Tom's Guide | Tom's Hardware | Tom's Games
![]() |
![]() |
![]() |
Whenever I open my Internet Explorer it tries to connect to www.thehun.net. It automatically opens additional windows and all open www.thehun.net.
Here is what I did allready:
Update and scan everything with Norton Antivirus -> nothing found
Run Spybot Search and Destroy -> found something and removed it.
Run Ad aware -> nothing found
I am running out of ideas.
I finally run hijackthis and got the following log.
Logfile of HijackThis v1.97.3
Scan saved at 19:42:58, on 04.11.2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Norton Personal Firewall\NISUM.exe
C:\Programme\Norton Personal Firewall\ccPxySvc.exe
C:\WINNT\System32\svchost.exe
C:\Programme\Promise\FastTrak\FtrakSvc.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Programme\Microsoft Office\Office\WINWORD.exe
H:\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.aon.at
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.at
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.e__
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb01.e__
O4 - HKLM\..\Run: [PLoader] c:\program files\umsd tools\umsd.exe sys_auto_run C:\Program Files\UMSD Tools
O4 - HKLM\..\Run: [REGSHAVE] C:\Progra~1\REGSHAVE\REGSHAVE.exe /autorun
O4 - HKLM\..\Run: [SysUpd] C:\WINNT\System32\SysUpd.e__
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Programme\Olympus\DeviceDetector\devdtct2.exe
O4 - Global Startup: FastCheck Monitoring Utility.lnk = C:\Programme\Promise\FastTrak\RAIDeUtility.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.exe
O4 - Global Startup: PlexTools.lnk = C:\Programme\Plextor\PlexTool.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = C:\Programme\U.S. Robotics 802.11g WLAN\USRWLANG.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .mpeg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37874.339837963
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A803D6CF-1CA4-49F5-87A5-24667E198C88}: NameServer = 195.3.96.67,195.3.96.68
Can someone tell me if there is anything I can do? Is one of these entries the problem? I found some more people with this problem allready but none of them got an answer so far.Many thanks
I do not see anything in there that looks bad at all. Are you connecting to the internet via your companys server? It appears you are to me. The server could have issues.
Anyone else see something????
KTTD
Report Offensive Follow Up For Removal
thehun.net and the huns yellow pages.com are in ie-spyads list of restricted sites.
ie-spyadsor you could add them to the list of restricted sites via IE and/or firewall.
Copy and paste this text file to Notepad and save as Repair.reg, save it as type 'all files'.
Then double click on it to merge with the registry.http://d21c.com/Tom41/HunHijack.txt
Report Offensive Follow Up For Removal
Tom glad you posted, was going to
give the link to your other post.Feel free to jump in any of my hijackthis
posts.
Report Offensive Follow Up For Removal
Hi Abnormal,
I changed those files around a little, they are now:95/98/ME/2000:
http://d21c.com/Tom41/HunHijack.txtXP:
http://d21c.com/Tom41/HunHijackXP.txt
Report Offensive Follow Up For Removal
My ie "home" page has been hijacked by http://www.777search.com.
Anyone seeen this one? Cannot find a way of getting rid of it.
Thanks to all of you!
I am not at my place right now but I will try it as soon as possible and let you know!Gerald
Hi deek, its a different kind of hijack.
This evil hijack causes at least 30 pop-ups.
Report Offensive Follow Up For Removal
![]() |
![]() |
![]() |

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |