Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
My home got hacked and changed into www.yabo123.bbs.xilu.com and when I try to change my home page back into google, I cannot click on the homepage of internet option. My homepage option is disabled. So I try to reset web settings in internet option and hompage is change into msn but homepage option still disable. And the web pop ads appear like www.555y.com, www.ufo365.com, www.xiaow.com and www.y3y.net. Does any know how to fix this and restore my homepage option back?
Try this,see if it works.
Start
Control Panel
Internet OptionsType in your homepage
Apply
ok
Tt Lanfire
nf7-s v2.0
XP-m 2500@200x11
SP 97
1GB pc3200
Jou Jye 550w psu
FX5600
WDCaviar 60gb
Seagate Barracuda 80gb;~}
0 
hi gemini,
download hijackthis, and post your log here.
someone will take a look at it.
all the best,
murve
0
get spybot and ad-aware
install and update then have them scan your pc.
then get spywareblaster
install and update it. and then set enable all protection.it's also worth a shot to run an online scan at housecall.antivirus.com
they've improved their scans to include hijacked homepages.
0
Thanks everyone. Before post message here, I had housecall online scan and but only delete 1 infected file, then I download spybot and although repair some errors but still cannot restore my homepage option. And for indigan suggest, the home page option in control panel still cannot click on it. I have download hijack this and thats my log file:
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\LOADQM.exe
C:\WINDOWS\SYSTEM\E_S10IC2.exe
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.exe
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe
C:\PROGRAM FILES\WINZIP\WZQKPICK.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\WINDOWS\DESKTOP\HIJACKTHIS.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ufo365.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yabo123.bbs.xilu.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ufo365.com/search.htm
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CNetscape_Canada.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\5k3naox5.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SpyHunter] C:\PROGRAM FILES\ENIGMA SOFTWARE GROUP\SPYHUNTER\SPYHUNTER.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\SYSTEM\E_S10IC2.exe /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.exe
O4 - HKLM\..\Run: [internet.exe] C:/system.hta
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe -service
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38234.2428703704---
Do any computer expert know what file should i delete?
0
Fix these and reboot
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ufo365.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yabo123.bbs.xilu.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ufo365.com/search
O4 - HKLM\..\Run: [internet.exe] C:/system.hta
Delete
C:/system.hta
0
I had fixed the list below
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ufo365.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yabo123.bbs.xilu.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ufo365.com/search
O4 - HKLM\..\Run: [internet.exe] C:/system.hta
using hijackthis and it seem to delete it. Do i need to recover? If yes, how to recover these file?And I found a unknown program, Systrayijijijij in task manager. When I use task manager to end task, the ad pops will not appear. This program maybe spyware. How do I remove this? I had use spybot and spy hunter but did not remove it.
0
By the way, for the 4 files
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ufo365.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yabo123.bbs.xilu.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ufo365.com/search
O4 - HKLM\..\Run: [internet.exe] C:/system.hta , I had backed up.
0
hi gemini,
"Systrayijijijij" that is the malware file, highlight the file and hit end task button.
all the best,
murve
0
And or go to safe mode
and delete it.
You may need to show hidden files.You can also delete the backups.
The following Directory Contents (But not the directory) need to be deleted while in safe mode.
* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <=This will delete all your cached internet
content including cookies. This is recommended and strongly suggested.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".
0
The computer now seem to be safe and no pop ads appear because I had use everybody suggestions, delete many files and downloaded ZoneAlarm Pro, but my home page problem is not solve. And when I show hidden files in my computer, i find many unknown folders and files,
C:\
WUTemp (blank folder)
Io.sys (system file)
Suhdlog.dat
System.1st
Videorom.bin
Msdos.sys
Msdos.---
Bootlog.prvIs these file safe in my computer?
And when I overview in the zonealarm pro program, it stated that the fire wall had blocked 1184 attempts. Is that mean my computer still not safe from hacker?
0
The "use current" button in Explorer is disabled - blanked out and non-functional. "Use default" and "use blank" both work. Am currently defaulting to "use blank" - very annoying!
Suggestions?
0  |
 All I did was.....
|
Exploer.exe virus - I can...
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
