A Digital Age Deserves A Digital Leader

Hijack This

Hijack This

Postby Chippychap » Fri Dec 26, 2008 11:04 am

Hi Guys, I'm still rolling round on the floor with a virus/whatever.
One of its manifestations is that it controls what sites it allows me to see.
It's taken over two weeks for me to D/L Hijack This, I have done it now but it won't allow me into the site that gives me the heads up as to what is wrong, Trend Micro.
Any ideas as to where else it can be decoded?
Ho Ho Ho...... :-x
VEGETARIAN = AN OLD ABORIGINE WORD MEANING BAD HUNTER.
PRO Level 7
User avatar
Posts: 285
Joined: Thu Mar 04, 2004 8:45 am
Location: Glorious West Yorkshire
Real Name: Ken Wyatt

Postby kd1966 » Fri Dec 26, 2008 3:36 pm

I don't know if you have a 2nd PC available for this, but I would recommend an OFFLINE scan/removal. Offline meaning you never boot into your Windows OS; you would slave the HDD to the 2nd system and scan that slaved drive.
I would also try F-Secure.com and go to their Security Center and find the online scan; I have had good success with that one........... it's FREE and it removes the nasties.

EDIT: The problem with trying to scan a "live" system that is infected is fairly obvious - as you are experiencing first hand.... with the malware preventing access to certain sites, and concealing its wherabouts well enough to prevent removal

Also, based on the title of this thread, I would not recommend the HJT program; it can render your system unbootable and there is no UNDO feature
PRO PLATINUM
User avatar
Posts: 6831
Joined: Tue Aug 09, 2005 2:00 am
Location: USA - GSO - NC

Re: Hijack This

Postby Chippychap » Sun Dec 28, 2008 10:12 am

Thanks for the excellent advice Kevin, I've been waiting for the new board to reply.
There's been a bit of a breakthrough.
The bug wouldn't let me view certain sites, mainly one that would have helped me, updates etc.
Either it wouldn't let me onto a site where I could D/L a useful programme i.e. S&D, or, it would
let me D/L 'em but not let me online to register and initiate it.
What a clever bug........ :notworthy
I then went to FileHippo which let me D/L stuff without visiting their websites.
D/L Avast AV which not only ran from the start but does a scan prior to booting, which is some way towards what you were saying
about not running a check whilst PC is running.
It then let me load MalwareBytes etc which have continued the cleansing.
Not out of the woods yet but my PC booted normally for the first ever time in weeks.
Avast is a bit on the exciteable side, loads of hooters and klaxons like being on the bridge of the USS Seaview
but it's lovely to hear 'em
Bless you all for listening to the ramblings of a frightened man... :bashhead
Thank you
VEGETARIAN = AN OLD ABORIGINE WORD MEANING BAD HUNTER.
PRO Level 7
User avatar
Posts: 285
Joined: Thu Mar 04, 2004 8:45 am
Location: Glorious West Yorkshire
Real Name: Ken Wyatt

Re: Hijack This

Postby JabbaPapa » Sun Dec 28, 2008 10:22 am

The trouble is that the malware will likely have changed and/or deleted certain Registry entries, and there would be no easy way to repair this, even after the malware has been removed --- so if the repair tool you found hasn't been able to do it, then the only full repair would involve reinstalling Windows from scratch :(
Image
PRO VETERAN
User avatar
Posts: 9538
Joined: Sun Feb 22, 2004 5:17 pm
Location: Monte-Carlo
Real Name: Julian Lord

Re: Hijack This

Postby Chippychap » Sun Dec 28, 2008 10:51 am

Hi JP, For the minute I'm just relishing a machine that lights up when the button is pressed.
I don't know what it's done, but the booting problem, for now, is gone, so hopefully some of
the other probs have gone as well.
Before, every time I got it lit up I had to restore defaults in the "Internet Options" as pictures weren't loaded
on web pages.
I've got Windows updates back.
I re-loaded my MoBo drivers disc.
Basically, as a newbie, I had no logical approach so just tried to attack each problem as I found it.
If it wouldn't let me go to AV sites I got them from fileshare sites.
Avast picked up stuff called ZIM, ABKC, Swizzor-N and weird stuff that no one else came near.
That was, I feel, cos it scanned pre-boot and caught it napping which is basically what this site recommends.
JP, please don't get the idea I know what I'm talking about, I'm still full of the, probably brief, glow.
VEGETARIAN = AN OLD ABORIGINE WORD MEANING BAD HUNTER.
PRO Level 7
User avatar
Posts: 285
Joined: Thu Mar 04, 2004 8:45 am
Location: Glorious West Yorkshire
Real Name: Ken Wyatt

Re: Hijack This

Postby kd1966 » Sun Dec 28, 2008 5:44 pm

The Avast! pre-boot scan is likely what saved your system this round - provided you don't have some unknown/undocumented virus that isn't in the Avast! database. I would still recommend an offline scan if you have the capability, or try safe-mode with networking and go to F-Secure.com and run the online scanner.
PRO PLATINUM
User avatar
Posts: 6831
Joined: Tue Aug 09, 2005 2:00 am
Location: USA - GSO - NC

Re: Hijack This

Postby JabbaPapa » Mon Dec 29, 2008 9:15 am

Chippychap wrote:Hi JP, For the minute I'm just relishing a machine that lights up when the button is pressed.


hehehe

Chippychap wrote:Basically, as a newbie, I had no logical approach so just tried to attack each problem as I found it.


hmmm that actually *is* the logical approach :notworthy:

Chippychap wrote:JP, please don't get the idea I know what I'm talking about, I'm still full of the, probably brief, glow.


No, you did pretty well -- I'm just suggesting that the purist method of fixing it would be a reinstallation of Windows. But that you may be lucky and the removal tool may have done its work as advertised :)
Image
PRO VETERAN
User avatar
Posts: 9538
Joined: Sun Feb 22, 2004 5:17 pm
Location: Monte-Carlo
Real Name: Julian Lord

Re: Hijack This

Postby Chippychap » Mon Dec 29, 2008 9:46 am

Hey JP, I never meant my post to be critical of your advice.
I don't have access to a 2nd machine. If things go really belly-up again
I would have to take the H/D into my Friendly PC guy.
Re-installing Windows.......I can't because I don't have the disc, the
PC was 2nd hand and although it has the tear-off licenses taped to the
back of the machine, no discs.
I think this is my 4th un-aided boot................ :new-bday:
Sigh!
VEGETARIAN = AN OLD ABORIGINE WORD MEANING BAD HUNTER.
PRO Level 7
User avatar
Posts: 285
Joined: Thu Mar 04, 2004 8:45 am
Location: Glorious West Yorkshire
Real Name: Ken Wyatt

Re: Hijack This

Postby JabbaPapa » Mon Dec 29, 2008 9:58 am

Chippychap wrote:Hey JP, I never meant my post to be critical of your advice.


I understand, and I didn't read it that way :) :notworthy

Regarding your disc problem it would be a good idea to somehow obtain installation media, either the correct XP OEM version with XP SP3 integrated or any copy of Vista 32-bit whichever Windows you have installed ;)
Image
PRO VETERAN
User avatar
Posts: 9538
Joined: Sun Feb 22, 2004 5:17 pm
Location: Monte-Carlo
Real Name: Julian Lord

Re: Hijack This

Postby Chippychap » Mon Dec 29, 2008 10:20 am

Do you mean borrow a disc and just use my license?
I've got XP Media Center.
VEGETARIAN = AN OLD ABORIGINE WORD MEANING BAD HUNTER.
PRO Level 7
User avatar
Posts: 285
Joined: Thu Mar 04, 2004 8:45 am
Location: Glorious West Yorkshire
Real Name: Ken Wyatt

Next

Return to Security & Virus

Who is online

Users browsing this forum: No registered users and 0 guests