| Page 1 of 1 |
|
|
 Posted: Thu, 3rd Mar 2005 08:07 Post subject: Internet Explorer hijacked... |
|
 |
Hi, last night I suddenly ran into some strange problems with Internet Explorer. Every time i started IE it started 3/4 processes with wierd names (like ntua32.exe, sdknq.exe, etc.)
I first thought it was spyware, so I scanned it with ad aware, spyblast and every anti-spyware program I know, but no luck... Then I scanned it with Trend Micro's online virus scan and it found 31 infected files in my WINDOWS and SYSTEM VOLUME INFO folders.. All named TROJ_AGENT.
One problem left, I can't delete them... even if I shut down every possible process its impossible to delete these files. Im downloading Norton Antivirus 2005 soon and i'll scan it with that later..
Anyone who can give me some help here?
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 3rd Mar 2005 08:09 Post subject: |
|
|
run the recovery console, you should be able to delete the files there
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 3rd Mar 2005 08:13 Post subject: |
|
|
| whoKnows wrote: | | run the recovery console, you should be able to delete the files there |
Thx for your fast reply. However, there's multiple (4-10) files and i was able to delete some already, but as soon as I started Internet Explorer they came back with different names..
I dont know which files to delete cus i doesn't seem to have any effect..
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 3rd Mar 2005 08:20 Post subject: |
|
|
|
|
|
| Back to top |
|
|
razor1394
VIP Member
Posts: 3571
Location: Sweden
|
| Posted: Thu, 3rd Mar 2005 09:19 Post subject: |
|
|
1. Change to Firefox or Opera. Stop using IE for anything other than Windows update.
2. Get Microsoft antispyware and trash any previous spyware app. Scan.
3. Trash Trend micro and Norton. Get Nod32. Scan.
4. Do a regclean and a reg defrag.
5. Check the startup settings and disable anything suspicious.
* Another thing you can do is to get hijackthis and post the log over here.
...or you can just forget that and Get OSX, Linux or FreeBSD because you will get haunted by that crap later.
Last edited by razor1394 on Thu, 3rd Mar 2005 11:44; edited 1 time in total
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 3rd Mar 2005 10:41 Post subject: |
|
|
if you still have this problem.....try spysweeper......cleans hijacked website very fast!
|
|
| Back to top |
|
|
[sYn]
[Moderator] Elitist
Posts: 8374
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 3rd Mar 2005 11:37 Post subject: |
|
|
| razor1394 wrote: | 1. Change to Firefox or Opera. Stop using IE for anything other than Windows update.
2. Get Microsoft antispyware and trash any previous spyware app. Scan.
3. Trash Trend micro and Norton. Get Nod32. Scan.
4. Do a regclean and a reg defrag.
5. Check the startup settings and disable anything suspicious.
|
Thats the best thing to do. To clean up the reg the prog i use is system machanic 5...this is a great program to clean and protect your PC. There's an option call "Startup Guard", when its enable it will block everything that is trying to go in your startup unless you give the OK for that prog to go there.
|
|
| Back to top |
|
|
razor1394
VIP Member
Posts: 3571
Location: Sweden
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 3rd Mar 2005 13:36 Post subject: |
|
|
| Kommando wrote: | | razor1394 wrote: | 1. Change to Firefox or Opera. Stop using IE for anything other than Windows update.
2. Get Microsoft antispyware and trash any previous spyware app. Scan.
3. Trash Trend micro and Norton. Get Nod32. Scan.
4. Do a regclean and a reg defrag.
5. Check the startup settings and disable anything suspicious.
|
Thats the best thing to do. To clean up the reg the prog i use is system machanic 5...this is a great program to clean and protect your PC. There's an option call "Startup Guard", when its enable it will block everything that is trying to go in your startup unless you give the OK for that prog to go there. |
Ive done all that too man, blocked every suspicous thing at Startup, all works ok till I run IE, then it all comes back....
I think I'll try a reg defrag now.....
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 3rd Mar 2005 15:07 Post subject: |
|
|
Fuck this im going for a format this is getting worse every minute.
a few years back I've done a format which formatted 'Program Files' and 'Windows' and kept the rest but I can't remember how I did this.
Anyone knows?
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 3rd Mar 2005 15:46 Post subject: |
|
|
I don't know how that works, but don't you have ERD Commander 2005? There was an 0day rls recently wich you could use. With ERD Commander you could clean/check the registry. And can you give us the name of the virus/trojan/whatever you have on your pc?
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 3rd Mar 2005 15:48 Post subject: |
|
|
| feyenoord4ever wrote: | Fuck this im going for a format this is getting worse every minute.
a few years back I've done a format which formatted 'Program Files' and 'Windows' and kept the rest but I can't remember how I did this.
Anyone knows? |
what u mean is:
install windows over your current windows  |
|
| Back to top |
|
|
|
|
| Posted: Thu, 3rd Mar 2005 16:04 Post subject: |
|
|
yeah, but this way he keeps his programs, and he said that he deleted the program folder. Do a format and make a clean install if you decide to reinstall.
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
razor1394
VIP Member
Posts: 3571
Location: Sweden
|
| Posted: Thu, 3rd Mar 2005 22:53 Post subject: |
|
|
Did you try Nod32. Try it before you format.
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
| Page 1 of 1 |
All times are GMT + 1 Hour |
