We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Hijack this help
Options
tranmererovers
Posts: 2,313 Forumite
in Techie Stuff
Firstly thankyou to all the MSEs who have posted such good advice on this forum re malware / spyware. Having read some of the threads I have (wisely) installed ad-aware, spybot search and destroy, spyware blaster and hijack this onto my laptop (in addition to windows defender and AVG)
When running hijack this, I have a query on one of the entries (I have run it throught the hijack this analyser and it comes back as possibly nasty) The entry is:
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE26AF7F-13AB-4B91-A230-021EC2845B25}: NameServer = there then follows 2 IP addresses
How can I check these IP addresses to see if they belong to me or my ISP (Tiscali broadband)
Thanks for any advice
When running hijack this, I have a query on one of the entries (I have run it throught the hijack this analyser and it comes back as possibly nasty) The entry is:
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE26AF7F-13AB-4B91-A230-021EC2845B25}: NameServer = there then follows 2 IP addresses
How can I check these IP addresses to see if they belong to me or my ISP (Tiscali broadband)
Thanks for any advice
It's easier to get forgiveness than to ask permission 
0
Comments
-
Posting the two IPs may help as they would of been posted if you posted a full log.
Or enter them here to see where they originate from kinda thing.http://www.ripe.net/whois0 -
http://www.spywareinfo.com/%7Emerijn/htlogtutorial.html
For practical information, click the section name you need help with:- R0, R1, R2, R3 - Internet Explorer Start/Search pages URLs
- F0, F1 - Autoloading programs
- N1, N2, N3, N4 - Netscape/Mozilla Start/Search pages URLs
- O1 - Hosts file redirection
- O2 - Browser Helper Objects
- O3 - Internet Explorer toolbars
- O4 - Autoloading programs from Registry
- O5 - IE Options icon not visible in Control Panel
- O6 - IE Options access restricted by Administrator
- O7 - Regedit access restricted by Administrator
- O8 - Extra items in IE right-click menu
- O9 - Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu
- O10 - Winsock hijacker
- O11 - Extra group in IE 'Advanced Options' window
- O12 - IE plugins
- O13 - IE DefaultPrefix hijack
- O14 - 'Reset Web Settings' hijack
- O15 - Unwanted site in Trusted Zone
- O16 - ActiveX Objects (aka Downloaded Program Files)
- O17 - Lop.com domain hijackers
- O18 - Extra protocols and protocol hijackers
- O19 - User style sheet hijack
Ex forum ambassador
Long term forum member0 -
I'd not use HJT unless I thought I was Hijacked. Not everything listed is bad, it lists ever module effectively loaded by the OS.
Also add XP Antispy to your considered list of tools...and don't run with ADMIN rights. Good steps to safety
In the United Kingdom 200,000 people are bitten by dogs every year and some people will die as a result. Of those bitten, 70% are children... So the question has to be asked....... Has the time come to ban children?0 -
Thanks ELectron, Browntoa and Lob Rockster for your advice. I have checked out the IP addresses (which incidentally have changed since last night) and they all belong to RIPE Network Coordination Centre - have looked in Wikipedia and this seems legit to me (hope you agree) So I am planning to leave well alone.
With regard to XP Antispy, I've googled it and there are lots of entries, any site you would recommend to download.
Also any advice on a firewall??
Thanks in anticipationIt's easier to get forgiveness than to ask permission
0 -
Official link http://www.microsoft.com/athome/security/spyware/software/default.mspx
Kerio Firewall http://www.sunbelt-software.com/Kerio.cfm
Or
Sygate http://www.oldversion.com/program.php?n=sygate Bottom Link0 -
Official link http://www.microsoft.com/athome/sec...re/default.mspx
Electron, that link takes me to Windows Defender download page (already have this) Is this the same as xp antispy (sorry if I'm being thick)
ThanksIt's easier to get forgiveness than to ask permission
0 -
tranmererovers wrote:Official link http://www.microsoft.com/athome/sec...re/default.mspx
Electron, that link takes me to Windows Defender download page (already have this) Is this the same as xp antispy (sorry if I'm being thick)
Thanks
Yes it used to be called Microsoft AntiSpyware Beta its just a name change so yes its the same thing.0 -
0
-
(Sorry can't figure out how to do this as a quote!)
Do I need this (ie linke above) as well as windows defender?
ThanksIt's easier to get forgiveness than to ask permission
0 -
Unless RIPE really IS your ISP get rid of that entry. RIPE is a well known haven for spyware and malware in general.tranmererovers wrote:Thanks ELectron, Browntoa and Lob Rockster for your advice. I have checked out the IP addresses (which incidentally have changed since last night) and they all belong to RIPE Network Coordination Centre - have looked in Wikipedia and this seems legit to me (hope you agree) So I am planning to leave well alone.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards