| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 60031 | 2005-07-20 10:14:00 | redirecting to porn site | bartsdadhomer (80) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 373873 | 2005-07-23 09:57:00 | ill join the list, did you get the beastie | beama (111) | ||
| 373874 | 2005-07-23 10:21:00 | Baaaahhhh! Me join too. I'm as curious as a curious thing on this one :D |
personthingy (1670) | ||
| 373875 | 2005-07-23 11:33:00 | Sounds nasty. As I tend to have a ghost image of a recent XP install with Apps such as Office included, I would reach for that if I had wasted too much time already. But failing that: 1) Run sfc /scannow from the command prompt to repair system files (might have to reinstall service packs/updates). 2) Try and isolate IE as the problem by a clean install of Firefox 3) Reinstall TCP/IP stack (MS has articles on this) 4) There is a raft of programs at sysinternals.com that can point to what executable is trying to connect to wierd websites. However, the bottom line is that if it is this tricky then you would never be ab;e to trust the installl again. Backup, wipe and reinstall. |
gibler (49) | ||
| 373876 | 2005-07-23 12:06:00 | yes, to Gibler you listen too hmm? :) | bob_doe_nz (92) | ||
| 373877 | 2005-07-23 22:55:00 | What are the DNS servers? Are they local? Are the DNS servers configured correctly? Try changing them, if not using them already some Xtra ones are: 202.27.184.3 202.27.184.5 |
Growly (6) | ||
| 373878 | 2005-07-25 09:41:00 | So come on bartsdadhomer, either put us out of our misery or let us know that there is a new element of misery in IT that none of us have as yet encountered . This is one dirty dog . I for one do not have the skill of most posters here and would appreciate any dirt on this dog, lest I should be subject to his/her doings myself . . . . . . m :help: |
mark c (247) | ||
| 373879 | 2005-07-25 11:06:00 | Sorry for taking so long to get back, been away for a couple of days It was pretty simple in the end It was obvious this had to be a global event and not user specific as I had created a new user and the problem persisted in the new account as well (unlike some problems which can be cleaned out in one account but remain on others) so it had to be something residing in both the Windows folder and the registry. So away I went once again manually searching the Windows folders Started in 'System32' as it was the most obvious folder for anything of this nature to hide. I came across several files I didn't recognise as Windows files which wouldn't delete even in safe mode I thought I would try some other tools before I gave up and the first one I tried was the 'ewido security suite' and it solved the problem immediately Here is the scan log: HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo HKU\S-1-5-21-1757981266-2052111302-839522115-1004\Software\GMSoft -> Dialer.Generic C:\WINDOWS\system32\f3PSSavr.scr -> Spyware.MyWebSearch C:\WINDOWS\system32\hhk.dll -> Trojan.Puper.t C:\WINDOWS\system32\intmon.exe -> Trojan.Puper.aa C:\WINDOWS\system32\ole32vbs.exe -> Trojan.Favadd.af C:\WINDOWS\system32\__delete_on_reboot__OLEADM.dll -> Trojan.Agent.ff A couple of real nasties in there I'm a bit p****d that some of the other proggys including 2 other trojan scanners didn't pick these up Needless to say the ewido suite is now a part of my day to day arsenal Tha customers PC has been running faultlessly ever since Thanks for all your help/suggestions bdh |
bartsdadhomer (80) | ||
| 373880 | 2005-07-25 11:29:00 | OK Ok Ok Welcome that. Shalll digest it at my will...........m | mark c (247) | ||
| 373881 | 2005-07-25 12:56:00 | Out of curiosity, what were the other scanners you used , that didn't pick them up? | pheonix (36) | ||
| 373882 | 2005-07-25 13:15:00 | Out of curiosity, what were the other scanners you used , that didn't pick them up? And, are you going to email said programmes developers? |
Murray P (44) | ||
| 1 2 3 4 5 | |||||