Announcement

Collapse
No announcement yet.

Am I hacked???

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Am I hacked???

    Alright, here is the situation, its happened twice, my internet will not work eventhough I'm connected through cable. Well, I have to restart my computer and then when I go back into the internet there are about five porn sites added to my favorite list and my homepage is switched to http://www.find4u.net/ Also, when I'm checking my mail through hotmail, and then click on sign out, it goes to a site with the address of http://www.msn.com/ ..... also if I type in that address it also says the following...

    If you see this page your hosts file has been hacked. Please use the instruction below to clean your machine.

    You cannot reach the site you where trying to reach without following this procedure! - Please follow the steps provided in this document and make sure to download all patches for your computer from the Windows Update Site which can be found here:
    http://windowsupdate.microsoft.com

    1. Start regedit,
    find HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run ,
    delete starting of svchost.exe file,
    reboot your computer,
    delete file svchost.exe in windows directory.

    2. Reboot windows and start in
    SAFE MODE (F8 key on keyboard before windows starting),
    delete file winlogon.exe in directory: C:\Documents and Settings\All Users\Start Menu\Programs\Startup

    3. Clear your 'hosts' file.
    How to edit your hosts file: locate it first, either by browsing to the directory (as shown above) or by hitting "Start - Search - select all files and folders - type in 'hosts' (without the quotation marks) and hit search. When the file is found, click with your right mouse button on the file and select 'Open With...' This will bring up a list of programs to edit the file with. Select Notepad from that list and click OK. - Remove all lines from the file and type in: 127.0.0.1 localhost. Now close the file and save your changes.
    For Windows 95/98/Millenium machines: Locate the file hosts in your C:\Windows directory. Just delete it or edit it with a text editor like notepad and make sure there is only one line there:
    127.0.0.1 localhost
    For Windows 2000 machines: Locate the file hosts in your C:\Winnt\System32\Drivers\Etc directory. Just delete it or edit it with a text editor like notepad and make sure there is only one line there:
    127.0.0.1 localhost
    For Windows XP machines: Locate the file hosts in your C:\Windows\System32\Drivers\Etc directory. Just delete it or edit it with a text editor like notepad and make sure there is only one line there:
    127.0.0.1 localhost





    And thats that. Is deleting and following that pages instructions safe or will it hurt my computer. Also, I have back up discs that I can use to if that will clear this little problem up. I really appreciate any input please.

    adam

  • #2
    Originally posted by def polak
    Alright, here is the situation, its happened twice, my internet will not work eventhough I'm connected through cable. Well, I have to restart my computer and then when I go back into the internet there are about five porn sites added to my favorite list and my homepage is switched to http://www.find4u.net/ Also, when I'm checking my mail through hotmail, and then click on sign out, it goes to a site with the address of http://www.msn.com/ ..... also if I type in that address it also says the following...

    Did a search on google for "find4u" came up w/ a lot of information on this problem. Appears to be Spyware.

    Here's a thread on the subject that may be helpful.. Looks like the answer is to run Hijackthis.

    Couldn't find anything on your hotmail problem.

    Good Luck!

    Comment


    • #3
      Originally posted by def polak
      Alright, here is the situation, its happened twice, my internet will not work eventhough I'm connected through cable. Well, I have to restart my computer and then when I go back into the internet there are about five porn sites added to my favorite list and my homepage is switched to http://www.find4u.net/ Also, when I'm checking my mail through hotmail, and then click on sign out, it goes to a site with the address of http://www.msn.com/ ..... also if I type in that address it also says the following...
      .............................
      And thats that. Is deleting and following that pages instructions safe or will it hurt my computer. Also, I have back up discs that I can use to if that will clear this little problem up. I really appreciate any input please.

      adam
      When did this start and what did YOU do to make this happen? Don't give me that bullshit about you not doing anything? Did you open an attachment from someone on your computer? Click on a Link in a persons Messenger Profile? or were you looking at porn?

      Are you upto date on your Anti-Virus and WindowsUpdates?

      Comment


      • #4
        Originally posted by highwizard
        When did this start and what did YOU do to make this happen? Don't give me that bullshit about you not doing anything? Did you open an attachment from someone on your computer? Click on a Link in a persons Messenger Profile? or were you looking at porn?
        My guess would be install a signed ActiveX control from a less-than-credible company. Or perhaps it was just bundled spyware with something like Bonzai Buddy

        Are you upto date on your Anti-Virus and WindowsUpdates?
        Don't forget AdAware!
        45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
        45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
        [ redacted ]

        Comment


        • #5
          Is there a particular reason that makes AdAware so attractive that i'm unaware of? I have used both AdAware and spybot and think that the latter is better in terms of fixing exploits and such, perhaps because i still use windows, but after running AdAware, i ran spybot which detected files, and fixed exploits that AdAware did not, speciffically some windows DSO exploits, and a data miner
          If shadows are an abscence of light then,
          shouldn't today's conformist society be
          ONE GREAT SHADOW?

          Comment


          • #6
            Originally posted by DeepImpulse
            Is there a particular reason that makes AdAware so attractive that i'm unaware of? I have used both AdAware and spybot and think that the latter is better in terms of fixing exploits and such, perhaps because i still use windows, but after running AdAware, i ran spybot which detected files, and fixed exploits that AdAware did not, speciffically some windows DSO exploits, and a data miner
            AdAware and Spybot do not look for the same things. There is plenty of overlap, but there are also things AdAware finds that Spybot doesn't, and vice versa.

            I actually run both periodically...
            If you have a new install of Windows, run AdAware -- if finds most of the default crap that M$ installs. (Yes, Windows DOES install with default spyware.)
            If you just screwed yourself by clicking where you know you shouldn't, then Spybot Search&Destroy is a much better tool.

            I'd also recommend going to Black Viper's web site (http://www.blackviper.com/) and turning off all Windows services you don't need. It's amazing how many exploits and spyware get stopped when you just turn off the defaults. :)

            And even though AV tools don't work for 0-day exploits, make sure you got yours up and running with the latest updates -- most malware isn't 0-day anyway. (I actually had a boss that would manually run Norton every now and then -- and he wondered why he infected our entire CVS tree... twice! BTW, he's still working at HP.)

            Comment


            • #7
              Okay, thank you guys for all your help....I didn't quit understand a lot of that stuff, I have Ad-aware 6.0 that didn't catch it but I looked at a bunch of the other stuff you guys said and that hijacker thing i think got it. I deleted some of the other stuff I've been trying to get off my computer like veritas and gator and crap. As for antivirus stuff, i don't have any (I know i know) Well, now after I exit my hotmail and go to www.msn.com it goes to the normal page, so hopefully I got it. Thanks to you guys again.

              As in where it came from ..... don't know. I don't download anything off the internet really, haven't played Asheron's Call in a long time and that was the last thing I downloaded beside ad aware. my girlfriend gets pics of her cousins through her aunts email, and I download two different deer hunter games the other day that needed a directx but came with them I believe. no porn or anything but I have been going to the get a free ps2 pages so who knows....thanks for the help though.

              adam

              Comment


              • #8
                To me it sounds like you also can have been infected with a Trojan calles JS seeker. It is many variations of this virus, but often it works the way as you describe (as altering your homepage) .
                If you don't have a good Trojan scanner, try the fully working trial version of Trojan remover
                http://www.simplysup.com/tremover/download.html
                just to make clear about you are infected or not.
                When people call me normal I know it's time to seek mental help

                Comment


                • #9
                  Just for info: Adware/Lavasoft update the def's at least once a
                  week. If Adware don't catch it one day/week perhaps the next.

                  Just make sure you keep it updated...
                  Stupid people should have to wear signs that just say, "I'm Stupid." That way you wouldn't rely on them, would you? You wouldn't ask them anything. It would be like, "Excuse me...oops...never mind, I didn't see your sign.

                  Comment


                  • #10
                    Important!

                    This type of reaction from your machine is a commonly associated with "SpyMan" Software. this is software that someone can Install on your machine throuhg Java. It probably happened when you went to a dirty site or you were looking for trouble. The only way that I know of to rid your machine of this is to search for the file "smts.tgr" in your system32 folder. If this doesn't work try Formatting your machine and Re-Loading.

                    Comment


                    • #11
                      I remove this thing for a living, its been my source of income lately.. viruses..

                      It got on your machine thru a vulnerability microsoft left in IE.
                      A webpage can contain XML code, and IE will execute that code locally and make changes to the system registry, and even execute programs on your machine.

                      Common Example is a website that sets itself as a homepage without ever prompting, or ejects your cdrom, opens notepad..
                      theres actually advertisements that do those things..

                      But theres also a script that installs itself.. it will add favorites, change your homepage and add 3 icons to your desktop.
                      I tried and tried to remove it.. and it took a while..

                      The solution is a program called CWS Shredder, it restores IE registry entries and removed hijacked entries..

                      You can get it from www.spywareinfo.com which also has a online scanner you might want to use to remove other stuff..

                      Microsoft issued a patch for this exploit back in November and its included in the cumulative patch on the updates page..

                      Here is the update/patch
                      http://www.microsoft.com/downloads/d...displaylang=en

                      Here is CWS Shredder
                      http://www.spywareinfo.com/~merijn/files/cwshredder.zip

                      This should be the solution to your problem..

                      Comment

                      Working...
                      X