|
|
| Page 1 of 1 |
|
|
 Posted: Sat, 21st Jul 2007 03:38 Post subject: Random Websites |
|
 |
every so often Firefox has opened a random webpage i have scanned with all of my anti-virus and spyware programs but couldnt fix the problem it is the 2nd time it has happened i formated the computer because of it and now it is happening again
here is my log file to hijackthis i was wondering if you could find the problem
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:33:30 PM, on 7/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Windows\system32\isys32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\uTorrent\utorrent.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mickster\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MonAppli] C:\Windows\system32\isys32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 4029 bytes
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 21st Jul 2007 10:04 Post subject: |
|
|
I think it's the isys32.exe, here's something I found on google:
| Quote: |
* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [MonAppli] C:\Windows\system32\isys32.exe
* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
Navigate to and delete next file:
C:\Windows\system32\isys32.exe
|
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 21st Jul 2007 10:23 Post subject: |
|
|
Anytime a process is running in your backgroudn that doesn't look like it shoudl be there...like isys.exe, just google it and it'll usualyl come up with a few sites telling you what it goes/belongs to, googling isys.exe would have brought up some forums with people with it showing how to get rid of it. If the above action doesn't work, give this one a run.
| Quote: | Press Control-Alt-Del to enter the Task Manager.
Click on the Processes tab and end the following process:
isys32.exe
Exit the Task Manager when finished.
Please rename hijackthis.exe to anything.exe you feel comfortable with, as some new baddies are now able to detect hijackthis.exe and hide from it.
Download and run CrapCleaner from http://www.ccleaner.com/
Note: in CCleaner: go to <options/advanced> Uncheck "Only delete files in Windows Temp folders older than 48 hours").
Download and install AVG Anti-Spyware from http://free.grisoft.com/doc/20/lng/us/tpl/v5 - (Please do not confuse it with AVG Antivirus, which is another thing. Scroll down the page and click the "download the free version" orange button). don't run it for scanning yet, just update it:
Double-click the icon on Desktop to launch AVGAS
You will need to update AVGAS to the latest definition files.
- On the top of the main screen click Shield
- Click the word active to change it to inactive
- On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
When you have finished updating, EXIT AVGAS.
Close all programs leaving only HijackThis running. Place a check against of the following:
O4 - HKLM\..\Run: [MonAppli] C:\Windows\system32\isys32.exe
Click on Fix Checked when finished and exit HijackThis.
Reboot into Safe Mode: please see here if you are not sure how to do this.
set your system to show all files; please see here if you're unsure how to do this.
Using Windows Explorer, locate the following file and delete it:
C:\Windows\system32\isys32.exe
Exit Explorer, don't reboot yet.
Run AVG Anti-Spyware.
- Click Scanner
- Click on the Scan tab
- Click Complete System Scan to begin scanning.
When the scan is complete click Recommended Action and change it to Quarantine, then click Apply all actions
Once finished, click the Save report button, then click Save Report As. This will create a text file.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
Make sure you know where to find this file again.
Note: If you are unable to run avgas in safe mode, restart in normal mode and perform a full system scan from there.
Restart in Normal Mode. |
I'm not telling you to get rid of NOD as it's a good A/V, but shut it down and try a Kaspersky trial just to make sure there isn't anything else on your computer that shouldnt be there.
|
|
| Back to top |
|
|
headshot
VIP Member
Posts: 35901
Location: UK
|
| Posted: Sat, 21st Jul 2007 12:10 Post subject: |
|
|
http://www.hijackthis.de
Copied and pasted your logfile into the analyzer and it gets a big red nasty X lol.
C:\Windows\system32\isys32.exe ....................... Fuzzy Algorithmcheck (1.71 / 5.00), Nasty
Also if you are having issues with browser hijackers I recommend you download, install, update and run superantispyware.
www.superantispyware.com
May the NFOrce be with you always.
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 21st Jul 2007 23:28 Post subject: |
|
|
thanks the first one fixed it thank you
Sig too big.
|
|
| Back to top |
|
|
| Page 1 of 1 |
All times are GMT + 1 Hour |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB 2.0.8 © 2001, 2002 phpBB Group
|
|
 |
|
