#1
|
|||
|
|||
meez be hacked
Hiya,
I just started my comp last night and it took forever to load up which is unusual. After windows finally loaded, kaspersky found 56 trojans(I think in the "startup"). So kaspersky stopped them all, and I restarted the computer again but they all came back. Virus scanned the whole computer, restarted, and they are still there. Any advice appreciated.. thanks |
#2
|
|||
|
|||
Re: meez be hacked
Make sure Kaspersky is running the latest virus definitions, then run a free online scan such as trend micros housecall or panda activescan. This should get rid of the majority of them. Then download hijackthis and post your log here.
We'll check to make sure your clean, and if your not, we'll give you instructions to remove the malware from your system manually. |
#3
|
|||
|
|||
Re: meez be hacked
thanks will do
|
#4
|
|||
|
|||
Re: meez be hacked
uncheck them all in your startup, and boot in safe mode next time and delete that shiz.
|
#5
|
|||
|
|||
Re: meez be hacked
How do we know this is really you and not the hacker posing as you?
|
#6
|
|||
|
|||
Re: meez be hacked
Well I kept trying to run those free online scans like panda but they kept freezing my computer and I'm on 56k too so... ya.. anyways here is the hijack this logfile, notice anything suspicious?
Logfile of HijackThis v1.99.1 Scan saved at 3:14:30 PM, on 8/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\SnoopFreeUI.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\System32\SnoopFreeSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe O23 - Service: PostgreSQL Database Server 8.0 (pgsql-8.0) - Unknown owner - C:\Program Files\PostgreSQL\8.0\bin\pg_ctl.exe" runservice -N "pgsql-8.0" -D "C:\Program Files\PostgreSQL\8.0\data\ (file missing) O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe |
#7
|
|||
|
|||
Re: meez be hacked
Your log looks clean clean. Are you still having problems? I suspect kaspersky or one of your online scans may have taken care of everything.
|
#8
|
|||
|
|||
Re: meez be hacked
kaspersky keeps saying I have "56 files found", it keeps taking a while to load, but now its after windows loads instead of right when I boot up the computer, if that makes sense.
I couldnt use the online scan thing because Im on 56k and it takes forever for those things to download and when it actually started to work(on shaky weak stolen wifi), it froze my comp. So I dunno what to do, maybe take it to a shop or something.. thanks for the help though, im glad to hear my registry came back clean. |
#9
|
|||
|
|||
Re: meez be hacked
zone alarm has a 30-day trial for it's virus, firewall, and spyware suite.
|
#10
|
|||
|
|||
Re: meez be hacked
Its not just your registry, but hijackthis usually gives an indication of some sort of malware probably more than 95% of the time, and you have no indication of malware at all. Perhaps you have one of the newer viruses that hides itself from hijackthis? Try renaming hijackthis to 20948.exe once you download the latest hijackthis and repost your log here. I doubt this is the case but its worth a shot.
Also, i would really highly recommend those online anti virus scans if you can get through them. Anyway, I suspect your kaspersky is messed up and has already taken care of the files. Let me know how it goes. EDIT: Honestly, i think taking it to a shop will be next to useless, plus the high price (i think geeksquad is like $300 for virus cleaning or some [censored]). Your log looks ultra clean, and your running only what you should with the best and what looks like updated software. If the above that i have suggested doesn't work. Try uninstalling kaspersky, reinstalling and updating a separate antivirus like avg, and see if you still get the same messages. If you don't get any messages from avg, try installing kaspersky once more and see how it goes. |
|
|