CariDotMy

 Forgot password?
 Register

ADVERTISEMENT

View: 3401|Reply: 14

IE Hijacked: Redirects to - http://www.sysprotectionpage.net

[Copy link]
Post time 20-7-2006 10:30 AM | Show all posts |Read mode
tolong my IE Hijacked, everytime when i opened my IE, it will redirect me to www,sysprotectionpage,net . how do i remove this?

p/s:dont go to the link, it contains bad folks.
Reply

Use magic Report


ADVERTISEMENT


Post time 20-7-2006 10:43 AM | Show all posts
hmmm gune spybots search n destroy ...... x???
pastu try gune s/ware adware personal se tuh .......
xpun kalau ada mcafee antispyware .... gune mcafee dulu
Reply

Use magic Report

 Author| Post time 20-7-2006 05:11 PM | Show all posts
Logfile of HijackThis v1.99.1
Scan saved at 5:08:10 PM, on 7/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Diskeeper\DkService.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Fujitsu\updnavi\updnavi.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Nokia\Update_Manager\bin\UMScheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\My Documents\Quarantine\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pc-ap.fujitsu.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: UMScheduler 2.0.lnk = C:\Nokia\Update_Manager\bin\UMScheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


hijackthis log
Reply

Use magic Report

Post time 20-7-2006 06:20 PM | Show all posts
so problem solve x gune s.ware hijack this ......???
da gune search n destroy
gi tgk kat BHO (browsers help object) delete mane yg x patut
patut gune BHO nie .. so masa nak install ...
leh tgk mane yg perlu allow n x allow .....
tgk kat toolbar customize .....
mane2 toolbar yg x patut unclik ....... n restart browser ...
usually benda nie work kalau IE browser .....
Reply

Use magic Report

Post time 20-7-2006 07:03 PM | Show all posts


delete kalo perlu je.
Reply

Use magic Report

Post time 21-7-2006 10:30 AM | Show all posts

Reply #3 sLapshock's post

Selain drp cara kat atas, cuba cara ni..

Masa ko guna HijackThis tu, ko dah buat Kat Control Panel / Folder Option / View / Tandakan Show hidden files and folders ke? 0k yg pertama ......

1) Masuk Safe Mode
2) Turn off System Restore.
3)  Fix 2 benda kat bawah.

C:\WINDOWS\system32\issearch.exe

O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - (no file)

4) Download SmitFraudFix.
Lepas Unzip,  click file Smitfraudfix, dan Type nombor 1 dan tekan enter.

Lepas tu, type nombor 2, dan tekan enter, ko akan terima arahan ni, Do you want to clean the registry, jawab Y(yes) dan tekan enter.

Kalau ada infected file, ko akan dpt soalan mcm ni , Replace infected file ? jawab  Y  dan tekan Enter . Dah siap mungkin ko akan disuruh Reboot.

5) Download Ewido Scanner dah update  scan terus reboot.

6) Run Anti virus ( aku cdgkan  Panda Antivirus) dan Spybot( update dulu)  dan post fresh HJT.
Reply

Use magic Report

Follow Us
Post time 21-7-2006 05:06 PM | Show all posts
Originally posted by trunks at 21-7-06 10:30 AM
Selain drp cara kat atas, cuba cara ni..

Masa ko guna HijackThis tu, ko dah buat Kat Control Panel / Folder Option / View / Tandakan Show hidden files and folders ke? 0k yg pertama ......

1)  ...


nape ek bile fly gune hijack this n smith fraud .... sume x menjadi???
benda tu timbul gak ....
pastu bile scan gune search n destroy ......
s/ware tu detect smithfraud as spyware .......
last2 thanks to bzzts kasi s/ware mcafee .....
problem solve ....
Reply

Use magic Report

Post time 21-7-2006 06:17 PM | Show all posts

Reply #7 fly_in_d_sky's post

Sesuatu jln penyelesaian tu mungkin tak berkesan pada kita, tapi berkesan pada 'org' lain. Kalau org lain tak berkesan guna cara ni, aku takkan bagi cadangan tu kat sini.

Lagipun, kalau cara ni tak berhasil, kita 'usaha' cara lain pulak. Inikan hanya cadangan aje.
Reply

Use magic Report


ADVERTISEMENT


Post time 21-7-2006 06:24 PM | Show all posts
Originally posted by trunks at 21-7-06 06:17 PM
Sesuatu jln penyelesaian tu mungkin tak berkesan pada kita, tapi berkesan pada 'org' lain. Kalau org lain tak berkesan guna cara ni, aku takkan bagi cadangan tu kat sini.

Lagipun, kalau cara ni  ...



yep mmg betul
fly musykil jer ... bukan kata kaedah yg diberi oleh org lain termasuk awak .....
x bagus ....... yer la x berkesan pendek kata ....
maybe spyware yg fly kene lagi power kot ....
:-)
Reply

Use magic Report

 Author| Post time 21-7-2006 07:44 PM | Show all posts
kenapa bila aku nak download guna firefox ada popup keluar saying

C:\DOCUME~1\LOLAOK~1\LOCALS~1\Tem4jg44rb0.zip could not be saved because the source file coul not be read.

and i ask my friend yg guna msn... to dload the file .. pun tak boleh, i ask him to rename as .txt firse then send, .zip first then send pun tak boleh...

kenapa? smitREM.exe pun tak boleh dload...
Reply

Use magic Report

Post time 21-7-2006 07:52 PM | Show all posts
try download guna IE saja atau guna 3rd party: download manager.
flasget/getright/Download Accelerator Plus.
Reply

Use magic Report

Mr.Forensics This user has been deleted
Post time 22-7-2006 12:40 AM | Show all posts
cw shredder?bley tak.saper penah dengar"?
Reply

Use magic Report

Post time 22-7-2006 11:15 AM | Show all posts
Originally posted by Mr.Forensics at 22-7-06 12:40 AM
cw shredder?bley tak.saper penah dengar"?


pnah dengar tp x tau ape fungsi nyer .....
tp fly da google ...
cw shredder nie cam hijackthis .....

CWShredder:  A small utility for removing CoolWebSearch (aka CoolWwwSearch, YouFindAll, White-Pages.ws and a dozen other names). Spybot S&D and Ad-aware tend to forget essential parts of the hijack, so until they update, you can use this to completely remove the hijack. This program is updated to remove the new variants once they come out.


refer pd page nie --> CWShredder

[ Last edited by  fly_in_d_sky at 22-7-2006 11:16 AM ]
Reply

Use magic Report

 Author| Post time 22-7-2006 02:21 PM | Show all posts
i pun takleh..even my member dload for me and send to me pun takboleh
Reply

Use magic Report

Post time 22-7-2006 02:40 PM | Show all posts
aha... cwshredder ni pun baagus gak. selalunya bila spybpt/adaware/hijackthis takleh cuci, nama cwshredder akan kdengaran kat sini.
Reply

Use magic Report

You have to log in before you can reply Login | Register

Points Rules

 

ADVERTISEMENT



 

ADVERTISEMENT


 


ADVERTISEMENT
Follow Us

ADVERTISEMENT


Mobile|Archiver|Mobile*default|About Us|CariDotMy

18-12-2024 04:33 PM GMT+8 , Processed in 0.207034 second(s), 28 queries , Gzip On, Redis On.

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

Quick Reply To Top Return to the list