Hijacked by Systemsoap -log attachd

Computing.Net > Forums > Security and Virus > Hijacked by Systemsoap -log attachd

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Hijacked by Systemsoap -log attachd

Name: andy
Date: October 4, 2003 at 14:39:39 Pacific
OS: Win 98
CPU/Ram: XP2600+, 512MB

Comment:

Hi
Sorry to post long files again, but
After reading posts, ran Hijack This, only to get an alert saying "Too many hijacked browsers, you may need to delete Hosts file"
I did this and ran a scan as below.
Im very grateful to anybody that can help here.
Already ran Spybit. I use AVG/Zonealarm too.
Thanks very much
Andy

Logfile of HijackThis v1.97.2
Scan saved at 22:15:46, on 04/10/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\LEXBCES.exe
C:\WINDOWS\SYSTEM\RPCSS.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\EXPLORER.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.exe
C:\WINDOWS\SYSTEM\PRINTRAY.exe
C:\WINDOWS\SYSTEM\CTFMON.exe
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.exe
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.exe
C:\WINDOWS\TEMP\HIJACKTHIS.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://guardian.co.uk"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\n3ss6qa2.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_02.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\n3ss6qa2.slt\prefs.js)
O1 - Hosts: 88.88.88.88 elite
O1 - Hosts: 207.44.194.56 www.google.akadns.net
O1 - Hosts: 207.44.194.56 www.google.com
O1 - Hosts: 207.44.194.56 google.com
O1 - Hosts: 207.44.194.56 www.altavista.com
O1 - Hosts: 207.44.194.56 altavista.com
O1 - Hosts: 207.44.194.56 search.yahoo.com
O1 - Hosts: 207.44.194.56 uk.search.yahoo.com
O1 - Hosts: 207.44.194.56 ca.search.yahoo.com
O1 - Hosts: 207.44.194.56 jp.search.yahoo.com
O1 - Hosts: 207.44.194.56 au.search.yahoo.com
O1 - Hosts: 207.44.194.56 de.search.yahoo.com
O1 - Hosts: 207.44.194.56 search.yahoo.co.jp
O1 - Hosts: 207.44.194.56 www.lycos.de
O1 - Hosts: 207.44.194.56 www.lycos.ca
O1 - Hosts: 207.44.194.56 www.lycos.jp
O1 - Hosts: 207.44.194.56 www.lycos.co.jp
O1 - Hosts: 207.44.194.56 alltheweb.com
O1 - Hosts: 207.44.194.56 web.ask.com
O1 - Hosts: 207.44.194.56 ask.com
O1 - Hosts: 207.44.194.56 www.ask.com
O1 - Hosts: 207.44.194.56 www.teoma.com
O1 - Hosts: 207.44.194.56 search.aol.com
O1 - Hosts: 207.44.194.56 www.looksmart.com
O1 - Hosts: 207.44.194.56 ca.search.msn.com
O1 - Hosts: 207.44.194.56 fr.ca.search.msn.com
O1 - Hosts: 207.44.194.56 search.fr.msn.be
O1 - Hosts: 207.44.194.56 search.fr.msn.ch
O1 - Hosts: 207.44.194.56 search.latam.yupimsn.com
O1 - Hosts: 207.44.194.56 search.msn.at
O1 - Hosts: 207.44.194.56 search.msn.be
O1 - Hosts: 207.44.194.56 search.msn.ch
O1 - Hosts: 207.44.194.56 search.msn.co.in
O1 - Hosts: 207.44.194.56 search.msn.co.jp
O1 - Hosts: 207.44.194.56 search.msn.co.kr
O1 - Hosts: 207.44.194.56 search.msn.com.br
O1 - Hosts: 207.44.194.56 search.msn.com.hk
O1 - Hosts: 207.44.194.56 search.msn.com.my
O1 - Hosts: 207.44.194.56 search.msn.com.sg
O1 - Hosts: 207.44.194.56 search.msn.com.tw
O1 - Hosts: 207.44.194.56 search.msn.co.za
O1 - Hosts: 207.44.194.56 search.msn.de
O1 - Hosts: 207.44.194.56 search.msn.dk
O1 - Hosts: 207.44.194.56 search.msn.es
O1 - Hosts: 207.44.194.56 search.msn.fi
O1 - Hosts: 207.44.194.56 search.msn.fr
O1 - Hosts: 207.44.194.56 search.msn.it
O1 - Hosts: 207.44.194.56 search.msn.nl
O1 - Hosts: 207.44.194.56 search.msn.no
O1 - Hosts: 207.44.194.56 search.msn.se
O1 - Hosts: 207.44.194.56 search.ninemsn.com.au
O1 - Hosts: 207.44.194.56 search.t1msn.com.mx
O1 - Hosts: 207.44.194.56 search.xtramsn.co.nz
O1 - Hosts: 207.44.194.56 search.yupimsn.com
O1 - Hosts: 207.44.194.56 uk.search.msn.com
O1 - Hosts: 207.44.194.56 search.lycos.com
O1 - Hosts: 207.44.194.56 www.lycos.com
O1 - Hosts: 207.44.194.56 www.google.ca
O1 - Hosts: 207.44.194.56 google.ca
O1 - Hosts: 207.44.194.56 www.google.uk
O1 - Hosts: 207.44.194.56 www.google.co.uk
O1 - Hosts: 207.44.194.56 www.google.com.au
O1 - Hosts: 207.44.194.56 www.google.co.jp
O1 - Hosts: 207.44.194.56 www.google.jp
O1 - Hosts: 207.44.194.56 www.google.at
O1 - Hosts: 207.44.194.56 www.google.be
O1 - Hosts: 207.44.194.56 www.google.ch
O1 - Hosts: 207.44.194.56 www.google.de
O1 - Hosts: 207.44.194.56 www.google.se
O1 - Hosts: 207.44.194.56 www.google.dk
O1 - Hosts: 207.44.194.56 www.google.fi
O1 - Hosts: 207.44.194.56 www.google.fr
O1 - Hosts: 207.44.194.56 www.google.com.gr
O1 - Hosts: 207.44.194.56 www.google.com.hk
O1 - Hosts: 207.44.194.56 www.google.ie
O1 - Hosts: 207.44.194.56 www.google.co.il
O1 - Hosts: 207.44.194.56 www.google.it
O1 - Hosts: 207.44.194.56 www.google.co.kr
O1 - Hosts: 207.44.194.56 www.google.com.mx
O1 - Hosts: 207.44.194.56 www.google.nl
O1 - Hosts: 207.44.194.56 www.google.co.nz
O1 - Hosts: 207.44.194.56 www.google.pl
O1 - Hosts: 207.44.194.56 www.google.pt
O1 - Hosts: 207.44.194.56 www.google.com.ru
O1 - Hosts: 207.44.194.56 www.google.com.sg
O1 - Hosts: 207.44.194.56 www.google.co.th
O1 - Hosts: 207.44.194.56 www.google.com.tr
O1 - Hosts: 207.44.194.56 www.google.com.tw
O1 - Hosts: 207.44.194.56 go.google.com
O1 - Hosts: 207.44.194.56 google.at
O1 - Hosts: 207.44.194.56 google.be
O1 - Hosts: 207.44.194.56 google.de
O1 - Hosts: 207.44.194.56 google.dk
O1 - Hosts: 207.44.194.56 google.fi
O1 - Hosts: 207.44.194.56 google.fr
O1 - Hosts: 207.44.194.56 google.com.hk
O1 - Hosts: 207.44.194.56 google.ie
O1 - Hosts: 207.44.194.56 google.co.il
O1 - Hosts: 207.44.194.56 google.it
O1 - Hosts: 207.44.194.56 google.co.kr
O1 - Hosts: 207.44.194.56 google.com.mx
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YCOMP.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YCOMP.DLL
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe -service
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRAM FILES\SYSTEM SOAP PRO\SOAP.exe min
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pptproactauthakamai/systemsoappro.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.57.146.14

Sponsored Link

Ads by Google

Response Number 1

Name: Tom41
Date: October 4, 2003 at 15:05:20 Pacific

Reply:

Run HT again and check the following items. Next, close all browser Windows, and have HT fix all checked.
You NEED to restart your computer when you're done.
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRAM FILES\SYSTEM SOAP PRO\SOAP.exe min
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pptproactauthakamai/systemsoappro.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.57.146.14
After restarting, delete the following file:
C:\Windows\Help\Hosts
Uninstall System Soap Pro.

Response Number 2

Name: Kevin The Tech Dude
Date: October 4, 2003 at 15:15:02 Pacific

Reply:

Also, If you did download and update Spybot make sure you keep it up to date and use it. It will fix most problems.
KTTD

Response Number 3

Name: andy
Date: October 4, 2003 at 16:00:28 Pacific

Reply:

Great!
Seen your postings elsewhere in the forums, so thanks guys for your sterling help!
My PC seems to be OK now.
Another quickie for you:
Whats a standard dial-up user meant to do to be as best protected as possible? I know a good AV package and Firewall are essentail and need to be up to date...but it seems there are spyware and adware utilities too that should be used....what do you recommend?
Again, thanks for your help!!
Andy

Response Number 4

Name: Derek
Date: October 4, 2003 at 16:12:29 Pacific

Reply:

If you use a Hosts file make it read-only
Derek

Response Number 5

Name: Abnormal
Date: October 4, 2003 at 16:41:16 Pacific

Reply:

"I know a good AV package and Firewall are essentail and need to be up to date...but it seems there are spyware and adware utilities too that should be used....what do you recommend?"
http://www.javacoolsoftware.com/spywareblaster.html

gr-d73 GR-D50AA jvc gr-d20ek msn no webcam using tr Delete hosts another word for you vsmon.exe mx 44 .com c_1252.nls	loadqm.exe WWW.NORTONAVINSTALLATION.SE signmate elite www.acer.com.mx windows application data too many browser toolbars kasan co kr msn no voice novatechnosys.co.in C# web application
See More

Sponsored Link

Ads by Google

~s~.exe Trojan

Microsoft IE killed every...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Hijacked by Systemsoap -log attachd

HEEELP!! Hijacked by MagicSearch.ws

Summary

www.computing.net/answers/security/heeelp-hijacked-by-magicsearchws/9672.html

Hijacked by slotch.com

Summary

www.computing.net/answers/security/hijacked-by-slotchcom/13400.html

Help! hijacked by surferbar!

Summary

www.computing.net/answers/security/help-hijacked-by-surferbar/6290.html

From the Geek Dictionary
OC - the short form of overclock

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 2 Days.
Discuss in The Lounge
Poll History

Recent Posts
Internet Connection

My Computer won't let me into the properties

Please can someone read my Hijackthis log?

End Program - n

ssid code

All Awaiting Reply

Tom's News
Xbox Live Marketplace Getting Pets

Snoop Dogg Lends His Voice to GPS Navigation

Roomba Saves Family From Poisonous Snake

New Super Mario Bros. Wii Looks Great in 1080p

AT&T's Case Against Verizon Dismissed

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE