Is this Spyware, a virus or something else?
Ok now i'm confused :confused:
I set my homepage for when I open internet explorer as my e-mail account, but recently it has changed to this: http://quickmetasearch.com/?said=acc0001_ho No matter how many times I go into the internet options page and change it back, it keeps re-appearing after opening a second page. I scanned my system with ad-aware, deleted a few items and re-booted, then with spybot search and destroy, again a few items and a re-boot. Finally I ran a virus scan that came up empty :uhoh: This thing is really stating to p!$$ me off :mad: If anyone knows how to get rid of this, could they post a reply. I can post a Hi-jack this report if it helps? Many Thanks S.C. :ok: |
If you're using WinXP, try system restore to a few days ago.
Some intrusive program treid to hi-jack my system yesterday and that was the only way I could $hitcan it. |
From your post I would suggest you have probably been hijacked. As a result It would be a good idea to run the HijackThis program and post the log for the experts to comment on.
|
Have a look at this and run cwshredder then if still a problem post a hijack this log for the experts to look at
|
thanks for all the quick replies, here's the hi-jack this report I just ran:
Logfile of HijackThis v1.99.0 Scan saved at 18:57:32, on 18/01/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\System32\gearsec.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\AOL 9.0\aoltray.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\AOL 9.0\waol.exe C:\Program Files\AOL 9.0\shellmon.exe C:\Program Files\Common Files\AOL\aoltpspd.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0001_ho R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0001_ho R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/go/notebookaccessories O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: HomePageCtrl Class - {1B9CB0F8-118B-49C1-956D-B703E976F8E3} - C:\Program Files\STHomePage\STHomePage.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: STLinksCtrl Class - {B54BFA47-D897-49CA-9657-05EC9F80A32B} - C:\Program Files\STLinks\STLinks.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B8D2A228-1B39-4447-9830-93F424F55D81}: NameServer = 205.188.146.145 O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Spyware Protection Service - Unknown - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Gear Security Service - GEAR Software - C:\WINDOWS\System32\gearsec.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe Hope the experts can help on this. S.C. |
It's there right after your program files. Where it starts the hotkey commands, RO-HKCU/Software, etc. http:quickmetasearch, delete and remove both of these. Also, take a close look at the 02's the BHO's. These are Browser Helper Objects. I'm sure the Adobe and the Spybot ones are fine, but I'm not sure what the other two are. Usually a hijack is associated with these. Good Luck
|
I would have a close look a the following entry:
O2 - BHO: HomePageCtrl Class - {1B9CB0F8-118B-49C1-956D-B703E976F8E3} - C:\Program Files\STHomePage\STHomePage.dll Try removing the folder in the Program Files folder and see if that helps. goates |
nwaflygirl & goates, thank you for your replies. I was initially unable to remove the programme files of ST Home page, as my laptop refused, but after deleting them from hi jack this, they easily deleted. So too did my http:quickmetasearch after having to twice delete that from the HJT report.
BEagle, I'm glad I didn't have to restore my system, but to be honest, I wouldn't know how :O HelenD, I agree it looks like I was hijacked, so how do I squawk 7600 and ask for help? Maxell, I don't know what else to download, so far I have 2 anti-virus guards, 2 firewalls, ad-aware, spy doctor, spybot search and destroy, and zone alarm pro yet still they get through :oh: Is there any light at the end of the tunnel? is there a wonderful way of stopping the madness :} Or are we doomed to keep having to deal with this? If anybody knows any programmes that would be advisable for as close as one can get to total protection, could they tell me what it is? Is norton internet security an answer? Hope somebody can help me :eek: Many Thanks, S.C. :ok: |
Is there any light at the end of the tunnel? is there a wonderful way of stopping the madness Or are we doomed to keep having to deal with this? One more program you could try out is Spyware Blaster. I doesn't scan your computer for spyware, but prevents them from installing themselves. Ewido Security Suite is yet one more program to deal with this problem. Is one of your firewalls hardware, or do you have two software firewalls? goates |
I'd second the Mac suggestion, but in the meantime, download and use Firefox and Thunderbird as browsers and email client, respectively. Should stop 99% of hijack problems. They're free at www.mozilla.org
|
Honestly Goates, I will be taking your advice and investing in a MAC for my home PC, my current one running on XP Pro is in terrible troube. I downloaded SP2, and both the D and E drives failed to load properly, and even after trying to un-install and re-install through the device manager aswell as trying other methods they have failed to load, and i'm told I need to re-install SP2 to fix the problem, but how can I do that without the CD-ROM?
There are some days I feel like throwing it out the window, but for now I invested in a new laptop and want to stick with it. I will indeed look into your suggestions of the other programmes, as for the firewalls, well I'm a little unsure about programme types, all I know is that zone alarm pro contains a firewall, aswell as the firewall that came with SP2. Ps. If you have any suggestions on any paritcular MAC systems that would be suitable for mostly home use, I'd love to hear them as i've never looked into buying one before :confused: Thanks for the reply, Land After, thanks for the link, but to ask the silly question, Thunderbird, is it the same as outlook express or is it a stand alone e-mail system that will give me a new address. I just signed on to gmail because of the inbox capacity and don't want to give it up, but unfortunatly it won't work with outlook express because it doesn't have whatever the POP3 (or something like that) linking capability? S.C. :ok: |
Sky-Captain,
Have a look at the Mac Mini. Not overly powerful, and they need the RAM bumped to at least 512MB, but they can do pretty much everything people use their computers for. Email, surf the net, MS Office, organize photos, play MP3s and burn CDs/DVDs. Those Macs are only 5cm high and 16.5 cm wide! Thunderbird is just a plain email program. It can't connect to Hotmail, at least not easily, but can connect to any POP3 or IMAP account. Both it and Outlook Express should be able to connect to Gmail as long as POP3 access has been enabled for your Gmail account. Thunderbird is far more secure than Outlook Express though. I also forgot to mention Firefox as LandAfter suggested. I use it myself and only go back to IE to for the Windows Update site. It's not completely invulnerable, but at least the developers think about security. I was just asking about your firewalls as you should only have two running on your computer at once. Two running at the same time can step on each other's toes. Keep the ZoneAlarm firewall running and make sure the Windows XP one is disabled. XP's firewall isn't really all that great anyways. goates |
The best program I have ever purchased for this issue, bar none, is Webroot's Spy Sweeper. Visit www.webroot.com This program protects your homepage from hijacks, prevents inadvertent additions to your favorites menu, (this drove me nuts!), prevents installation of Browser Helper Objects, and has many other shields for stellar PC protection. This company is also the industry leader in spyware/adware/hijack research. It is very user friendly and has a free trial. There is also a free spy audit at the site. It takes only a minute or two, and it will tell you exactly what's hiding in your computer. If you do decide to purchase, the customer support is outstanding, and the price is quite reasonable for all it does.
As for SP2, :yuk: I uninstalled it about 5 minutes after I downloaded it. Microsoft seems to put out these patches/updates way too soon. It's still full of bugs. It does absolutely nothing. I tried to find one redeeming quality in it to no avail. Dump it! |
Thank you BEagle, that MAC MINI has exactly what I need and is the right size in more ways than one. Its moved itself to the top of my list. I downloaded Firefox and am finding it quite nice to use, think i'll stick with it from now on. And thanks for the advice on the firewalls, I'm a little unsure how, but i'lm going to do what I can to disable the SP2 firewall:p
nwaflygirl, webroot looks very impressive, think I might part with a small bit of money there, but as for uninstalling SP2, will it make no difference to a system, and (if you know) do you think if I un-instaled it, I would get my D and E drives reloaded :confused: Thanks For The Replies, S.C. :ok: |
SC - it wasn't me who suggested a Mac. Nor would I recommend Betamax VCRs....
System restore is an utterly simple process. Just go to 'Start', then 'All Programs', then 'Accessories', then ' System Tools', then 'System Restore' and follow the easy guide. It'll basically reset your computer to the way it was on any date it knows about! I don't know why people whinge about SP2; sure there've been a few isolated interactions with other programs, but it works 100% fine for me! But if you want to uninstall it, it's easy enough under 'Control Panel', then 'Add or Remove Programs', then scroll down to Windows XP Service Pack 2 and remove it. If you must! |
SC - it wasn't me who suggested a Mac. Nor would I recommend Betamax VCRs.... There are, of course, perfectly valid reasons why a Mac isn't for you. They're useless for games. Some people also enjoy putting together a computer themselves, to their own specification, and you can't really do that with a Mac. Also, while the cheaper Macs are good value, the more expensive models compare poorly (IMHO) with the PC in any 'bang for buck' measure. Any technically-competent user can cope with Windows, and the improved price/performance of the PC platform helps offset the negatives that come with Windows. However, as a general-purpose computer for someone who isn't a computer expert - and doesn't want to have to become one - a Mac is ideal. If you step back and compare XP/Home SP2 with Outlook Express and Internet Explorer with OSX with Mail and Safari from the point of view of a novice it's laughable how poor Windows is. Ooops. I bit. :rolleyes: |
Thunderbird (and Gmail POP)
Thunderbird is an email client and a replacement for Outlook Express.
The good news is that gmail now supports POP access, so you can use Thunderbird to access you email and keep local copies. Your can continue using gmail via the web, if it's easier for you. Evo - good points about the Mac. I (a long time ago) managed to get a Computer Science degree, so I guess I am technically minded. I have two Macs in my house and use them daily. Bottom line is less bang-per-buck, but they work, don't need rebooting every 5 minutes and (so far) have little problem with viruses. So on price vs actual usable performance, they're way ahead! |
Evo, you missed my point. Even though Betamax might actually have been better in many respects than VHS, the 'standard' became VHS. Similarly, although Macs have their devoted afficionados, whether they like it or not, the 'standard' is invariably MicroSoft. Linux, Godzilla, Bollux or whatever, most people are entirely happy with MicroSoft and leave the esoterica to the wireheads.
|
most people are entirely happy with MicroSoft I heartily wish the Mac had become the standard, though I cynically wonder whether Apple would have gone down the same path as M$. After all, if you've got a system that works beautifully, what excuse do you have to justify an expensive upgrade every two years? I speak as an owner of two desktops and two laptops all of which are Windows based. :{ But one of these days! |
Evo, you missed my point. A comparison between VHS and betamax isn't remotely similar to a comparison between Windows/Intel and Mac (or between Wintel and Linux, Solaris, AIX, BSD and any of the dozen other major platforms that coexist on the Internet). The internet was running on a wide variety of different platforms before Microsoft ever realized it existed. All the protocols that make the internet work have nothing to do with the hardware platform you're using. And as much as Microsoft might like to lock us into it's own one-flavour Windows-centric world, it has tried and it can't do it. So what does a Mac stop you from doing? Most games. DIY hardware updates, at least with a few exceptions. And, um, that's it. Microsoft support the Mac, so you can run Word, Excel etc. if you need to, and Virtual PC (written by Microsoft, by the way) will run most software written for PC. Iit's too slow for games - there's that word again - but fine for almost everything else. It's a long time since much non-game software was processor limited. The fact remains that a Mac is, quite simply, a better solution for the inexperienced computer user than the piece of junk they'll probably buy from Dell. As for the experienced few, they can make up their own minds :) |
All times are GMT. The time now is 08:05. |
Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.