Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » browser hijacked?

[Fixed] Hijackthis! Logs - browser hijacked? posted in the Security & Safety forums; Ok, instructions executed and logs as requested. It was not clear if when SDFix rebooted if you wanted it to come back up in Safe mode - it did not, ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 2 of 14 < 1 2 3 4 5 6 12 > Last »
  #7  
Old 01-09-2008
keller130's Avatar
Bronze Member
  
Join Date: Jan 2008
Posts: 42
PC Experience: Some Experience
keller130 - See this Members User comments on their Profile page
Default Re: browser hijacked?
Ok, instructions executed and logs as requested. It was not clear if when SDFix rebooted if you wanted it to come back up in Safe mode - it did not, I just let it reboot by itself therefore the conclusion of SDFix and the HJT run was not in Safe mode. Please let me know if this was incorrect. Also, for you information, there has been no symptomatic change - IE still misbehaves as previously described and the machine reboots if you try to search the registry.

continued thanks.

norm
Attached Files
File Type: txt SDFix report.txt (2.8 KB, 2 views)
File Type: log hijackthis4.log (9.6 KB, 0 views)


  #8  
Old 01-10-2008
valis's Avatar
Senior Security Analyst
My PC
 
Join Date: Jan 2007
Location: texas, USA
Posts: 2,585
PC Experience: PC Illiterate
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default Re: browser hijacked?
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:
KillAll::
File::
C:\Documents and Settings\All Users\DRM\DRMv1.bak
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.






Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh sdfix log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

thanks,

v


__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
  #9  
Old 01-11-2008
keller130's Avatar
Bronze Member
  
Join Date: Jan 2008
Posts: 42
PC Experience: Some Experience
keller130 - See this Members User comments on their Profile page
Default Re: browser hijacked?
As requested. Note aberrant behavior still present.

norm
Attached Files
File Type: txt combofix.txt (13.9 KB, 1 views)
File Type: txt SDFix report.txt (2.5 KB, 1 views)


  #10  
Old 01-11-2008
valis's Avatar
Senior Security Analyst
My PC
 
Join Date: Jan 2007
Location: texas, USA
Posts: 2,585
PC Experience: PC Illiterate
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default Re: browser hijacked?
follow the same steps in post 10 for the following file:

C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e7 0c80a1e476f1abf49afecb1\BITD.tmp

reboot, and post a new sdfix....

thanks,

v


__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
  #11  
Old 01-12-2008
keller130's Avatar
Bronze Member
  
Join Date: Jan 2008
Posts: 42
PC Experience: Some Experience
keller130 - See this Members User comments on their Profile page
Default Re: browser hijacked?
Apologies, but I don't understand the context of this last instruction. You refer to following the steps in post 10 with the file as specified. This most recent post of yours is #10 - what steps am I supposed to follow and what do I do with this file path you provided?

norm
  #12  
Old 01-13-2008
valis's Avatar
Senior Security Analyst
My PC
 
Join Date: Jan 2007
Location: texas, USA
Posts: 2,585
PC Experience: PC Illiterate
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default Re: browser hijacked?
my bad, post 8, and what you want to save as cfscript.txt is below:

KillAll::
File::
C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e7 0c80a1e476f1abf49afecb1\BITD.tmp
thanks,

v


__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall

Reply
New! Norton Internet Security 2008 – Download Now Click Here
Page 2 of 14 < 1 2 3 4 5 6 12 > Last »

Bookmarks

« HiJack This Log--see anything that's a problem | Trojan infection »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Default Browser Issues Mullet_Fish General Software 1 01-29-2007 11:42 AM
Auto Reboot (again) bagofcrap24 All other Hardware 3 10-17-2006 09:25 AM
Wuaueng.dll Errors in Applications Logs Debutante Windows XP/2000 9 06-25-2006 01:51 AM
Enigma Browser PraiseJah General Software 1 03-14-2006 09:41 PM
[Pending] HJT log - hijacked IE browser jmarkey71 [Fixed] Hijackthis! Logs 1 05-31-2005 02:29 PM

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 11:07 PM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top