Ask Me Help Desk

Ask Me Help Desk (https://www.askmehelpdesk.com/forum.php)
-   Spyware, Viruses, etc. (https://www.askmehelpdesk.com/forumdisplay.php?f=477)
-   -   Browser hijacker? (https://www.askmehelpdesk.com/showthread.php?t=256306)

  • Sep 3, 2008, 04:06 PM
    sillygirl
    Browser hijacker?
    Hi,
    I've picked up a redirect/browswer hijack bug ,as yet none of my security measures have picked it up ,
    But I can't access any web pages other than ad sites.

    So I'm posting my hijackthis log could somebody please have a look at it for me .

    I'm running xp sp3
  • Sep 3, 2008, 04:08 PM
    sillygirl
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\kdx\KHost.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Internet Explorer\Iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\WINDOWS\system32\wuauclt.exe
  • Sep 3, 2008, 05:58 PM
    Scleros
    I don't recognize C:\WINDOWS\kdx\KHost.exe (doesn't mean it's not legit). Also, it may be a browser helper object that executes in the context of Internet Explorer and won't show up in the process list without a utility to show all loaded modules like Process Explorer. Look at the start page and BHO sections of the Hijack log or the IE add-ons interface. Also check contents of hosts file in %SystemRoot%\system32\drivers\etc\.

    Firefox?
  • Sep 9, 2008, 09:06 AM
    invisibleman_productions
    Hi sillygirl

    Your hijackthis log is incomplete . We need to see the 01 ,02 ,03 entries .To know what is causing the browser re directions.

    Also run the 3 programs listed below

    1. Run Malwarebytes Anti-Malware
    Spyware Fighter: Malwarebytes' Anti-Malware

    2. Run Superantispyware
    Spyware Fighter: SUPERAntiSpyware Home Edition (free version)

    3 . Run a complete scan with Dr. Web CureIt
    Spyware Fighter: Dr. Web CureIt

    Use Firefox or Google chrome to prevent browser redirection.

    • All times are GMT -7. The time now is 01:00 AM.