Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Noticeboard
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Fixed] Spyware problem

[Fixed] Hijackthis! Logs - [Fixed] Spyware problem posted in the Security & Safety forums; Hi there guys, im currently experiencing a few problems with spyware. I downloaded a program called 'windows live onecare' from the microsoft site and it seems to be working fine ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 4 1 2 3 4 >
  #1  
Old 06-16-2006
Bronze Member
  
Join Date: Jun 2006
Location: England
Posts: 19
mikeyboi - See this Members User comments on their Profile page
Default [Fixed] Spyware problem
Hi there guys, im currently experiencing a few problems with spyware.

I downloaded a program called 'windows live onecare' from the microsoft site and it seems to be working fine apart from one problem when i load up internet explorer my homepage is automatically set to http://www.safetyuptodate.net/ telling me about how my private information is open to all other computers, it then lists an IP address and other info yet its not even the right details for my computer so its nothing worrying me too much. Anyway when i set my homepage back to google it re-sets itself every time.

I just wondered could anyone help me out? have you had this problem before?

Any help will be much appreciated.
  #2  
Old 06-16-2006
chiaz's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Singapore
Posts: 2,709
PC Experience: PC Guru
chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page
Default
Hi mikeyboi, please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
  #3  
Old 06-16-2006
Bronze Member
  
Join Date: Jun 2006
Location: England
Posts: 19
mikeyboi - See this Members User comments on their Profile page
Default
Hi Chiawaikian, i got to the part where you said "Open the SmitfraudFix folder and double-click smitfraudfix.cmd" but when i opened the smitfraudfix file it only had the following files inside.

Genericrenos fix
restart
Swreg
Process
smitfraudfix
swsc
reboot
srchSTS

Now, one of these could be the file your talking about but i'll just wait for your reply to be on the safe side.

Thanks for your help so far.
  #4  
Old 06-16-2006
chiaz's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Singapore
Posts: 2,709
PC Experience: PC Guru
chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page
Default
smitfraudfix will be the one.


  #5  
Old 06-16-2006
Bronze Member
  
Join Date: Jun 2006
Location: England
Posts: 19
mikeyboi - See this Members User comments on their Profile page
Default
Here is the text file you were talking about.

SmitFraudFix v2.61
Scan done at 13:33:35.12, 16/06/2006
Run from C:\Documents and Settings\Legal User\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Legal User\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LEGALU~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\PestTrap\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{8dc1f789-e073-4363-b40d-07376bc5ecc5}"="articulation"
[HKEY_CLASSES_ROOT\CLSID\{8dc1f789-e073-4363-b40d-07376bc5ecc5}\InProcServer32]
@="C:\WINDOWS\system32\hzclqhc.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{8dc1f789-e073-4363-b40d-07376bc5ecc5}\InProcServer32]
@="C:\WINDOWS\system32\hzclqhc.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
  #6  
Old 06-16-2006
Bronze Member
  
Join Date: Jun 2006
Location: England
Posts: 19
mikeyboi - See this Members User comments on their Profile page
Default
Does anyone know the next step that Chiawaikian is going to get me to do?

I just copy and pasted the code above.
  #7  
Old 06-16-2006
Elite Member
My PC
 
Join Date: May 2006
Location: New Brunswick,Canada
Posts: 631
genie3251 - See this Members User comments on their Profile page genie3251 - See this Members User comments on their Profile page
Send a message via Yahoo to genie3251
Default
hey mickeyboi
unfortunatly only techs and people approved by techs are able to post help in spyware/adware section

genie3251


Last edited by genie3251; 06-16-2006 at 04:36 PM.

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 1 of 4 1 2 3 4 >

Bookmarks

« [Resolved] There must be something bad here | [Fixed] I need some help »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top
All times are GMT +1. The time now is 08:36 AM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top