Browser being hijacked

Discussion in 'Malware Help (A Specialist Will Reply)' started by jfoytek, Dec 18, 2009.

  1. jfoytek

    jfoytek Private E-2

    Trying to get my wifes machine up to snuff.... She said it was running sluggish starting a few days ago I payed her no mind at the time as I thought it was either slow server or ISP at the time. Well since then it has frozen several times and the icing on the cake was her bank sight redirected her too a page trying to get her personal info. So I jumped on the comp to figure out what has going on but it seems to be a bit of a mystery! Spy Bot SD found nothing. CCleaner ran clean... So I searched all created files on the date in question and found only a small sniff a twain.exe file also using the same methodology I found out that whenever the web page got redirected a system32/CatRoot2 file would show up.....

    So my thinking was win32.agent.pz attempted manual removal but couldnt find any files other then Twain nor any registry entry's.....

    So finding myself stumped I decided to turn to you all.... I have since followed the procedures for win xp cleanup and the following are my logs. Also included a copy of HijackThis. Couldnt do ComboFix because the sight is down? And MGtools failed giving me the following error
    C/Widow/System/cmd.exe
    System/CurrentControlSet/Control/VirtuaDeviceDrivers. Virtual Device Driver Format in the registry is invalide. Choose close to terminate the application.
     

    Attached Files:

    Last edited by a moderator: Dec 20, 2009
    jfoytek, Dec 18, 2009
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi and welcome. As a rule we always attach logs at Majorgeeks as opposed to posting inline which simply slutters up search engine results. From now on use the "manage attachments" button to get me any logs I need. :)

    Not any more, it is back up and running, please refer to the READ ME instructions again to download and run it. Attach the log it creates into your next reply.
    We will see if we have any luck with MGTools after we give combofix a run. Allso there has been an update to MGTools since you last attempted to run it so we will see how that goes for now. However in the link below you should scroll down to error message 2 where a possible solution lies.

    Using MGTools



    Thanks
    kes13!
     
    Last edited: Dec 20, 2009
    Kestrel13!, Dec 20, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds