| IE hijacked... Help ! |
| Author: |
Message: |
user13774
Disabled Account
Posts: 1119
Joined: Apr 2003
Status: Away
|
RE: IE hijacked... Help !
quote:
Originally posted by Markus
please do a scan with HijackThis and attach the log file here. I'll tell you which entries to select and remove/reset
|
|
| 05-15-2005 12:34 PM |
|
 |
WaqasTariq
Full Member
Posts: 356
Reputation: 3
43 /  / 
Joined: Jan 2003
|
O.P. RE: RE: IE hijacked... Help !
quote:
Originally posted by Markus
quote:
Originally posted by Markus
please do a scan with HijackThis and attach the log file here. I'll tell you which entries to select and remove/reset
Hi,
Here is the log file...
Logfile of HijackThis v1.99.1
Scan saved at 10:40:11 PM, on 5/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\prime Computer\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\PRIMEC~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\PRIMEC~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {977E10FC-95FE-4399-A349-C505A1DC502B} - C:\WINDOWS\system32\bogj.dll
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\PRIMEC~1\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DC5AE20-371B-4701-AEF4-F5B218B30D38}: NameServer = 202.163.96.3 202.163.96.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DC5AE20-371B-4701-AEF4-F5B218B30D38}: NameServer = 202.163.96.3 202.163.96.4
O18 - Filter: text/html - {7D305B7D-30C4-4C85-9BC0-1F29990A9E6F} - C:\WINDOWS\system32\bogj.dll
O18 - Filter: text/plain - {7D305B7D-30C4-4C85-9BC0-1F29990A9E6F} - C:\WINDOWS\system32\bogj.dll |
|
| 05-15-2005 05:41 PM |
|
|
user13774
Disabled Account
Posts: 1119
Joined: Apr 2003
Status: Away
|
RE: IE hijacked... Help !
Ok... as you can see the se.dll file is in multiple entries.
Also I can't find any info regarding bogj.dll, but I'm not sure if it's a virus. I recommend you also check the bogj entries. You can always restore a backup or do a system restore.
Select the following entries and choose 'fix checked':
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\PRIMEC~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\PRIMEC~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {977E10FC-95FE-4399-A349-C505A1DC502B} - C:\WINDOWS\system32\bogj.dll
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\PRIMEC~1\LOCALS~1\Temp\se.dll,DllInstall
O18 - Filter: text/html - {7D305B7D-30C4-4C85-9BC0-1F29990A9E6F} - C:\WINDOWS\system32\bogj.dll
O18 - Filter: text/plain - {7D305B7D-30C4-4C85-9BC0-1F29990A9E6F} - C:\WINDOWS\system32\bogj.dll |
|
| 05-15-2005 06:24 PM |
|
|
WaqasTariq
Full Member
Posts: 356
Reputation: 3
43 / /
Joined: Jan 2003
|
O.P. RE: RE: IE hijacked... Help !
quote:
Originally posted by Markus
Ok... as you can see the se.dll file is in multiple entries.
Also I can't find any info regarding bogj.dll, but I'm not sure if it's a virus. I recommend you also check the bogj entries. You can always restore a backup or do a system restore.
Select the following entries and choose 'fix checked':
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\PRIMEC~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\PRIMEC~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {977E10FC-95FE-4399-A349-C505A1DC502B} - C:\WINDOWS\system32\bogj.dll
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\PRIMEC~1\LOCALS~1\Temp\se.dll,DllInstall
O18 - Filter: text/html - {7D305B7D-30C4-4C85-9BC0-1F29990A9E6F} - C:\WINDOWS\system32\bogj.dll
O18 - Filter: text/plain - {7D305B7D-30C4-4C85-9BC0-1F29990A9E6F} - C:\WINDOWS\system32\bogj.dll
Thanks Markus, for giving me your time, but till not its not out!
I did just what you told me to ticked them all and pressed fix (IE was closed) restarted the comp and... its STILL my start page 
and those entries are back in Hijackthis  |
|
| 05-15-2005 06:56 PM |
|
|
user13774
Disabled Account
Posts: 1119
Joined: Apr 2003
Status: Away
|
|
RE: IE hijacked... Help !
You could try to manually remove the two dll files in the log.
"C:\DOCUME~1\PRIMEC~1\LOCALS~1\Temp\se.dll"
"C:\WINDOWS\system32\bogj.dll"
You might need to boot in save mode to remove them. Also use the Windows search to search your hdd for more copies of se.dll/bogj.dll
|
|
| 05-16-2005 08:32 AM |
|
|
WaqasTariq
Full Member
Posts: 356
Reputation: 3
43 / /
Joined: Jan 2003
|
O.P. RE: RE: IE hijacked... Help !
quote:
Originally posted by Markus
You could try to manually remove the two dll files in the log.
"C:\DOCUME~1\PRIMEC~1\LOCALS~1\Temp\se.dll"
"C:\WINDOWS\system32\bogj.dll"
You might need to boot in save mode to remove them. Also use the Windows search to search your hdd for more copies of se.dll/bogj.dll
Hi Markus,
I did EXACTLY what you said... and it WORKED   huray!!!
Thanks a lot Markus  |
|
| 05-16-2005 03:10 PM |
|
|
user13774
Disabled Account
Posts: 1119
Joined: Apr 2003
Status: Away
|
RE: IE hijacked... Help !
No problem  .
To make sure you don't get any errors (for missing files) or something like that, run HijackThis and again 'fix' all the entries containing se.dll / bogj.dll.  |
|
| 05-16-2005 04:30 PM |
|
|
WaqasTariq
Full Member
Posts: 356
Reputation: 3
43 / /
Joined: Jan 2003
|
|
O.P. RE: RE: IE hijacked... Help !
|
|
| 05-16-2005 04:35 PM |
|
|
alewington
Junior Member
!._.!
Posts: 57
Reputation: -20
– / / –
Joined: Jan 2005
|
RE: RE: RE: IE hijacked... Help !
quote:
Originally posted by Caboose
quote:
Originally posted by uberdosis
Solution here
Firefox is not a solution to spyware. It's just as vulnerable as other browsers, it just takes time for people to find the exploits.
As for something more relevant... well, I'm not totally sure what to do  . Maybe you could install CodeStuff's Starter and see what programs are running at startup, then disabling the ones you don't know.
Just go to: start > run > msconfig |
|
| 05-18-2005 06:44 AM |
|
|
|
Pages: (4):
« First
«
1
2
3
[ 4 ]
Last »
|
|
|
![[Image: status.png]](http://mkbot.net/aG2YGMnXYIiRL0MIn1YfoBNcHavLt/msn_topbar/status.png)
