Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Login to participate.
Go Back   TechSpot OpenBoards > OS & Software > Security and the Web
Reload this Page Hijacked, Need Help Please

Hijacked, Need Help Please

Reply
Bookmark / Share this page
Thread Tools
  #1  
Old 10-15-2008
Newcomer, in training
  
Member since: Oct 2008, 3 posts
Hijacked, Need Help Please
Hello, I'm new to this forum and I need some serious help with my computer.

Ever since October 14, 2008 - my search engine and internet are malfunctioning.

Yahoo/Google search engines will pull up my search results I requested, but when I click the link to view my search results I get redirected to another so called 'search' website displaying references for my search results instead of the information I actually requested.

Could you please help me out? Whatever is going on, is seemingly blocking some websites completely, and it will not let me update my AVG or SpybotSD programs. I'll post the logs so you can review them and hopefully find a solution for me.
Attached Files
File Type: txt Logfile of Trend Micro HijackThis v2.txt (14.1 KB, 2 views)
File Type: txt Username.txt (2.2 KB, 1 views)
Reply With Quote
  #2  
Old 10-16-2008
Newcomer, in training
  
Member since: Oct 2008, 3 posts
Can anyone help me?
Reply With Quote
You can remove this banner by registering, join the TS Community for free.
  #3  
Old 10-16-2008
BillAllen55's Avatar
TechSpot Member
  
Location: Central Oregon - Gods Country
Member since: May 2008, 139 posts
System specs
Please see this website and follow the 8-step process. http://www.techspot.com/vb/topic58138.html
Reply With Quote
  #4  
Old 10-16-2008
Newcomer, in training
  
Member since: Oct 2008, 3 posts
I did, but I could not download some of the components, it seems this 'hijacker' has blocked certain websites from my access. And, it will not allow my spybot, or AVG to update.
Reply With Quote
  #5  
Old 10-17-2008
TechSpot Booster
  
Location: Illinois, USA
Member since: Feb 2007, 651 posts
System specs
Oy vey! That is quite interesting HJT log. I think you are describing clickjacking.
The following recommendation is NOT a solution. This is an attempt to hobble the malware on your computer.
It is hoped that you can load the MBAM & SAS programs (tools) afterwards.

Re-run HJT. Check / fix the following.
DO NOT delete the associated files.
Two entries related to FF seem to be logical choices.

Quote:
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKCU\..\Run: [appchk.exe] C:\WINDOWS\system32\appchk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dh0hgdus.Default User\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles/dh0hgdus.Default User\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
If L: is a usb thumb drive - remove it.
Check / fix this O23 entry. This merely "stops" the process from auto starting.
Quote:
nProtect KeyCrypt Manager Service - nProtect KeyCrypt Manager Service - INCA Internet Co., Ltd.
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - L:\Nexon\Mabinogi\npkcmsvc.exe

Some game sites consider this a breach of the TOS. They want to protect their interests. I cannot predict what measure they employ to detect that the service was not properly suspended. You can decide this.
If this proves useful, obtain & run the tools. Post the logs.
Safe mode with networking may be another approach for obtaining tools - no relavant experience on my part.

This premature use of HJT may require some re-work after the prelims.

The selection of some of O4 entries is to get a few of the unnecessary startup programs out of the way. All of the Lexmark stuff can go as well.
Quote:
Late add to list. No attempt to research secondary sources.
Could be part of the O23 package
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe ------>multimedia keyboard?
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe -----> no description
Reply With Quote
Reply
Thread Tools

Forum Jump

Similar Topics
Thread Thread Starter Forum Replies Last Post
ie hijacked axeshredder77 Security and the Web 4 04-26-2007 01:28 AM
Hijacked..??? takaboku Security and the Web 2 03-07-2007 03:56 AM
Help! I'm being hijacked! kdaarke Security and the Web 7 02-20-2007 01:37 PM
Help! My IE has been hijacked! davio Security and the Web 2 12-06-2005 05:36 PM
I've been Hijacked! gbusch62 Security and the Web 2 05-04-2005 11:27 AM


All times are GMT -4. The time now is 11:53 AM.