my computer hijacked ? 74.86.22.02 ? snitsig.com ?

Discussion in 'Malware Help (A Specialist Will Reply)' started by steve123, Feb 23, 2008.

  1. steve123

    steve123 Private E-2

    hello,

    just found this forum, maybe you can help me, i don´t know what else to do anymore. i think my other computer has got some spyware or virus or something.

    everytime i connect to a website, e.g. google.com, my browsers (both IE and Firefox!) are displaying information for a company called "Snitsig".
    It seems to be a webdesign company.
    But I cannot connect to any other websites. Either there is an error message coming up "cannot display website" (but NOT the normal IE or Firefox error messages).
    And I'm getting the same fake US IP all the time as well, no matter what I do: 74.86.22.02
    (I'm from the UK and get usually UK IPs)

    my other computer is working fine with exactly the same internet connection !
    if i connect to the internet with the faulty computer, the connection seems to work, but its not displaying any websites...

    Now what I've done so far, but hasn't helped:
    -disconnected modem
    -renew IP with ipconfig / LAN settings
    -tried to use this computer with someone elses network (still exactly same IP / messages)
    -tried latest versions of AVG spyware, AVG virus, Adaware, nothing, (well AVG found some virus / trojaner, which has been deleted, but it's still not working.)
    -deleted all cookies
    -error is coming up for both wireless or LAN connection

    has anyone got an idea what i can do or what the problem is ?
    thanks.

    (p.s. crossposted on icrontic forums)
     
    steve123, Feb 23, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please do not work in multiple forums. Choose one forum and stick with it. It's your choice where you want to work but free help like this is a precious resource and we don't want to see duplicate resources being used for the same problem and it can result in conflicts and confusion for all.

    If you wish to work here, please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
    chaslang, Feb 23, 2008
    #2
  3. steve123

    steve123 Private E-2

    ah ok, i'm really sorry. i'll stick with you guys then ;) i tried already several other spyware programs, therefore i initially didn't download the programms specified. and i also cannot acces the internet anymore at all with my faulty computer. so i used a friends laptop to download the software...
    i've done that and copied, installed and run these 4 programs. but the same errors is still occuring after that, i've attached the 3 logs as specifeid.
    i'd appreciate it if someone could help me or clarify what the issue is...
    let me know if you need any more details.
    thank you.
     

    Attached Files:

    steve123, Feb 23, 2008
    #3
  4. steve123

    steve123 Private E-2

    ok, it got worse, i can't even start my computer now properly :cry
    windows keeps on freezing a few minutes after starting...
    has anyone got an idea what i can do ?
    are there any other options but formatting whole hard drive & reinstalling windows ?
     
    steve123, Feb 24, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please do not post additional messages after attaching your logs. I understand you are frustrated and need help but posting message # 4 cost over a day more of additional waiting time. See the below sticky thread posted at the top of every page in the forum:

    Don't Bump! It Only Hurts You!!!

    Intentional or not, it still results in a bump.

    Is the below a valid service that you recognize? If looks like malware to me:
    O23 - Service: JobTrigger - Hewlett Packard - C:\WINDOWS\system32\JobTrigger.exe

    Also what about this Marimba service? This also seems questionable?
    O23 - Service: workspace - Marimba, Inc. - C:\program files\marimba\castanet tuner\Tuner.exe


    You missed an important part of the READ & RUN ME that is right at the beginning. Only one antivirus prorgam should be installed. I see AVG7.5 and Symantec. Uninstall Symantec now.


    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O16 - DPF: {00100000-2004-0003-85AA-828F11E00F28} -
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (WficaCtl Object) -
    O23 - Service: WinPwdReset - Unknown owner - C:\WINDOWS\system32\WinPwdHelper.exe (file missing)

    NOTE: If you get an error message from HijackThis about the O23 - Service line just ignore and continue.

    After clicking Fix, exit HJT.

    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Now we need to use ComboFix to remove a bunch of malware files.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    Driver::
WinPwdReset
 
File::
C:\WINDOWS\system32\WinPwdReset.exe
FileLook::
C:\WINDOWS\system32\CorpSet.exe
C:\WINDOWS\system32\JobTrigger.exe
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Feb 26, 2008
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds