MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 08-04-06, 11:06
ave292 ave292 is offline
Private E-2
 
Join Date: Aug 2006
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Angry Browserhijaked

Hi my browser has being hijacked by this: http[//]xn--3zo1864a/
I need help please.
Attached Files
File Type: txt xrkey00.txt (905 Bytes, 12 views)
File Type: txt newfiles.txt (706 Bytes, 9 views)

Last edited by DavidGP; 08-04-06 at 11:47.. Reason: edited live url to prevent anyone clicking it being infected too
Reply With Quote
Sponsored links
  #2  
Old 08-04-06, 11:12
matt.chugg's Avatar
matt.chugg matt.chugg is offline
Major Geek
 
Join Date: Jul 2006
Location: Cornwall UK
Posts: 3,260
Thanks: 0
Thanked 3 Times in 3 Posts
Default Re: Browserhijaked

Welcome to MajorGeeks

If you have a malware problem please post in the malware forum which restricts who can answer ensuring you get only qualified advice. I will have an admin/mod move this thread for you.

What about the other logs ? Bitdefender, Activescan, Hijackthis. DId you run windows defender ?
Reply With Quote
  #3  
Old 08-04-06, 11:49
DavidGP's Avatar
DavidGP DavidGP is offline
MajorGeeks Forum Administrator - Grand Pooh-Bah
 
Join Date: Jan 2002
Location: UK
Posts: 38,838
Thanks: 3,018
Thanked 3,106 Times in 2,819 Posts
Default Re: Browserhijaked

Hi and Welcome to Majorgeeks!

Moved to Malware part of forum........

Do please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

  • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
  • Make sure you check version numbers and get all updates.
  • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
  • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.


  • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
    • runkeys.txt - the log from GetRunKey.bat
    • newfiles.txt - the log from ShowNew.bat
    • CounterSpy - ONLY IF you were not able to run Windows Defender
    • Bitdefender - from step 6
    • Panda Scan - from step 6
    • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
Reply With Quote
  #4  
Old 08-05-06, 08:25
ave292 ave292 is offline
Private E-2
 
Join Date: Aug 2006
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Smile Re: Browserhijaked

Hi thanks for the prompt anwer,
I have followed the instructions on the how to page some of the logs I have attached allready the two first ones.
here is the rest of them, I continue to have the same problem should I run hijackthis now?
Attached Files
File Type: txt Activescan.txt (2.9 KB, 5 views)
File Type: txt bdscan.txt (595 Bytes, 3 views)
Reply With Quote
  #5  
Old 08-05-06, 09:28
ave292 ave292 is offline
Private E-2
 
Join Date: Aug 2006
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Thumbs up Re: Browserhijaked

Hi yes I run bitdefender & all the other tools you told me to run and it worked! my browser is like it supose to be, sorry I am new to computers & slow to understand, I apreciate all your help every one a BIG thankyou to you all.
Reply With Quote
Sponsored links
  #6  
Old 08-06-06, 01:37
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,442
Thanks: 62
Thanked 7,687 Times in 4,146 Posts
Default Re: Browserhijaked

Quote:
Originally Posted by ave292
I have followed the instructions on the how to page some of the logs I have attached allready the two first ones.
here is the rest of them, I continue to have the same problem should I run hijackthis now?
Your first to logs are empty which is a typical sign that you did not extract all the files from the ZIP files as instructed. Try again.

Also you did not post the Bitdefender log as requested. You need to follow the directions to get a correct log. All you posted was a log summary which is not useful. Don't run it again. It is unnecessary now.

And yes the directions Matt gave you already requested a HijackThis log.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #7  
Old 08-07-06, 03:22
ave292 ave292 is offline
Private E-2
 
Join Date: Aug 2006
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Thumbs up Re: Browserhijaked

Hi thank you for your quik response, I did xtract the ziped files as instructed and that's the result don't ask me what it means I know little about computers,
In some my broser is beack to normal after doing everything as instructed so I must have done something wright.
Thanks to all of you for all the help you are great..
chears.
Reply With Quote
  #8  
Old 08-07-06, 09:38
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,442
Thanks: 62
Thanked 7,687 Times in 4,146 Posts
Default Re: Browserhijaked

Are you saying you are no longer having any problems that you need help with?

Something is wrong that is stopping GetRunKey and ShowNew form getting logs. If you are sure you extracted all the files from the ZIP file, then you need to run the other step from the download link. It says:

Quote:
Note: If your newfiles.txt log appears to be empty or semi-empty or if you get an error similar to the below when running shownew.bat and you are running Windows XP or Windows 2000, follow the steps further down that relate to your OS.

C:\WINDOWS\SYSTEM32\AUTOEXEC.NT. The system file is not suitable for running MS-DOS and Microsoft Window applications.


For Windows XP Pro: download and run XPproFix
For Windows XP Home: download and run XPHomeFix
For Windows 2000: download and run: W2KFix
So run the one from above for your Windows Version and then get new logs from GetRunKey and ShowNew and attach them.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #9  
Old 08-07-06, 12:11
ave292 ave292 is offline
Private E-2
 
Join Date: Aug 2006
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Browserhijaked

Hi the answer to your question is "yes" my browser is normal again like it was before, but I got warried that I could not get the files you mentioned so I downloaded XPHomeFix & run the Bat files again tthis is what I got see att,
Thanks to you all.
Reply With Quote
  #10  
Old 08-07-06, 14:41
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,442
Thanks: 62
Thanked 7,687 Times in 4,146 Posts
Default Re: Browserhijaked

Quote:
Originally Posted by ave292
Hi the answer to your question is "yes" my browser is normal again like it was before, but I got warried that I could not get the files you mentioned so I downloaded XPHomeFix & run the Bat files again tthis is what I got see att,
Thanks to you all.
You did not attach anything!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Sponsored links
  #11  
Old 08-08-06, 07:08
ave292 ave292 is offline
Private E-2
 
Join Date: Aug 2006
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Browserhijaked

Quote:
Originally Posted by chaslang
You did not attach anything!
Sory they did not upload properly I will do it again.
Sory Ihave uploaded them but they did not appear on the post!
Reply With Quote
  #12  
Old 08-08-06, 09:28
ave292 ave292 is offline
Private E-2
 
Join Date: Aug 2006
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Browserhijaked

Hi I will try again.
Can not attach anything Attachments didn not work.:

Last edited by ave292; 08-08-06 at 09:31.. Reason: Attachments didn not work
Reply With Quote
  #13  
Old 08-08-06, 23:51
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,442
Thanks: 62
Thanked 7,687 Times in 4,146 Posts
Default Re: Browserhijaked

Have you read and are you following the directions in the below link:

HOW TO: Attach Items To Your Post

Make sure you look at response in the Manage Attachments window. Error messages do appear there but they are not real obvious.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #14  
Old 08-09-06, 10:48
ave292 ave292 is offline
Private E-2
 
Join Date: Aug 2006
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Browserhijaked

Quote:
Originally Posted by chaslang
Have you read and are you following the directions in the below link:

HOW TO: Attach Items To Your Post

Make sure you look at response in the Manage Attachments window. Error messages do appear there but they are not real obvious.
Hi yes I read all the instructions and did everything you asked I still get the same result. Now what? I will try again now.:
This is the error I get now newfiles.txt.txt:
You have already attached this file in thread : Browserhijaked
xrkey.txt:
You have already attached this file in thread : Browserhijaked
Reply With Quote
  #15  
Old 08-09-06, 11:17
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,442
Thanks: 62
Thanked 7,687 Times in 4,146 Posts
Default Re: Browserhijaked

That means you are trying to attach the exact same files with the exact same contents. Thus it means the you still have not gotten GetRunKey and ShowNew to run properly or completety.

Where did you download the two ZIP files too? Give me the complete path name.
Then also tell me where you extracted the ZIP files too. And tell me all the filenames that appear in the folder with GetRunKey.bat and with ShowNew.bat

Also note you are not supposed to be unload any of the temp file froms running GetRunKey. The temp files are all things beginning with x or xr. The only file we want uploaded from GetRunKey is the final output as stated in the directions. And that is runkeys.txt.

From ShowNew, the output file is newfiles.txt not newfiles.txt.txt
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Sponsored links
  #16  
Old 08-09-06, 12:50
ave292 ave292 is offline
Private E-2
 
Join Date: Aug 2006
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Browserhijaked

Hi,
That's right I extracted them to a dir called C:\Pc Cleanup Tools and Extracted them to C:\Pc Cleanup Tools and\CMGTools then run from there and this is the result, the files that appear on that folder are (1) GetRunKey (2) grep (3) locate (4) ShowNew that is all.
I have renamed the files to see if it would upload but it did not.
Reply With Quote
  #17  
Old 08-09-06, 20:15
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,442
Thanks: 62
Thanked 7,687 Times in 4,146 Posts
Default Re: Browserhijaked

Quote:
Originally Posted by ave292
Hi,
That's right I extracted them to a dir called C:\Pc Cleanup Tools and Extracted them to C:\Pc Cleanup Tools and\CMGTools then run from there and this is the result, the files that appear on that folder are (1) GetRunKey (2) grep (3) locate (4) ShowNew that is all.
I have renamed the files to see if it would upload but it did not.
I'm not sure I understand your message! What is the full folder path? Is it:

C:\Pc Cleanup Tools and\CMGTools

or is it

C:\Pc Cleanup Tools\CMGTools

And don't you mean you see: GetRunKey.bat, grep.exe, locate.exe, and shownew.bat

Open a command prompt window by clicking Start, Run, and enter cmd and click OK.

In the command prompt window enter the below command to change to the folder where you extracted the files. Just replace it by the correct path if I have the name wrong.

cd C:\Pc Cleanup Tools\CMGTools

Now run GetRunkeys.bat by entering the below in the command prompt window:

getrunkey

Tell me what happens! Do you see any error messages? If so, tell me the exact word for word error message seen.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #18  
Old 08-10-06, 16:22
ave292 ave292 is offline
Private E-2
 
Join Date: Aug 2006
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Browserhijaked

Quote:
Originally Posted by chaslang
I'm not sure I understand your message! What is the full folder path? Is it:

C:\Pc Cleanup Tools and\CMGTools

or is it

C:\Pc Cleanup Tools\CMGTools

And don't you mean you see: GetRunKey.bat, grep.exe, locate.exe, and shownew.bat

Open a command prompt window by clicking Start, Run, and enter cmd and click OK.

In the command prompt window enter the below command to change to the folder where you extracted the files. Just replace it by the correct path if I have the name wrong.

cd C:\Pc Cleanup Tools\CMGTools

Now run GetRunkeys.bat by entering the below in the command prompt window:

getrunkey

Tell me what happens! Do you see any error messages? If so, tell me the exact word for word error message seen.
Hi OK Maybe I wasen't so calear the DIR that I downladed the progs is this one C:\Pc Cleanup Tools, and the were I xtracted the files is
C:\Pc Cleanup Tools\CMGTools, I run form there & I got the same result as I got now wich says C:\Pc Cleanup Tools\GMGTools>GetRunkey 'regedit' is not recognized as an internal command, operable program or batch file, & repeats 40 times.
I hope this helps
Reply With Quote
  #19  
Old 08-11-06, 00:42
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,442
Thanks: 62
Thanked 7,687 Times in 4,146 Posts
Default Re: Browserhijaked

Quote:
Originally Posted by ave292
I run form there & I got the same result as I got now wich says C:\Pc Cleanup Tools\GMGTools>GetRunkey 'regedit' is not recognized as an internal command, operable program or batch file, & repeats 40 times.
I hope this helps
Okay this is new information and is more useful. This means that your PC does not have a valid registry editor file (regedit.exe) or that you may have a malware file named regedit.com intercepting the commands. A .com file will run before a .exe file of the same name.

Make sure you have enabled viewing of hidden & system files per the READ ME and then run Windows Explorer. Look in C:\windows\system32 and also in C:\windows for regedit.com and if found, delete it. DO NOT delete regedit.exe

Let me know what you find. If you do find and delete regedit.com, now try to run GetRunKey and ShowNew.


If the above still does not work, please attach a HijackThis log after following the directions in step 7 of the READ ME.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #20  
Old 08-11-06, 08:35
ave292 ave292 is offline
Private E-2
 
Join Date: Aug 2006
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Browserhijaked

Hi Here are the Regedit files & where they reside C:\windows regedit.exe,
& In C:\windows\system32 there are 1 reg.exe, 2 regedt32.exe, 3 regini.exe, 4 REGPLIB.EXE, 5 regsvc.dll, 6 regsvr32.exe, 7 regwiz.exe, 8 regwizc.dll,
Plus in C:\WINDOWS\ServicePackFiles\i386 there is one regedit.exe
That is all I can find see if this helps
Ps I found something else in C:\windows this Updreg.EXE

Last edited by ave292; 08-11-06 at 08:43..
Reply With Quote
Sponsored links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 09:35.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger