Help needed urgently

Discussion in 'Malware Help (A Specialist Will Reply)' started by Hot_Dog, Jan 31, 2007.

  1. Hot_Dog

    Hot_Dog Private E-2

    Hi

    We have a laptop within our workplace which according to NOD32 has the 'Win32/Agent.RK' trojan. Now, having used HIJACKTHIS before this was the first port of call. I started IE7, went to google and typed in 'HIJACKTHIS'. The first website listed was 'MAJOR GEEKS.COM' which I went ahead and clicked on. Then something strange happened, I was taken to 'www.kontraband.com/show/show.asp?id=5361&li=5361' and then another window popped up which I promptly shut down both websites so cannot tell you what the other website was.

    The strange thing about this is that before I was taken to this website I could search for 'HIJACKTHIS' and the results were returned, however after I had visited this website whenever I enter 'HIJACKTHIS' into the google search both IE7 & Firefox both quit. If I enter anything else all is fine.

    I then downloaded 'HIJACKTHIS' on another machine and copied it to the laptop, however when you try to unzip it, winrar quits straight away and if I copy an unzipped version to the laptop I cannot run it. It comes up with the warning window regarding the dangers of using 'HIJACKTHIS' then quits. Thats it, I cannot proceed any further.

    Anything which mentions 'HIJACKTHIS' is shut down immediatley and is driving me nuts. Now, could it be the trojan that has HIJACKED me or is it something else, and if I can't get HIJACKTHIS to run what else could I use. All NOD32 reports is the trojan, spybot reports nothing and so does AD-Aware.

    Im completely lost as to what to do now so any help would be gratefully received. Oh and before anyone asks, i've done as was asked of me as per following the instructions before posting here, I have the logs but will only post if requested, and also the installing HIJACKTHIS and renaming part which has made no difference whatsoever. Still cannot run 'HIJACKTHIS'

    Ok, i've just noticed something else, maybe a clue, when I use google search a seperate window now appears 'hrena????' asking whether I'd like visit www.search.net. Does this mean anything to anyone, other than it looks like the laptop is now HIJACKED.
     
    Last edited: Jan 31, 2007
    Hot_Dog, Jan 31, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Yes attach all the logs as requested in the READ ME.
     
    chaslang, Jan 31, 2007
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds