What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Skype & Technology » Tech Talk » IE hijacked... Help !

Pages: (4): « First « 1 2 3 [ 4 ] Last »
IE hijacked... Help !
Author: Message:
user13774
Disabled Account


Posts: 1119
Joined: Apr 2003
Status: Away
RE: IE hijacked... Help !
quote:
Originally posted by Markus
please do a scan with HijackThis and attach the log file here. I'll tell you which entries to select and remove/reset 
05-15-2005 12:34 PM
Profile PM Find Quote Report
WaqasTariq
Full Member
***

Avatar

Posts: 356
Reputation: 3
42 / Male / Flag
Joined: Jan 2003
O.P. RE: RE: IE hijacked... Help !
quote:
Originally posted by Markus
quote:
Originally posted by Markus
please do a scan with HijackThis and attach the log file here. I'll tell you which entries to select and remove/reset 

Hi,

Here is the log file...



Logfile of HijackThis v1.99.1
Scan saved at 10:40:11 PM, on 5/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\prime Computer\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\PRIMEC~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\PRIMEC~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {977E10FC-95FE-4399-A349-C505A1DC502B} - C:\WINDOWS\system32\bogj.dll
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\PRIMEC~1\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DC5AE20-371B-4701-AEF4-F5B218B30D38}: NameServer = 202.163.96.3 202.163.96.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DC5AE20-371B-4701-AEF4-F5B218B30D38}: NameServer = 202.163.96.3 202.163.96.4
O18 - Filter: text/html - {7D305B7D-30C4-4C85-9BC0-1F29990A9E6F} - C:\WINDOWS\system32\bogj.dll
O18 - Filter: text/plain - {7D305B7D-30C4-4C85-9BC0-1F29990A9E6F} - C:\WINDOWS\system32\bogj.dll
05-15-2005 05:41 PM
Profile E-Mail PM Find Quote Report
user13774
Disabled Account


Posts: 1119
Joined: Apr 2003
Status: Away
RE: IE hijacked... Help !
Ok... as you can see the se.dll file is in multiple entries.

Also I can't find any info regarding bogj.dll, but I'm not sure if it's a virus. I recommend you also check the bogj entries. You can always restore a backup or do a system restore.

Select the following entries and choose 'fix checked':

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\PRIMEC~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\PRIMEC~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {977E10FC-95FE-4399-A349-C505A1DC502B} - C:\WINDOWS\system32\bogj.dll
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\PRIMEC~1\LOCALS~1\Temp\se.dll,DllInstall
O18 - Filter: text/html - {7D305B7D-30C4-4C85-9BC0-1F29990A9E6F} - C:\WINDOWS\system32\bogj.dll
O18 - Filter: text/plain - {7D305B7D-30C4-4C85-9BC0-1F29990A9E6F} - C:\WINDOWS\system32\bogj.dll
05-15-2005 06:24 PM
Profile PM Find Quote Report
WaqasTariq
Full Member
***

Avatar

Posts: 356
Reputation: 3
42 / Male / Flag
Joined: Jan 2003
O.P. RE: RE: IE hijacked... Help !
quote:
Originally posted by Markus
Ok... as you can see the se.dll file is in multiple entries.

Also I can't find any info regarding bogj.dll, but I'm not sure if it's a virus. I recommend you also check the bogj entries. You can always restore a backup or do a system restore.

Select the following entries and choose 'fix checked':

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\PRIMEC~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\PRIMEC~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {977E10FC-95FE-4399-A349-C505A1DC502B} - C:\WINDOWS\system32\bogj.dll
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\PRIMEC~1\LOCALS~1\Temp\se.dll,DllInstall
O18 - Filter: text/html - {7D305B7D-30C4-4C85-9BC0-1F29990A9E6F} - C:\WINDOWS\system32\bogj.dll
O18 - Filter: text/plain - {7D305B7D-30C4-4C85-9BC0-1F29990A9E6F} - C:\WINDOWS\system32\bogj.dll


Thanks Markus, for giving me your time, but till not its not out!
I did just what you told me to ticked them all and pressed fix (IE was closed) restarted the comp and... its STILL my start page :(
and those entries are back in Hijackthis :s
05-15-2005 06:56 PM
Profile E-Mail PM Find Quote Report
user13774
Disabled Account


Posts: 1119
Joined: Apr 2003
Status: Away
RE: IE hijacked... Help !
You could try to manually remove the two dll files in the log.
"C:\DOCUME~1\PRIMEC~1\LOCALS~1\Temp\se.dll"
"C:\WINDOWS\system32\bogj.dll"

You might need to boot in save mode to remove them. Also use the Windows search to search your hdd for more copies of se.dll/bogj.dll
05-16-2005 08:32 AM
Profile PM Find Quote Report
WaqasTariq
Full Member
***

Avatar

Posts: 356
Reputation: 3
42 / Male / Flag
Joined: Jan 2003
O.P. RE: RE: IE hijacked... Help !
quote:
Originally posted by Markus
You could try to manually remove the two dll files in the log.
"C:\DOCUME~1\PRIMEC~1\LOCALS~1\Temp\se.dll"
"C:\WINDOWS\system32\bogj.dll"

You might need to boot in save mode to remove them. Also use the Windows search to search your hdd for more copies of se.dll/bogj.dll


Hi Markus,
I did EXACTLY what you said... and it WORKED :):D huray!!!

Thanks a lot Markus (Y)
05-16-2005 03:10 PM
Profile E-Mail PM Find Quote Report
user13774
Disabled Account


Posts: 1119
Joined: Apr 2003
Status: Away
RE: IE hijacked... Help !
No problem :P.

To make sure you don't get any errors (for missing files) or something like that, run HijackThis and again 'fix' all the entries containing se.dll / bogj.dll. :happy:(y)
05-16-2005 04:30 PM
Profile PM Find Quote Report
WaqasTariq
Full Member
***

Avatar

Posts: 356
Reputation: 3
42 / Male / Flag
Joined: Jan 2003
O.P. RE: RE: IE hijacked... Help !
quote:
Originally posted by Markus
No problem :P.

To make sure you don't get any errors (for missing files) or something like that, run HijackThis and again 'fix' all the entries containing se.dll / bogj.dll. :happy:(y)

Just did that to... Thanks and take care (Y)
05-16-2005 04:35 PM
Profile E-Mail PM Find Quote Report
alewington
Junior Member
**

Avatar
!._.!

Posts: 57
Reputation: -20
– / Male / –
Joined: Jan 2005
RE: RE: RE: IE hijacked... Help !
quote:
Originally posted by Caboose
quote:
Originally posted by uberdosis
Solution here
Firefox is not a solution to spyware. It's just as vulnerable as other browsers, it just takes time for people to find the exploits.

As for something more relevant... well, I'm not totally sure what to do :undecided:. Maybe you could install CodeStuff's Starter and see what programs are running at startup, then disabling the ones you don't know.


Just go to: start > run > msconfig
05-18-2005 06:44 AM
Profile E-Mail PM Web Find Quote Report
Pages: (4): « First « 1 2 3 [ 4 ] Last »
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On