NEED HELP -> Internet explorer Hijack -> google
Hi, any that can help me?
When internet explorer run site google.com its was unable to browse another site (like something hide activated).
Example:
- I search "cnet"
- Click in search result "cnet.com"
- And my browser do:
A) Page reload with site "www.google.com"
or
B) Google
Not Found
The requested URL /"what ever page" was not found on this server.
Until i close all windows of internet explorer and wait a little while, if not,
whatever page i browse send to me "google.com".
If never open site google.com, i can browse normally.
My machine data
- Internet explorer 6.0.2800.1106, 128-bit, SP1, Q837009, Q832894
- Windows-98-4.10.2222.A
The fix-tools i run
- Windows 98 (updated)
- Antivirus Panda 2004 (updated) .. nothing detect
- Pestpatrol 2.4.7 (updated) .. nothing detect
- Ad-aware 6.0 pro (updated) .. nothing detect
- Spysweeper 2.6 (updated) .. nothing detect
- Reinstall internet explorer sp1 .. nothing fixed
- HijackThis v1.97.7 .. no idea .. anex log
- CWShredder v1.53.2 .. nothing detect, anex log
- CWShredder v1.59.0 .. nothing detect, anex log
- BHOdaemon 2.0 .. detect 1 from acrobat reader
- Reinstall Windows 98 (not clean install) .. nothing fixed
- Install Mozilla explorer .. the same browse problems
The reports:
Logfile of HijackThis v1.97.7
Scan saved at 12:47:55 p.m., on 28/06/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\APVXDWIN.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\WEBPROXY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\SOFTWARE\SOS\ANTISPY\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.0.102:21;gopher=192.168.0.102:6588;http=192.168.0.102:6588;https=192.168.0.102:6588
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://cnet.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [PavProc] C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\PavPrS9x.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C...4567939815
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc...tor/sw.cab
CWShredder v1.53.2 scan only reportPlease understand that a CWShredder 'Scan only' report
might not be sufficient to troubleshoot an infected system.
You can use HijackThis for that:
http://www.merijn.org/files/hijackthis.zip
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Windows 98 (4.10.2222 A)
Windows dir: C:\WINDOWS
Windows system dir: C:\WINDOWS\system
AppData folder: C:\WINDOWS\Application Data
Username: cesar
Hosts file not present
Found CWS.Control (if filesize is over 50k) file: C:\WINDOWS\control.exe (2159 bytes, A)
Registry value: DefaultPrefix (should be http://) [] http://
Registry value: WWW Prefix (should be http://) [www] http://
Registry value: Mosaic Prefix (should be http://) [mosaic] http://
Registry value: Home Prefix (should be http://) [home] http://
Found Win.ini file: C:\WINDOWS\win.ini (8501 bytes, A)
Found line in Win.ini: load=
Found line in Win.ini: run=
Found System.ini file: C:\WINDOWS\system.ini (2053 bytes, A)
Found line in System.ini: shell=Explorer.exe
- END OF REPORT -
CWShredder v1.59.0 scan only reportPlease understand that a CWShredder 'Scan only' report
might not be sufficient to troubleshoot an infected system.
You can use HijackThis for that:
http://www.merijn.org/files/hijackthis.zip
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Windows 98 (4.10.2222 A)
Windows dir: C:\WINDOWS
Windows system dir: C:\WINDOWS\system
AppData folder: C:\WINDOWS\Application Data
Username: cesar
Hosts file not present
Found Win.ini file: C:\WINDOWS\win.ini (8501 bytes, A)
Found line in Win.ini: load=
Found line in Win.ini: run=
Found System.ini file: C:\WINDOWS\system.ini (2053 bytes, A)
Found line in System.ini: shell=Explorer.exe
- END OF REPORT -
Any posible help, suggestion be great !
.. Sorry for my english
When internet explorer run site google.com its was unable to browse another site (like something hide activated).
Example:
- I search "cnet"
- Click in search result "cnet.com"
- And my browser do:
A) Page reload with site "www.google.com"
or
B) Google
Not Found
The requested URL /"what ever page" was not found on this server.
Until i close all windows of internet explorer and wait a little while, if not,
whatever page i browse send to me "google.com".
If never open site google.com, i can browse normally.
My machine data
- Internet explorer 6.0.2800.1106, 128-bit, SP1, Q837009, Q832894
- Windows-98-4.10.2222.A
The fix-tools i run
- Windows 98 (updated)
- Antivirus Panda 2004 (updated) .. nothing detect
- Pestpatrol 2.4.7 (updated) .. nothing detect
- Ad-aware 6.0 pro (updated) .. nothing detect
- Spysweeper 2.6 (updated) .. nothing detect
- Reinstall internet explorer sp1 .. nothing fixed
- HijackThis v1.97.7 .. no idea .. anex log
- CWShredder v1.53.2 .. nothing detect, anex log
- CWShredder v1.59.0 .. nothing detect, anex log
- BHOdaemon 2.0 .. detect 1 from acrobat reader
- Reinstall Windows 98 (not clean install) .. nothing fixed
- Install Mozilla explorer .. the same browse problems
The reports:
Logfile of HijackThis v1.97.7
Scan saved at 12:47:55 p.m., on 28/06/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\APVXDWIN.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\WEBPROXY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\SOFTWARE\SOS\ANTISPY\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.0.102:21;gopher=192.168.0.102:6588;http=192.168.0.102:6588;https=192.168.0.102:6588
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://cnet.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [PavProc] C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\PavPrS9x.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C...4567939815
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc...tor/sw.cab
CWShredder v1.53.2 scan only reportPlease understand that a CWShredder 'Scan only' report
might not be sufficient to troubleshoot an infected system.
You can use HijackThis for that:
http://www.merijn.org/files/hijackthis.zip
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Windows 98 (4.10.2222 A)
Windows dir: C:\WINDOWS
Windows system dir: C:\WINDOWS\system
AppData folder: C:\WINDOWS\Application Data
Username: cesar
Hosts file not present
Found CWS.Control (if filesize is over 50k) file: C:\WINDOWS\control.exe (2159 bytes, A)
Registry value: DefaultPrefix (should be http://) [] http://
Registry value: WWW Prefix (should be http://) [www] http://
Registry value: Mosaic Prefix (should be http://) [mosaic] http://
Registry value: Home Prefix (should be http://) [home] http://
Found Win.ini file: C:\WINDOWS\win.ini (8501 bytes, A)
Found line in Win.ini: load=
Found line in Win.ini: run=
Found System.ini file: C:\WINDOWS\system.ini (2053 bytes, A)
Found line in System.ini: shell=Explorer.exe
- END OF REPORT -
CWShredder v1.59.0 scan only reportPlease understand that a CWShredder 'Scan only' report
might not be sufficient to troubleshoot an infected system.
You can use HijackThis for that:
http://www.merijn.org/files/hijackthis.zip
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Windows 98 (4.10.2222 A)
Windows dir: C:\WINDOWS
Windows system dir: C:\WINDOWS\system
AppData folder: C:\WINDOWS\Application Data
Username: cesar
Hosts file not present
Found Win.ini file: C:\WINDOWS\win.ini (8501 bytes, A)
Found line in Win.ini: load=
Found line in Win.ini: run=
Found System.ini file: C:\WINDOWS\system.ini (2053 bytes, A)
Found line in System.ini: shell=Explorer.exe
- END OF REPORT -
Any posible help, suggestion be great !
.. Sorry for my english
0
This discussion has been closed.
Comments
Do you have the latest updates for windows98 installed. You should be able to get them at www.windowsupdate.com .
Also, how are you connecting to the internet? Through another pc/router, or directly through a modem/broadband?
- Windows 98 updated
- Conection throw another PC (proxy analogx)
... is the only machine from the network afected with that thing.
Configuration proxy internet explorer is equal to another machine.
The problem is no the internet conection.
With the machine infected
I can browse normally until navigate the site google, with that cycled this site or not found the page refer to x search in google.
Now, im installing spybot and runing some antivirus online ...
Your problem probably is here:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = ftp=192.168.0.102:21;gopher=192.168.0.102:6588;http=192.168.0.102:6588;https=192.168.0.102:6588
All of your http traffic is routed through a proxy server, using port 6588.
Something is wrong on that proxy server. It is not releasing Google as your active page. Who runs the proxy server? Is this an office computer? Or is that a setup of your ISP? In either case, talk to the tech person responsible to find out why your proxy does this.
Dexter...
Machine problems:
- Cant use google to search because this page cycled.
- After all the moves, unable to enter in Microsoft windows update page.
"Check you clock ... bla bla" ... crapy ActiveX.
Machine with problem:
- Antivirus (scan normal & safe mode) - Nothing detect
- Adaware remover (scan normal & safe mode) - Nothing detect
- Check host file - Nothing detect
- Reinstall windows (not clean install, windows updated)
- Reinstall Internet explorer (not clean install, updated)
- Install alternative internet explorer - Mozilla - Same problem
- Change IP (To see if proxy is guilty)
Machine with proxy
- Antivirus (scan normal & safe mode) - Nothing detect
- Adaware remover (scan normal & safe mode) - Nothing detect
- Check host file - Nothing detect
- Reinstall proxy (Clean install)
- The proxy is direct (no cache, no proxy trough proxy, no user restriction ...)
is a simple direct-proxy.
HOW TO RESOLV MICROSOFT WINDOWS PROBLEMS -> WINDOWS CLEAN INSTALL.
Thanks any one for your time ...
see ya.