Hijack me

Status
Not open for further replies.
M

mckfodder

Posts: 10   +0
Hi hope im doing this right have a problem with google keeps redicerting me all over the place i have uploaded my hijack this file any help would be great thank you
 
I have moved your thread to the correct forum.

Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O11 - Options group: [INTERNATIONAL] International*

O17 - HKLM\System\CCS\Services\Tcpip\..\{32C2AA72-8659-4CE5-911E-13D1650334B6}: NameServer = 85.255.114.106,85.255.112.123

O17 - HKLM\System\CCS\Services\Tcpip\..\{56DC4C3B-55BB-46E0-940B-8A99808E7397}: NameServer = 85.255.114.106,85.255.112.123

O17 - HKLM\System\CCS\Services\Tcpip\..\{75B5E628-8271-4F1C-B114-13DC1C104587}: NameServer = 85.255.114.106 85.255.112.123

O17 - HKLM\System\CCS\Services\Tcpip\..\{77882854-EBCF-441F-910C-675436A86089}: NameServer = 85.255.114.106,85.255.112.123

O17 - HKLM\System\CCS\Services\Tcpip\..\{8D80E605-D945-40FE-B788-B3FD9015CF28}: NameServer = 85.255.114.106,85.255.112.123

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.106 85.255.112.123

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.106 85.255.112.123

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.106 85.255.112.123

Only fix the above 017 entries if they don`t belong to your ISP or you don`t recognise the domain.

Click on the fix checked button.

Close HJT and reboot your computer.

I can find nothing particularly nasty in your HJT log.

Regards Howard :)

This thread is for the use of mckfodder only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
thanks for ur quick reply as im pretty new at this how do i tell if o17 belong to my isp
Thanks once again
 
Is this your ISP?

xbox.dedi.inhoster.com
Inhoster hosting company
OOO Inhoster, Poltavskij Shliax 24, Kharkiv, 61000, Ukraine

If it is, then don`t fix the 017 entries.

Regards Howard :)

This thread is for the use of mckfodder only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
That`s good news and thanks for letting me know.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of mckfodder only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
ok know worries just a quick question whats the best spyware adware removal tool i have avg 7 and use lava soft adware but some times feel thats not enough also i only use xp firewall any recomendations would be helpflly
thanks
 
The best antispyware/adware programme is supposed to be SpySweeper. However, it`s not free.

I normally just use SS&D/Ad-Aware se personal/AVG Antispyware/Spyware Blaster. I also use AVG free antivirus and Zonealarm firewall and I never have any problems.

Regards Howard :)

This thread is for the use of mckfodder only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hi im still getting my browser hijacked the line
O17 - HKLM\System\CCS\Services\Tcpip\..\{75B5E628-8271-4F1C-B114-13DC1C104587}: NameServer = 85.255.114.106 85.255.112.123
keeps coming on hijack i delete it and its fine but if i start the browser again its back any help on this would be helpful thanks
 
Again I ask you is this your ISP?

85.255.114.106-xbox.dedi.inhoster.com

If it is, then you`ve no need to worry.

Here`s some more detailed info on that IP.

inetnum: 85.255.112.0 - 85.255.127.255
netname: inhoster
descr: Inhoster hosting company
descr: OOO Inhoster, Poltavskij Shliax 24, Kharkiv, 61000, Ukraine
remarks: -----------------------------------
remarks: Abuse notifications to: abuse@inhoster.com
remarks: Network problems to: noc@inhoster.com
remarks: Peering requests to: peering@inhoster.com
remarks: -----------------------------------
country: UA
org: ORG-EST1-RIPE
admin-c: AK4026-RIPE
tech-c: AK4026-RIPE
tech-c: FWHS1-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-by: RECIT-MNT
mnt-routes: RECIT-MNT
mnt-domains: RECIT-MNT
mnt-by: DAV-MNT
mnt-routes: DAV-MNT
mnt-domains: DAV-MNT
source: RIPE # Filtered

organisation: ORG-EST1-RIPE
org-name: INHOSTER
org-type: NON-REGISTRY
remarks: *************************************
remarks: * Abuse contacts: abuse@inhoster.com *
remarks: *************************************
address: OOO Inhoster
address: Poltavskij Shliax 24, Xarkov,
address: 61000, Ukraine
phone: +38 066 4633621
e-mail: support@inhoster.com
admin-c: AK4026-RIPE
tech-c: AK4026-RIPE
mnt-ref: DAV-MNT
mnt-by: DAV-MNT
source: RIPE # Filtered

person: Andrei Kislizin
address: OOO Inhoster,
address: ul.Antonova 5, Kiev,
address: 03186, Ukraine
phone: +38 044 2404332
nic-hdl: AK4026-RIPE
source: RIPE # Filtered

person: Fast Web Hosting Support
address: 01110, Ukraine, Kiev, 20Á, Solomenskaya street. room 201.
address: UA
phone: +35 79 91 17 759
e-mail: support@fwebhost.net
nic-hdl: FWHS1-RIPE
source: RIPE # Filtered

Regards Howard :)

This thread is for the use of mckfodder only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
i do not think so im with plusnet net in the uk when i delete it from hijack this my browser works fine but if its their i always get redirected from where i want to go to some ****ty search engine also thats not my servers ip address
 
In that case, do the following.

I strongly suggest you backup your registry before doing the following.

Click start/run and type regedit into the run box and press the enter key. Click file, export and save a copy of your registry to where ver you want. Then, if you need to restyore your original registry, it`s a simple matter of double clicking the reg file and clicking yer when asked if you want to merge it into the registery.

Navigate to the following keys and delete them in the righthand pane. Make sure you ionly delete the keys with the bold codes.

HKEY_LOCAL_MACHINE\System\CCS\Services\Tcpip\..\{8D80E605-D945-40FE-B788-B3FD9015CF28}: NameServer = 85.255.114.106,85.255.112.123

HKEY_LOCAL_MACHINE\System\CCS\Services\Tcpip\..\{32C2AA72-8659-4CE5-911E-13D1650334B6}: NameServer = 85.255.114.106,85.255.112.123

HKEY_LOCAL_MACHINE\System\CCS\Services\Tcpip\..\{56DC4C3B-55BB-46E0-940B-8A99808E7397}: NameServer = 85.255.114.106,85.255.112.123

HKEY_LOCAL_MACHINE\System\CCS\Services\Tcpip\..\{75B5E628-8271-4F1C-B114-13DC1C104587}: NameServer = 85.255.114.106 85.255.112.123

HKEY_LOCAL_MACHINE\System\CCS\Services\Tcpip\..\{77882854-EBCF-441F-910C-675436A86089}: NameServer = 85.255.114.106,85.255.112.123


See if that helps.

You should post a fresh HJT log, once you done the above.

Regards Howard :)

This thread is for the use of mckfodder only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
new hijack log
none off them regedits where their and once i restart the pc 17 only comes back after i start the browser
 
You`re not using any firewall software. Go HERE and follow the links for either Zonealarm or Kerio firewalls.

Once you`ve installed a firewall, run HJT and fix that 017 entry. Other than that, your HJT log is clean as a whistle.

See if that helps.

Regards Howard :)

This thread is for the use of mckfodder only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
hi howard sorry to pester u but i can not load zone alarm i use to have it but thought i had deleted it now it is saying set up is unable to log into the true vector service. Install cannot continue without logging into the true vector services.
if you can help i would be very grateful had a quick look on the forums but could not find much their
Ian
 
Try these manual removal instructions. Obviously, you`ll already have removed some of the entries, but you should see if any of the entries in the instructions are still on your system.

If none of that helps, then maybe you should try the free Kerio firewall instead.

Regards Howard :)

This thread is for the use of mckfodder only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

losdavos
Malware removal help, please and thank you!
Replies
1
Views
831
losdavos
losdavos
midian182
  • Locked
Google sues alleged crypto scammers who uploaded fraudulent apps to the Play Store
Replies
24
Views
283
emmzo
E
M
Web Meeting disconnects even though internet is connected
Replies
1
Views
614
madhav04
M

Latest posts

Back