Announcement

Collapse
No announcement yet.

Am I hacked???

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Syntax]
    replied
    I remove this thing for a living, its been my source of income lately.. viruses..

    It got on your machine thru a vulnerability microsoft left in IE.
    A webpage can contain XML code, and IE will execute that code locally and make changes to the system registry, and even execute programs on your machine.

    Common Example is a website that sets itself as a homepage without ever prompting, or ejects your cdrom, opens notepad..
    theres actually advertisements that do those things..

    But theres also a script that installs itself.. it will add favorites, change your homepage and add 3 icons to your desktop.
    I tried and tried to remove it.. and it took a while..

    The solution is a program called CWS Shredder, it restores IE registry entries and removed hijacked entries..

    You can get it from www.spywareinfo.com which also has a online scanner you might want to use to remove other stuff..

    Microsoft issued a patch for this exploit back in November and its included in the cumulative patch on the updates page..

    Here is the update/patch
    http://www.microsoft.com/downloads/d...displaylang=en

    Here is CWS Shredder
    http://www.spywareinfo.com/~merijn/files/cwshredder.zip

    This should be the solution to your problem..

    Leave a comment:


  • Sparks-Kelly
    replied
    Important!

    This type of reaction from your machine is a commonly associated with "SpyMan" Software. this is software that someone can Install on your machine throuhg Java. It probably happened when you went to a dirty site or you were looking for trouble. The only way that I know of to rid your machine of this is to search for the file "smts.tgr" in your system32 folder. If this doesn't work try Formatting your machine and Re-Loading.

    Leave a comment:


  • madhadder
    replied
    Just for info: Adware/Lavasoft update the def's at least once a
    week. If Adware don't catch it one day/week perhaps the next.

    Just make sure you keep it updated...

    Leave a comment:


  • ttickzz
    replied
    To me it sounds like you also can have been infected with a Trojan calles JS seeker. It is many variations of this virus, but often it works the way as you describe (as altering your homepage) .
    If you don't have a good Trojan scanner, try the fully working trial version of Trojan remover
    http://www.simplysup.com/tremover/download.html
    just to make clear about you are infected or not.

    Leave a comment:


  • def polak
    replied
    Okay, thank you guys for all your help....I didn't quit understand a lot of that stuff, I have Ad-aware 6.0 that didn't catch it but I looked at a bunch of the other stuff you guys said and that hijacker thing i think got it. I deleted some of the other stuff I've been trying to get off my computer like veritas and gator and crap. As for antivirus stuff, i don't have any (I know i know) Well, now after I exit my hotmail and go to www.msn.com it goes to the normal page, so hopefully I got it. Thanks to you guys again.

    As in where it came from ..... don't know. I don't download anything off the internet really, haven't played Asheron's Call in a long time and that was the last thing I downloaded beside ad aware. my girlfriend gets pics of her cousins through her aunts email, and I download two different deer hunter games the other day that needed a directx but came with them I believe. no porn or anything but I have been going to the get a free ps2 pages so who knows....thanks for the help though.

    adam

    Leave a comment:


  • guano
    replied
    Originally posted by DeepImpulse
    Is there a particular reason that makes AdAware so attractive that i'm unaware of? I have used both AdAware and spybot and think that the latter is better in terms of fixing exploits and such, perhaps because i still use windows, but after running AdAware, i ran spybot which detected files, and fixed exploits that AdAware did not, speciffically some windows DSO exploits, and a data miner
    AdAware and Spybot do not look for the same things. There is plenty of overlap, but there are also things AdAware finds that Spybot doesn't, and vice versa.

    I actually run both periodically...
    If you have a new install of Windows, run AdAware -- if finds most of the default crap that M$ installs. (Yes, Windows DOES install with default spyware.)
    If you just screwed yourself by clicking where you know you shouldn't, then Spybot Search&Destroy is a much better tool.

    I'd also recommend going to Black Viper's web site (http://www.blackviper.com/) and turning off all Windows services you don't need. It's amazing how many exploits and spyware get stopped when you just turn off the defaults. :)

    And even though AV tools don't work for 0-day exploits, make sure you got yours up and running with the latest updates -- most malware isn't 0-day anyway. (I actually had a boss that would manually run Norton every now and then -- and he wondered why he infected our entire CVS tree... twice! BTW, he's still working at HP.)

    Leave a comment:


  • DeepImpulse
    replied
    Is there a particular reason that makes AdAware so attractive that i'm unaware of? I have used both AdAware and spybot and think that the latter is better in terms of fixing exploits and such, perhaps because i still use windows, but after running AdAware, i ran spybot which detected files, and fixed exploits that AdAware did not, speciffically some windows DSO exploits, and a data miner

    Leave a comment:


  • bascule
    replied
    Originally posted by highwizard
    When did this start and what did YOU do to make this happen? Don't give me that bullshit about you not doing anything? Did you open an attachment from someone on your computer? Click on a Link in a persons Messenger Profile? or were you looking at porn?
    My guess would be install a signed ActiveX control from a less-than-credible company. Or perhaps it was just bundled spyware with something like Bonzai Buddy

    Are you upto date on your Anti-Virus and WindowsUpdates?
    Don't forget AdAware!

    Leave a comment:


  • highwizard
    Guest replied
    Originally posted by def polak
    Alright, here is the situation, its happened twice, my internet will not work eventhough I'm connected through cable. Well, I have to restart my computer and then when I go back into the internet there are about five porn sites added to my favorite list and my homepage is switched to http://www.find4u.net/ Also, when I'm checking my mail through hotmail, and then click on sign out, it goes to a site with the address of http://www.msn.com/ ..... also if I type in that address it also says the following...
    .............................
    And thats that. Is deleting and following that pages instructions safe or will it hurt my computer. Also, I have back up discs that I can use to if that will clear this little problem up. I really appreciate any input please.

    adam
    When did this start and what did YOU do to make this happen? Don't give me that bullshit about you not doing anything? Did you open an attachment from someone on your computer? Click on a Link in a persons Messenger Profile? or were you looking at porn?

    Are you upto date on your Anti-Virus and WindowsUpdates?

    Leave a comment:


  • blossom
    replied
    Originally posted by def polak
    Alright, here is the situation, its happened twice, my internet will not work eventhough I'm connected through cable. Well, I have to restart my computer and then when I go back into the internet there are about five porn sites added to my favorite list and my homepage is switched to http://www.find4u.net/ Also, when I'm checking my mail through hotmail, and then click on sign out, it goes to a site with the address of http://www.msn.com/ ..... also if I type in that address it also says the following...

    Did a search on google for "find4u" came up w/ a lot of information on this problem. Appears to be Spyware.

    Here's a thread on the subject that may be helpful.. Looks like the answer is to run Hijackthis.

    Couldn't find anything on your hotmail problem.

    Good Luck!

    Leave a comment:


  • def polak
    started a topic Am I hacked???

    Am I hacked???

    Alright, here is the situation, its happened twice, my internet will not work eventhough I'm connected through cable. Well, I have to restart my computer and then when I go back into the internet there are about five porn sites added to my favorite list and my homepage is switched to http://www.find4u.net/ Also, when I'm checking my mail through hotmail, and then click on sign out, it goes to a site with the address of http://www.msn.com/ ..... also if I type in that address it also says the following...

    If you see this page your hosts file has been hacked. Please use the instruction below to clean your machine.

    You cannot reach the site you where trying to reach without following this procedure! - Please follow the steps provided in this document and make sure to download all patches for your computer from the Windows Update Site which can be found here:
    http://windowsupdate.microsoft.com

    1. Start regedit,
    find HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run ,
    delete starting of svchost.exe file,
    reboot your computer,
    delete file svchost.exe in windows directory.

    2. Reboot windows and start in
    SAFE MODE (F8 key on keyboard before windows starting),
    delete file winlogon.exe in directory: C:\Documents and Settings\All Users\Start Menu\Programs\Startup

    3. Clear your 'hosts' file.
    How to edit your hosts file: locate it first, either by browsing to the directory (as shown above) or by hitting "Start - Search - select all files and folders - type in 'hosts' (without the quotation marks) and hit search. When the file is found, click with your right mouse button on the file and select 'Open With...' This will bring up a list of programs to edit the file with. Select Notepad from that list and click OK. - Remove all lines from the file and type in: 127.0.0.1 localhost. Now close the file and save your changes.
    For Windows 95/98/Millenium machines: Locate the file hosts in your C:\Windows directory. Just delete it or edit it with a text editor like notepad and make sure there is only one line there:
    127.0.0.1 localhost
    For Windows 2000 machines: Locate the file hosts in your C:\Winnt\System32\Drivers\Etc directory. Just delete it or edit it with a text editor like notepad and make sure there is only one line there:
    127.0.0.1 localhost
    For Windows XP machines: Locate the file hosts in your C:\Windows\System32\Drivers\Etc directory. Just delete it or edit it with a text editor like notepad and make sure there is only one line there:
    127.0.0.1 localhost





    And thats that. Is deleting and following that pages instructions safe or will it hurt my computer. Also, I have back up discs that I can use to if that will clear this little problem up. I really appreciate any input please.

    adam
Working...
X