| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 47623 | 2004-07-31 23:17:00 | logon hijack and which explorer is valid | jh47pcw2 (5291) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 257036 | 2004-07-31 23:17:00 | I seem to have picked up an internet logon hijack virus. It corrupts my logon name by adding 1.165.616. from character 6 onward. It makes the phone number 002463472611 I have had a simillar problem in the past so I went serching in the registry hkey_local_machine/software/microsoft/windows/ currentversion/run to se if anything looked funny Not being an expert I am not entrirely sure but ther is an entry: explorer C:\WINDOWS\SYSTEM32\explorer.exe -go -c1 -w The valid microsoft version of explorer seems to be in the c:\windows folder. It has a nice icon. And a popup description that seems to make sense. The version in c:\windows\system32 has no icon and seems to have been created yesterday afternoon...... I guess I could delete it or rename it, but before I fiddle I wondered if anyone could add any further light. Regards John Heaton |
jh47pcw2 (5291) | ||
| 257037 | 2004-07-31 23:24:00 | To remove this spyware download SpyBot search and destroy from Here (www.safer-networking.org/) to be sure download Adaware from this site (http:) Another good utility is hijack this from Here (tomcoyote.com) then make sure you update them. Also check these links for extra information on removing and preventing spyware from infecting your computer. Link 1 (www.unwantedlinks.com) 2 (www.mvps.org) 3 (www.doxdesk.com) Hth |
johnboy (217) | ||
| 257038 | 2004-08-01 05:42:00 | Thanks for your thoughts Johnboy I already had Adaware and it didn't find anything (in my experience it never does with things like thie) I loaded Spybot. It found a few things, but nothing significant. I already have HiJack this. Trouble is that it lists lots of stuff and you have to know what you are about in order to be able to use it. And I ain't that savvy. If you know someone who is I can send the log. Regards John |
jh47pcw2 (5291) | ||
| 257039 | 2004-08-01 06:02:00 | Another to try is CWShredder (www.spywareinfo.com) although it does sound like a "dialler" with that 0024 access. If you save the hijack log to a text file, you can cut & post here, or post somewhere like here (forums.net-integration.net). |
Pheonix (280) | ||
| 257040 | 2004-08-01 07:57:00 | This program here is supposed to detect dailers a2 squared free here (www.emsisoft.com) hopefully it will tell you. hth |
johnboy (217) | ||
| 257041 | 2004-08-01 10:32:00 | Hi Folk Having wandered around the net a bit I was directed to TrendMicro and exploited their "house call" process = free scan. It found 5 "viruses", including the dialer.r trojan. I don't seem to have the problem now so I guess that was it. But I won't hold my breath. I downloaded a2 but I can't activate it. Issues about DNS and other related configuration settings that are beyond me. I guess I have a view that the bunnies need to be able to use the product...... That just leaves the issue of "which explorer"? Any thoughts? regards John |
jh47pcw2 (5291) | ||
| 257042 | 2004-08-01 11:04:00 | I have a C:\WINDOWS\explorer.exe in the windows folder this is the tool tip when you hover the cursor over it Description: Windows Explorer Company: Microsoft Corporation File Version: 6.0 2800.1221 Date Created: 5/11/2003 9.12 PM Size: 973 kb then there is a folder called Explorer C:\WINDOWS\explorer.scf . there is no explorer.exe in my C:\WINDOWS\system32 folder if i were you i would rename it and see what happens if your computer does'nt crash or anything delete it if it was created yesterday it is most probably some spyware. hth |
johnboy (217) | ||
| 257043 | 2004-08-02 10:01:00 | Yeah John Boy, I figure it is too. Just wondered if anyone had further info Cheers John |
jh47pcw2 (5291) | ||
| 257044 | 2004-08-02 20:57:00 | Does this a2 squared actually remove detected malware - in my experience most similar proggies only detect - to remove you have to buy the proggie | sarel (2490) | ||
| 257045 | 2004-08-02 21:14:00 | A2 just scans and cleans on the free version. The pay version has automatic updates and constant monitoring to stop malware even getting in. | Pheonix (280) | ||
| 1 | |||||