IPB

Welcome Guest ( Log In | Register )

> Zlob.download hijacked, sysnetsecurity.com, hijacked Zlob.download sysnetsecurity.com homepage
dranonym0us
post Jun 22 2006, 05:28 AM
Post #1


Member
**

Group: Members
Posts: 15
Joined: 22-June 06
Member No.: 4,753
not all that good at computers,
It started off changing my homepage to www.sysnetsecurity.com, had some stuff come up in the toolbar it would go from a ? to a no symbol and then every several minutes it would have a box pop from the toolbar and say i was infected and vulnerable or something of the sort. i have gotten rid of everything in the toolbar and all the other stuff that was popping up.
now my homepage is still getting changed to www.sysnetsecurity.com when i go there it a popup says i have W32.Myzor.FK@yf and when i restart the computer and log in my system32 folder opens.
i have ran Ad-aware SE, AVG, Spybot search and destroy, i got rid of most of the problem
tried the basic stuff.
spybot keeps finding Zlob.download
I have tried following other instructions on things that seem similar that i have seen on here but i cant find some of the stuff they have been told to checkbox and fix slightly different names so im wondering what to do
thanks in advance


Logfile of HijackThis v1.99.1
Scan saved at 9:23:39 PM, on 6/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Z\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:87
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = direcway.com ;192.168.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Go to the top of the page
 
+Quote Post

Posts in this topic
dranonym0us   Zlob.download hijacked, sysnetsecurity.com   Jun 22 2006, 05:28 AM
dranonym0us   Logfile Created on:Wednesday, June 21, 2006 10:00:...   Jun 22 2006, 06:22 AM
dranonym0us   OK i followed the instructions about running smitR...   Jun 22 2006, 08:16 AM
dranonym0us   When ever i click a button the "Notice: if yo...   Jun 22 2006, 08:23 AM
CalamityJane   This is a brand new one (Smitfraud family of Hijac...   Jun 22 2006, 03:03 PM
dranonym0us   k i posted it http://www.thespykiller.co.uk/forum...   Jun 22 2006, 11:55 PM
CalamityJane   Thanks for submitting the file. I have fowarded i...   Jun 23 2006, 01:00 AM
CalamityJane   Also, would you please search you system for a fil...   Jun 23 2006, 01:17 AM
dranonym0us   C:\WINDOWS\system32\81f71843.exe C...   Jun 23 2006, 01:28 AM
dranonym0us   im still getting these pop ups that say microso...   Jun 23 2006, 01:34 AM
CalamityJane   We'll have to get out the hammer! If you ...   Jun 23 2006, 02:05 AM
dranonym0us   Thankyou a again for the always prompt replys and ...   Jun 23 2006, 03:33 AM
dranonym0us   ctrl f4 doesnt do anything alt f4 just does the sa...   Jun 23 2006, 04:37 AM
CalamityJane   Do a *scan only* with HijackThis and checkmark bot...   Jun 23 2006, 06:58 PM
dranonym0us   No what i mean is that the X's dont work and n...   Jun 24 2006, 01:19 AM
CalamityJane   Please download [color=red]VundoFix.exe to your de...   Jun 24 2006, 02:10 PM
dranonym0us   When VundoFix re-opens, click the *Scan for Vundo*...   Jun 25 2006, 02:07 AM
CalamityJane   Uhhmmm VundoFix didnt find any files :unsure: Tha...   Jun 25 2006, 02:09 PM
dranonym0us   i also get a pop up for System Integrity Scan Wiza...   Jun 25 2006, 02:16 AM
dranonym0us   nope its back you still want me to run do the last...   Jun 26 2006, 01:57 AM
CalamityJane   Ok, well, is the file gone? And yes, a Startup li...   Jun 26 2006, 02:03 AM
dranonym0us   no i still have the file 81f71843 it keeps coming ...   Jun 26 2006, 05:50 AM
CalamityJane   Download Avenger from here: http://swandog46.geeks...   Jun 26 2006, 06:52 PM
dranonym0us   Logfile of The Avenger version 1, by Swandog46 Run...   Jun 28 2006, 09:45 AM
CalamityJane   Files are gone. What we now see in HijackThis is ...   Jun 30 2006, 09:06 PM

 

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

- Lo-Fi Version Time is now: 3rd September 2010 - 09:30 AM
Powered By IP.Board © 2010  IPS, Inc.

Need Expert Help?

Ad-Aware Pro

Get Ad-Aware Pro and

  • Get immediate support by chat or e-mail
  • Direct, in-product access to help 24/7
  • Enhance your protection against online threats
or

Premium Services

Get immediate help to solve your computer problems. Just sit back and relax, our security experts can help you.

Use of Lavasoft Premium Services constitutes an acceptance of SupportSpace Terms of Service & Privacy Policy