if you havent done this before. Most computers use the F2 key, but yours may be different, you may have to call the manufacturer and ask what key you use to get into the Bios. It may tell you when you start up. Turn the computer on and keep pressing the F2 key ( or whatever one they tell you ) until the bios loads, and then look for the BOOT ORDER and change the first boot device to the CD Rom, and the second to your Hard drive. It may be set like this already, just put the windows disk in and restart the computer and see what happens, if it asks you if you want to reinstall windows, go for it. Choose the NTFS file system to install windows. If you have the windows cd, you should not have a problem reinstalling the OS, all my computers have been built with nothing but OEM software. Thsi should not make a difference. Crush, we dont do email on this forum but you can log on and PM me if you like. Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove

#32 Crush

Crush

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 17 February 2006 - 05:58 AM

Ken:

I was able to reboot by resetting the BIOS, but I ended up reformatting the hard drive and it allowed SP2 to be installed so I got past that hurdle but now I am having problems I think with zone alarm I am trying to reinstall some of the old programs that I had before, right now I can't even down load Hijack this it is blocked somehow.
and I think that I am getting infected all over again.

I just turned off Zone Alarm and I was able to download HJT I will leave a post.
-------------------------------------------------------------------------------------------------------------------------------
I keep getting this alert from ZA:

ZoneAlarm Pro blocked access to port 139 on your computer 2-17-06 5:10 am
No breach in your security has occurred. Your computer is safe.

What happened?

ZoneAlarm Pro prevented a remote computer from connecting to port 139 on your computer. If you are sharing files on a local network, this connection attempt was probably legitimate network traffic. Port 139 is commonly used by networked Windows computers to enable file sharing and other resource sharing. However, if the traffic that generated this alert came from the Internet rather than a local network, this may have been attack on your computer

-------------------------------------------------------------------------------------------------------------------------------


Ken:
You say you like Zone Alarm ... is there a site I can go to learn how to use it better than what zone labs has to offer because I don't really understand how it works and I think I got my settings all screwed up, but when I down loaded ZA most settings were disabled .. that may be because I now have SP2 working on this computer.

Ken whatever you do please don't leave me now because you are helping me get back on track since Sunday I have had a death in the family and I have other family members who's house caught on fire during the snow storm and they are displaced, My mom is in a nursing home. I have been dealing with all of that and a bunch of my own medical problems.
but in between these problems I am trying to get this computer working again.
--------------------------------------------------------------------------------------------------------------------------


Here is the last Ewido scan results:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 2:12:18 AM, 2/17/2006
+ Report-Checksum: 7893AD7

+ Scan result:

:mozilla.8:C:\Documents and Settings\Big O\Application Data\Mozilla\Firefox\Profiles\22op51qo.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Big O\Application Data\Mozilla\Firefox\Profiles\22op51qo.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Big O\Application Data\Mozilla\Firefox\Profiles\22op51qo.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Big O\Application Data\Mozilla\Firefox\Profiles\22op51qo.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Big O\Cookies\big o@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Big O\Cookies\big o@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Big O\Cookies\big o@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Big O\Cookies\big o@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Big O\Cookies\big o@s.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Big O\Cookies\big o@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Big O\Cookies\big o@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup


::Report End

-------------------------------------------------------------------------------------------------------------------------------

Here is the HJT post:

Logfile of HijackThis v1.99.1
Scan saved at 3:34:54 AM, on 2/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
G:\Setup\pcreator\setup.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\HyjackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvListnr] C:\Program Files\Analog Devices\SoundMAX\DrvListnr.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1140139296281
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CA4D44C-C72C-435F-8CEF-9D406051840B}: NameServer = 71.242.0.12 151.197.0.39
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------------------------------------------------------------------------------------------
What a mess I've got.
Crush

#33 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 17 February 2006 - 10:47 AM

Hi Crush,

If you look through your Ewido report you will see that the only thing the program found was some cookies, out side of a few of those (which is normal ) it didnt find any malware on your system.


Your HJT log looks fine but I was wondering about this entry

G:\Setup\pcreator\setup.exe Is this a program that you know about and installed.



As far as Zone Alarm, turn off the alerts so they wont drive you crazy, most of them are valid anyway. You can go here and join this forum for free and ask any questions that you like.

http://forums.zonelabs.com/zonelabs




You dont have any Anti Virus program running,

* Here are Free Anti-Virus Programs if you need one

AVG Free Edition
AntVir Personal Edition



Once you have windows installed, its just a matter of installing only the programs that you want. I think I posted to you about some sites that specialize in Windows problems. A good place to start is right here at Tom Coyote in the forum for OTHER COMPUTER PROBLEMS.

http://forums.tomcoy...hp?showforum=83

Be sure to mention that you posted here and that your log is ok. You seem to be ok, but any cliches you run into, post in one of the forums that I mentioned and you will get the help you need. This forum is mainly for the removal of Malware and Viruses which it looks like you have none of.

Just install all the programs that I posted to you, install a AV program , keep on top of Zone Alarm and you shoud be ok.

Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#34 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 07 March 2006 - 10:14 AM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·