View: 3401|Reply: 14
|
IE Hijacked: Redirects to - http://www.sysprotectionpage.net
[Copy link]
|
|
tolong my IE Hijacked, everytime when i opened my IE, it will redirect me to www,sysprotectionpage,net . how do i remove this?
p/s:dont go to the link, it contains bad folks. |
|
|
|
|
|
|
|
hmmm gune spybots search n destroy ...... x???
pastu try gune s/ware adware personal se tuh .......
xpun kalau ada mcafee antispyware .... gune mcafee dulu |
|
|
|
|
|
|
|
Logfile of HijackThis v1.99.1
Scan saved at 5:08:10 PM, on 7/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Diskeeper\DkService.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Fujitsu\updnavi\updnavi.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Nokia\Update_Manager\bin\UMScheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\My Documents\Quarantine\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pc-ap.fujitsu.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: UMScheduler 2.0.lnk = C:\Nokia\Update_Manager\bin\UMScheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
hijackthis log |
|
|
|
|
|
|
|
so problem solve x gune s.ware hijack this ......???
da gune search n destroy
gi tgk kat BHO (browsers help object) delete mane yg x patut
patut gune BHO nie .. so masa nak install ...
leh tgk mane yg perlu allow n x allow .....
tgk kat toolbar customize .....
mane2 toolbar yg x patut unclik ....... n restart browser ...
usually benda nie work kalau IE browser .....
|
|
|
|
|
|
|
|
delete kalo perlu je. |
|
|
|
|
|
|
|
Reply #3 sLapshock's post
Selain drp cara kat atas, cuba cara ni..
Masa ko guna HijackThis tu, ko dah buat Kat Control Panel / Folder Option / View / Tandakan Show hidden files and folders ke? 0k yg pertama ......
1) Masuk Safe Mode
2) Turn off System Restore.
3) Fix 2 benda kat bawah.
C:\WINDOWS\system32\issearch.exe
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - (no file)
4) Download SmitFraudFix.
Lepas Unzip, click file Smitfraudfix, dan Type nombor 1 dan tekan enter.
Lepas tu, type nombor 2, dan tekan enter, ko akan terima arahan ni, Do you want to clean the registry, jawab Y(yes) dan tekan enter.
Kalau ada infected file, ko akan dpt soalan mcm ni , Replace infected file ? jawab Y dan tekan Enter . Dah siap mungkin ko akan disuruh Reboot.
5) Download Ewido Scanner dah update scan terus reboot.
6) Run Anti virus ( aku cdgkan Panda Antivirus) dan Spybot( update dulu) dan post fresh HJT. |
|
|
|
|
|
|
|
Originally posted by trunks at 21-7-06 10:30 AM
Selain drp cara kat atas, cuba cara ni..
Masa ko guna HijackThis tu, ko dah buat Kat Control Panel / Folder Option / View / Tandakan Show hidden files and folders ke? 0k yg pertama ......
1) ...
nape ek bile fly gune hijack this n smith fraud .... sume x menjadi???
benda tu timbul gak ....
pastu bile scan gune search n destroy ......
s/ware tu detect smithfraud as spyware .......
last2 thanks to bzzts kasi s/ware mcafee .....
problem solve .... |
|
|
|
|
|
|
|
Reply #7 fly_in_d_sky's post
Sesuatu jln penyelesaian tu mungkin tak berkesan pada kita, tapi berkesan pada 'org' lain. Kalau org lain tak berkesan guna cara ni, aku takkan bagi cadangan tu kat sini.
Lagipun, kalau cara ni tak berhasil, kita 'usaha' cara lain pulak. Inikan hanya cadangan aje. |
|
|
|
|
|
|
|
Originally posted by trunks at 21-7-06 06:17 PM
Sesuatu jln penyelesaian tu mungkin tak berkesan pada kita, tapi berkesan pada 'org' lain. Kalau org lain tak berkesan guna cara ni, aku takkan bagi cadangan tu kat sini.
Lagipun, kalau cara ni ...
yep mmg betul
fly musykil jer ... bukan kata kaedah yg diberi oleh org lain termasuk awak .....
x bagus ....... yer la x berkesan pendek kata ....
maybe spyware yg fly kene lagi power kot ....
:-) |
|
|
|
|
|
|
|
kenapa bila aku nak download guna firefox ada popup keluar saying
C:\DOCUME~1\LOLAOK~1\LOCALS~1\Tem4jg44rb0.zip could not be saved because the source file coul not be read.
and i ask my friend yg guna msn... to dload the file .. pun tak boleh, i ask him to rename as .txt firse then send, .zip first then send pun tak boleh...
kenapa? smitREM.exe pun tak boleh dload... |
|
|
|
|
|
|
|
try download guna IE saja atau guna 3rd party: download manager.
flasget/getright/Download Accelerator Plus. |
|
|
|
|
|
|
Mr.Forensics This user has been deleted
|
cw shredder?bley tak.saper penah dengar"? |
|
|
|
|
|
|
|
Originally posted by Mr.Forensics at 22-7-06 12:40 AM
cw shredder?bley tak.saper penah dengar"?
pnah dengar tp x tau ape fungsi nyer .....
tp fly da google ...
cw shredder nie cam hijackthis .....
CWShredder: A small utility for removing CoolWebSearch (aka CoolWwwSearch, YouFindAll, White-Pages.ws and a dozen other names). Spybot S&D and Ad-aware tend to forget essential parts of the hijack, so until they update, you can use this to completely remove the hijack. This program is updated to remove the new variants once they come out.
refer pd page nie --> CWShredder
[ Last edited by fly_in_d_sky at 22-7-2006 11:16 AM ] |
|
|
|
|
|
|
|
i pun takleh..even my member dload for me and send to me pun takboleh |
|
|
|
|
|
|
|
aha... cwshredder ni pun baagus gak. selalunya bila spybpt/adaware/hijackthis takleh cuci, nama cwshredder akan kdengaran kat sini. |
|
|
|
|
|
|
| |
|