943,694 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > IE 6 hijacked by www.searchdot.net - please help
Ad:
Permalink
Feb 22nd, 2004
0

IE 6 hijacked by www.searchdot.net - please help

Expand Post »
All,
I posted this on an earlier thread and caperjack said I should start my own. Basically my default home page has been redirected every time I reboot to www.searchdot.net.
I have run Sypot and tried Hijeckthis.exe but they did not solve the problem. caper's reply indicated I shoudl run cwshredder.exe, then re-run hijachthis and post the log. I have done that. Seems that the home page issue was solved by the steps but I was hoping someone could take a quick look at the log and see if there is something else lurking in the shadows of my computer.

Thanks
Krakpipe


Logfile of HijackThis v1.97.7
Scan saved at 11:41:14 AM, on 2/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Games\TeamSpeak\TSServer_NTService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\DllHost.exe
C:\Program Files\Enterasys Networks\Aurorean\Aurorean.exe
C:\PROGRA~1\ENTERA~1\Aurorean\IRCONN~1.EXE
C:\Program Files\Enterasys Networks\Aurorean\irDeliverySvc.exe
C:\Program Files\Enterasys Networks\Aurorean\irkeyex.exe
C:\Program Files\Enterasys Networks\Aurorean\rx\bin\jrew.exe
C:\Tony\Spyware Removal\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.excite.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.excite.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar_en_2.0.107-big.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar_en_2.0.107-big.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar_en_2.0.107-big.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar_en_2.0.107-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar_en_2.0.107-big.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar_en_2.0.107-big.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar_en_2.0.107-big.dll/cmtrans.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...655.8777662037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C0CE9FB-D96C-4841-8109-52BB5D1343E2}: NameServer = 192.124.15.8 192.124.15.3
Reputation Points: 10
Solved Threads: 0
Newbie Poster
krakpipe is offline Offline
4 posts
since Feb 2004
Permalink
Feb 22nd, 2004
0

Re: IE 6 hijacked by www.searchdot.net - please help

thanks for moving it here .Looks great just fix a few more minor ones .

Make sure all browser windows are closed and run hijack again and have it fix these .

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about_:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about_:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about_:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about_:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about_:blank



I figured CWShredder would fix it but it is recommended to run SpyBot and Ad-Aware first .

See How I got Infected In the first place Also in my Signature .

Good Luck
Team Colleague
Reputation Points: 1056
Solved Threads: 792
I hate 20 Questions
caperjack is offline Offline
12,719 posts
since Aug 2003
Permalink
Feb 22nd, 2004
0

Re: IE 6 hijacked by www.searchdot.net - please help

Caperjack,
Thanks for the quick turn-around. I read, installed and implemented some quick security and system updates. The big one was SP1a for XP - this should close the JVM hole that a lot of this garbage exploited. I have more to read but I think I'll be safer for the moment.
I appreciate the help!

Krak
Reputation Points: 10
Solved Threads: 0
Newbie Poster
krakpipe is offline Offline
4 posts
since Feb 2004
Permalink
Feb 22nd, 2004
0

Re: IE 6 hijacked by www.searchdot.net - please help

Glad i could help !
Team Colleague
Reputation Points: 1056
Solved Threads: 792
I hate 20 Questions
caperjack is offline Offline
12,719 posts
since Aug 2003
Permalink
Apr 22nd, 2004
0

Re: IE 6 hijacked by www.searchdot.net - please help

I also am having some serious problems on my computer. for the last few months i can not even get online to go to a website it redirects to various search engines that dont work such as NAVA and I lookup and porn and casino sites. i installed ad aware and spybot search and destroy and spyware blaster and it seems to be running a little faster but i cant seem to get my anti virus installed because i had to restart at a previous date on system recovery to even get online.
Reputation Points: 10
Solved Threads: 1
Junior Poster
robinrofkar is offline Offline
104 posts
since Apr 2004
Permalink
Apr 23rd, 2004
0

Re: IE 6 hijacked by www.searchdot.net - please help

i had the same problem but got rid of it with adaware 6
Reputation Points: 10
Solved Threads: 1
Newbie Poster
gedmac is offline Offline
8 posts
since Apr 2004
Permalink
Apr 23rd, 2004
0

Re: IE 6 hijacked by www.searchdot.net - please help

Hey folks.

Please- Do not post your questions in someone else's pre-existing thread.

It becomes too confusing to keep track of which answers relate to which question. It also creates a lot of work for the moderators, as we have to weed through these "piggybacked" threads and untangle the mess by splitting out the piggybacked questions (and their answers) into separate threads.

Dani (the site Admin) has outlined our policy in the posting guidelines in the "Announcement" thread at the top of each forum. Please read those guidelines if haven't already:

"Every question or new thought should have its own thread. Replies to a previous post should be thread replies to that particular thread. Do not piggyback threads by posting your question as a reply to another question."

robinrofkar,

Please delete your post here and start your own thread.

Thanks
DMR
Team Colleague
Reputation Points: 221
Solved Threads: 369
Wombat At Large
DMR is offline Offline
6,439 posts
since Dec 2003
Permalink
Apr 23rd, 2004
0

Re: IE 6 hijacked by www.searchdot.net - please help

Thew need to be some way to locking the old threads once the problem is solved . to stop the piggiebacking
Team Colleague
Reputation Points: 1056
Solved Threads: 792
I hate 20 Questions
caperjack is offline Offline
12,719 posts
since Aug 2003
Permalink
Apr 23rd, 2004
0

Re: IE 6 hijacked by www.searchdot.net - please help

Quote originally posted by caperjack ...
Thew need to be some way to locking the old threads once the problem is solved . to stop the piggiebacking
There definitely is- the mods have the ability to lock threads, but the problem is that quite often the original poster's question hasn't even been answered/solved before the piggybacking happens. We don't want to lock a thread at that point because in doing so we'd also be locking the original poster out of a solution.

Don't worry though, we now have The Sacred Wet Trout:

http://www.stevewolfonline.com/Downl.../fishwhack.gif


A couple of TroutSlaps, and even the most reticent members will fall in line...

DMR
Team Colleague
Reputation Points: 221
Solved Threads: 369
Wombat At Large
DMR is offline Offline
6,439 posts
since Dec 2003
Permalink
Apr 23rd, 2004
0

Re: IE 6 hijacked by www.searchdot.net - please help

Follow-up:

Caperjack,

Because this thread's original question was apparently answered (by you) 2 months ago, and the thread-starter did seem to imply that your suggestions did the trick, I will mark this one as solved and lock it as well to prevent further "tagging onto".

(Dani- if you don't feel that this appropriate, please let me know ASAP)
DMR
Team Colleague
Reputation Points: 221
Solved Threads: 369
Wombat At Large
DMR is offline Offline
6,439 posts
since Dec 2003

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
This thread is currently closed and is not accepting any new replies.
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Bridge.dll error
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: my hijackthis log in increments





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC