📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

My computer has been hijacked HELP REQUIRED

Options
13»

Comments

  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    we will get there in the end !!

    you do realise that Bitcomet (and the lack of antivirus) was the probable source of this (also the downloading of a "codec" for Windows Media Player to view certain video content ;) )
    Ex forum ambassador

    Long term forum member
  • Luffy321
    Luffy321 Posts: 257 Forumite
    Part of the Furniture Combo Breaker
    What can i say i love anime which is the reason why i have bitcomet and different types of codec. Here is the SMitFraudFix log:

    SmitFraudFix v2.219

    Scan done at 20:41:08.10, 02/09/2007
    Run from C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\main_uninstaller.exe Deleted
    C:\WINDOWS\wmpdev.dll Deleted
    C:\WINDOWS\wmphost.dll Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\!!7A545EDF-3EBE-41C5-B268-01AB4F12860F}: DhcpNameServer=15.243.128.51 15.243.160.51
    HKLM\SYSTEM\CS1\Services\Tcpip\..\!!7A545EDF-3EBE-41C5-B268-01AB4F12860F}: DhcpNameServer=15.243.128.51 15.243.160.51
    HKLM\SYSTEM\CS3\Services\Tcpip\..\!!7A545EDF-3EBE-41C5-B268-01AB4F12860F}: DhcpNameServer=15.243.128.51 15.243.160.51


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    Well my computer seems to be back to normal but after waking up this morning i fear that this trojan will keep reappearing.
    Again thanks for you help
  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    if all looks ok now then go to control panel then "system" , click on the "system restore" tab and turn it off and on

    then if you have not already done so , download www.ccleaner.com (think you need to remember to untick the box to install Yahoo toolbar) and run it to clear all your temp files etc

    then download a real firewall

    http://www.personalfirewall.comodo.com/

    you will need to allow permission for stuff to access the net the first time they are used (if you are not sure what is trying to access the internet then google the file/program name) and tick the little box to allow the program to always have access
    Ex forum ambassador

    Long term forum member
  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    you can see why we asked you to start your own thread now, your (multiple) infection was harder to deal with than the other and each clean is more or less bespoke, it's like peeling an orange layer by layer, you are not sure what is underneath !!

    hopefully things are clean now but just to be sure run off a hijackthis log tomorrow and let me know if you have problems

    if all clean then just remember to scan in safe mode with the antivirus + superantispayware (after updating them) from time to time
    Ex forum ambassador

    Long term forum member
  • yea i see why this needed it own thread my computer was riddled with filth. This infection could not of come at a worst time since im just about househunt on the internet for accommodation at university but thank to you it looks all clear now. I will install the firewall and post the hijack log tomorrow. Is there anyway i can repay for your dedication to my case?
  • Browntoa
    Browntoa Posts: 49,604 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    thanks is all I need

    I've learnt stuff on this thread, this new variant is the first one i've seen that stops you going to safe mode , there seems to be a spate of them looking around

    hopefully everythings all ok now
    Ex forum ambassador

    Long term forum member
  • Luffy321
    Luffy321 Posts: 257 Forumite
    Part of the Furniture Combo Breaker
    Thanks again
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244.1K Work, Benefits & Business
  • 599K Mortgages, Homes & Bills
  • 177K Life & Family
  • 257.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.