We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Help with Hijack this.
Options
Comments
-
Have you tried a full scan with Super Anti Spyware? (And is that updating ok?):idea:0
-
Yes I have been able to update Super Anti Spyware and did a full scan a few days ago. I have just updated this again and will now do a full scan with this.0
-
Try a manual malwarebytes update ~
http://www.malwarebytes.org/mbam/database/mbam-rules.exe
Once the '.exe' file has been download. Open it ~ it will automatically update the 'MALWAREBYTES DEFINITION' files
(If the link wont work on your machine ill download it myself and upload it somewhere you CAN get to):idea:0 -
The link won't work. When the page opens it goes straight to a 'second page' with internet explorer cannot display the webpage, if I click on the back button the malwarebytes page is there but it just keeps going straight to the second page.
In Firefox it comes up as address not found.
Below are two scans that I did today.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 03/11/2010 at 12:13 PM
Application Version : 4.26.1002
Core Rules Database Version : 3868
Trace Rules Database Version: 1816
Scan type : Quick Scan
Total Scan Time : 01:01:34
Memory items scanned : 760
Memory threats detected : 0
Registry items scanned : 581
Registry threats detected : 0
File items scanned : 37910
File threats detected : 69
Adware.Tracking Cookie
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@mediaplex[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@ad.yieldmanager[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@doubleclick[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@onlineadtracker1.co[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@track.adform[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@ehg-fastweb.hitbox[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@admarketplace[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@tradedoubler[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@invitemedia[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@adviva[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@ads.ad4game[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@tribalfusion[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@ads2.phonearena[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@content.yieldmanager[3].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@collective-media[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@ipcmediasecure[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@handpickedmedia.co[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@ipcmedia.122.2o7[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@adserver.artempireindustries[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@atdmt[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@ehg-zoomerang.hitbox[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@apmebf[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@msnportal.112.2o7[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@ad1.emediate[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@xml.trafficengine[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@advertise[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@ads.audience2media[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@192com.112.2o7[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@adserver.breakbeat.co[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@ads.factorymedia[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@2o7[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@questionmarket[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@advertising[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@stat.easydate[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@adtech[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@content.yieldmanager[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@ads.telegraph.co[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@richmedia.yahoo[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@virginmedia[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@bs.serving-sys[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@serving-sys[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@goodtoknow.ipcmediasecure[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@eas.apm.emediate[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@adserv.crossrhythms.co[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@weborama[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@tacoda[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@cdn5.specificclick[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@audience2media[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@valueclick[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@uk.sitestat[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@clicksor[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@122.2o7[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@femalefirst.co[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@myroitracking[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@statse.webtrendslive[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@womanandhome.ipcmediasecure[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@bridge2.admarketplace[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@specificclick[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@at.atwola[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@ad.wsod[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@revsci[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@hitbox[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@zedo[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@statcounter[2].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@ads.belointeractive[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@archant.122.2o7[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@w00tpublishers.wootmedia[1].txt[/email]
C:\Users\my comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@cent.adbureau[2].txt[/email]
Trojan.Downloader-Gen/Suspicious
C:\WINDOWS\MBR.EXE
ADVANCED SYSTEM PROTECTOR LOG FILE :-
Cookie.Tracking-Cookie (Tracking Cookies) Status : QuarantinedInfected Cookies
C:\Users\My comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@ad.yieldmanager[1].txt[/email]
C:\Users\My comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@apmebf[1].txt[/email]
Cookie.BeloInteractive.com (Tracking Cookies) Status : QuarantinedInfected Cookies
C:\Users\My comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@belointeractive[1].txt[/email]
Cookie.BS.Serving-Sys (Tracking Cookies) Status : QuarantinedInfected Cookies
C:\Users\My comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@bs.serving-sys[2].txt[/email]
Cookie.DoubleClick (Tracking Cookies) Status : QuarantinedInfected Cookies
C:\Users\My comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@doubleclick[1].txt[/email]
Cookie.Mediaplex.com (Tracking Cookies) Status : QuarantinedInfected Cookies
C:\Users\My comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@mediaplex[2].txt[/email]
Cookie.SmartAdServer.com (Tracking Cookies) Status : QuarantinedInfected Cookies
C:\Users\My comp\AppData\Roaming\Microsoft\Windows\Cookies\my [email]comp@smartadserver[1].txt[/email]
Virus.virut.ce (Script Virus) Status : QuarantinedInfected files detected
FileName: c:\program files\synaptics\syntp\syntpenh.exe MD5: d8b83790f45403b83d24fc63310e3bc7 (857648 Bytes) Signature:
FileName: c:\drivers\input\r155586\syntpenh.exe MD5: d8b83790f45403b83d24fc63310e3bc7 (857648 Bytes) Signature:
FileName: c:\program files\vodafone\vmclite\datacard_setup.exe MD5: 403964d99806c98b5de5da8128b027c9 (106496 Bytes) Signature:
FileName: c:\windows\system32\driverstore\filerepository\synpd.inf_c1ece006\syntpenh.exe MD5: d8b83790f45403b83d24fc63310e3bc7 (857648 Bytes) Signature:
FileName: c:\windows\winsxs\x86_microsoft-windows-dispdiag_31bf3856ad364e35_6.0.6001.18000_none_44e4695530172d0f\dispdiag.exe MD5: 3dc2e29236dcb33851b847fe922371e6 (121856 Bytes) Signature:
Infected registry keys/values detected
hkey_local_machine\software\microsoft\windows\currentversion\run\syntpenh
hkey_local_machine\software\synaptics\syntpplugins\syntp\resourcemodule
RogueProgram.WinAntiVirus-Pro-2006 (Rogue Antispyware Program) Status : QuarantinedInfected registry keys/values detected
hkey_classes_root\*\shellex\contextmenuhandlers\shellextension
hkey_classes_root\directory\shellex\contextmenuhandlers\shellextension
hkey_classes_root\drive\shellex\contextmenuhandlers\shellextension
hkey_local_machine\software\classes\*\shellex\contextmenuhandlers\shellextension
hkey_local_machine\software\classes\directory\shellex\contextmenuhandlers\shellextension
hkey_local_machine\software\classes\drive\shellex\contextmenuhandlers\shellextension
Malware (General Components) (Generic Malware ) Status : QuarantinedInfected registry keys/values detected
hkey_current_user\software\wget
hkey_current_user\software\microsoft\security center\antivirusdisablenotify
hkey_current_user\software\microsoft\security center\updatesdisablenotify
RogueProgram.MS-Antispyware-2009 (Rogue Antispyware Program) Status : QuarantinedInfected registry keys/values detected
hkey_current_user\software\microsoft\windows\currentversion\drivers
hkey_current_user\software\microsoft\windows\currentversion\drivers\video
hkey_current_user\software\microsoft\windows\currentversion\drivers\video\options
Trojan.pakes.nkm (Trojan) Status : QuarantinedInfected files detected
FileName: c:\program files\videolan\vlc\vlc.exe MD5: b2ac5fe749409f3bab400298a022a3b8 (96256 Bytes) Signature:
FileName: c:\programdata\microsoft\windows\start menu\programs\videolan\quick settings\audio\set audio mode to directx (default).lnk MD5: 2dcdfd3ac498ba18ebd5e91aeab58606 (977 Bytes) Signature:
FileName: c:\programdata\microsoft\windows\start menu\programs\videolan\quick settings\audio\set audio mode to waveout.lnk MD5: c20f99d1314a47969d0a2c462dd3c9d9 (967 Bytes) Signature:
FileName: c:\programdata\microsoft\windows\start menu\programs\videolan\quick settings\interface\set main interface to skinnable.lnk MD5: eff5f34f8fe404aa656f1080f328edd9 (955 Bytes) Signature:
FileName: c:\programdata\microsoft\windows\start menu\programs\videolan\quick settings\interface\set main interface to wxwidgets (default).lnk MD5: 83916558e85c5b85c226cea85f191414 (955 Bytes) Signature:
FileName: c:\programdata\microsoft\windows\start menu\programs\videolan\quick settings\reset vlc media player preferences and cache files.lnk MD5: f596b058929e0958e9478b70ae708556 (1005 Bytes) Signature:
FileName: c:\programdata\microsoft\windows\start menu\programs\videolan\quick settings\video\set video mode to direct3d (no hardware acceleration).lnk MD5: 602282139834c7376a04becd3d26d93b (1029 Bytes) Signature:
FileName: c:\programdata\microsoft\windows\start menu\programs\videolan\quick settings\video\set video mode to direct3d.lnk MD5: 0bba64ffea26ab2f6687e5c46c39c055 (1023 Bytes) Signature:
FileName: c:\programdata\microsoft\windows\start menu\programs\videolan\quick settings\video\set video mode to directx (no hardware acceleration).lnk MD5: 474120ba968c4abb430e2fb5a8b84f26 (1033 Bytes) Signature:
FileName: c:\programdata\microsoft\windows\start menu\programs\videolan\quick settings\video\set video mode to directx (no video overlay).lnk MD5: 1698f0dace3e3e4971505dceb8ba39a9 (1027 Bytes) Signature:
FileName: c:\programdata\microsoft\windows\start menu\programs\videolan\quick settings\video\set video mode to directx.lnk MD5: 2f20b23a2fad43dd514105141dbb2b5c (1021 Bytes) Signature:
FileName: c:\programdata\microsoft\windows\start menu\programs\videolan\quick settings\video\set video mode to opengl.lnk MD5: 16132f6805f1efe83916ee259081e0a5 (985 Bytes) Signature:
FileName: c:\programdata\microsoft\windows\start menu\programs\videolan\vlc media player.lnk MD5: 01bd53e79f9b904d0829036a62ee124c (879 Bytes) Signature:
FileName: c:\users\public\desktop\vlc media player.lnk MD5: 0a50f38528066bb366bebdfaa022bb4a (861 Bytes) Signature:
Infected registry keys/values detected
hkey_local_machine\software\microsoft\windows\currentversion\uninstall\vlc media player\displayicon
Riskware-P2P.Reboot.f (P2P) Status : QuarantinedInfected files detected
FileName: c:\combofi1\dumphive.cfexe MD5: 21868b2d22c726d94d98f15825d4134b (51200 Bytes) Signature:
Trojan-Downloader.VB.ask (Trojan-Downloader) Status : QuarantinedInfected files detected
FileName: c:\combofi1\pv.cfexe MD5: 92bd80f82fe8a28385b7d9d3f215e8b3 (73728 Bytes) Signature:
Trojan-Dropper.vb.abyh (Trojan Dropper) Status : QuarantinedInfected files detected
FileName: c:\program files\winrar\default.sfx MD5: 4ae10a9555a590715be00c8b492d8ab4 (90112 Bytes) Signature:
Malware.cpex-based.gc (Generic Malware ) Status : QuarantinedInfected files detected
FileName: c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\iexplore.exe MD5: 9e6c1527d9a2c64bfd780aa23075380f (636072 Bytes) Signature: 2bc9c106c2a8fa9d103e57773ec2ea050 -
Run a FULL scan with SAS, you only ran a quick one:idea:0
-
Heres the malwarebytes update files via rapidshare
http://rapidshare.com/files/362049819/mbam-rules.exe.html
Once youve run a full scan with SAS, run the above file then run a FULL scan with malwarebytes:idea:0 -
I ran the full scan with SAS would you like me to post the log file.
I ran the rapidshare file and did a full scan with malwarebytes.
Malwarebytes' Anti-Malware 1.44
Database version: 3740
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
12/03/2010 10:36:15
mbam-log-2010-03-12 (10-36-15).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 300606
Time elapsed: 1 hour(s), 59 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.150 85.255.112.148 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{54c47cd1-44c2-4248-ab52-6e5f929c94ec}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.150 85.255.112.148 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)0 -
It might be worth you checking your settings on your router to make sure the settings are as your isp intended.0
-
I have logged into my router and had a look but I don't know what I'm looking for.0
-
Who is your ISP and what brand is your router?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards