Announcement

Collapse
No announcement yet.

OT: Trojan/virus blocking search engine access?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    OT: Trojan/virus blocking search engine access?

    This is for all you people who are really good at beating Windows XP into submission. My friend seems to have some kind of virus /Trojan which blocks access to any kind of search engine. He's used Spybot S&D, ad-aware, updated Norton, and reinstalled IE a few times, but it still is broken. :weird: He explains it better than I can here:
    http://forums.railbait.com/showthread.php?threadid=3312

    If anyone can think of any helpful suggestions, it would be much appreciated!

    #2
    it's his own **** fault, if he wouldn't be going to porn sites or accept & open every file he gets in his mailbox, irc, ... he wouldn't have had this problem now

    tell him to reinstall easiest way to get rid of all them dialers, trojans & similar ****

    Comment


      #3
      Originally posted by joyrider
      it's his own **** fault, if he wouldn't be going to porn sites or accept & open every file he gets in his mailbox, irc, ... he wouldn't have had this problem now

      tell him to reinstall easiest way to get rid of all them dialers, trojans & similar ****
      How would you know how he got the problem?
      FYI - I've also had problems with my IE not working properly, or redirecting me a billion times for stupid reason that had nothing to do with porn..
      Only way I was able to fix it, was to go to add/remove, and un-install EVERYTHING that I wasn't sure about. It ended up being some stupid prog that was installed on my comp without my permision from a non-porn related website.

      Comment


        #4
        Originally posted by BasketCase
        How would you know how he got the problem?
        FYI - I've also had problems with my IE not working properly, or redirecting me a billion times for stupid reason that had nothing to do with porn..
        Thank you

        Do you think this type of problem affects anything other than IE?

        Comment


          #5
          Originally posted by BasketCase
          Only way I was able to fix it, was to go to add/remove, and un-install EVERYTHING that I wasn't sure about.



          If you use some common sense it wont happen that programs are installed on your comp that you dont know about....

          Comment


            #6
            I think people should learn not to click on 'Yes' every time the f***ing IE opens an ActiveX installation request dialog.

            Comment


              #7
              The back door program which you where talking about has changed and edited a file called Host or imhost.What that file does ,is that it is able to block certain sites or even search engines from being used.The way yo fix this is below.

              .step one:finding the file.Depending on your operating system your hosts is stored in different folders: /etc/hosts in Linux, c:\windows\hosts in win98, c:\windows\system32\hosts in win XP if you still cant find it do a search on imhost or host

              steptwo:open the file up with word or notepad

              step three:Then locate the sites/search engines that you want unblocked.

              stepfour:highlight and hit the delete button. WARNING only delete the www links and nothing else.

              stepfiveAfter the sites have been removed from the list go to file and click save and then try the sites again.

              Step6:update all programs that are made for stopping back door programs and if not get one such as spyware or somthing simular.

              if your still having problems then you did not delete all the links,just because you deleted the www*yahoo.com (* there so no link is made)link for the list does not mean it would work

              yet.You still have some other yahoo (<- used as the example but can be any site) based sites that are still being blocked.EX. google.com goodle.jp goodle.de. make shure all links with the full or part of that name is removed.The best way
              is to remove all the links

              SORRY AN EASYER WAY TO SHOW IT,SORRY FOR BROKEN ENGLISH.

              Comment


                #8
                OK, I think you guys have it all wrong. Yes, porn sites are the LEADING cause of such hacks, but they are not the only sites that do such a thing. You can have Active X and java completely disabled...and still get hacked. It's not always caused by clicking "yes" on dialog boxes. You can get these things simply by loading up a web page. You wont even realize that you have it untill you open up another IE window....and possibly not even untill reboot.

                This has recently hapened to me ... 3 times. Spybot and adaware see the problem...but they dont fix what is really causing it. This is where some savy reg editing comes in handy.

                If your friend is up for some registry editing....he can easily cure this issue. But before you get your hopes up, I really need to know something. Something that a program called "hyjack this" can tell you.

                http://www.spywareinfo.com/~merijn/files/hijackthis.zip

                The program is just as safe as adaware and spybot.
                Once you have extracted it, run it.
                Scan
                and then press the same button that now says "save log"
                After you are done, please post the log in these forums. It shouldnt be too long.
                I should be able to tell you what the problem is by the end of today.
                Please realize that hijackthis is just like the other programs and wont fix everything perfectly. You're better off NOT trying to fix anything with it untill you know what you should fix.

                It is very important that your friend does not freak out and start deleting things, as you could do more harm that good in this case.

                Comment


                  #9
                  Originally posted by zacharypike
                  A back door program which edited my host folder.Whats the host folder used for its used so that a person can block a site or search enegines from being used.The way to fix it is to open the file which you can only be opened with word or notepad and it hads a list of search engines/sites which it was blocking and by deleting the search engine/sites it will then allow you to view them again. what you do is delete all the web site which you no longer want block and then save them and it will be fix. heres how to fix it ,Denepending on your operating system your hosts is stored in different folders: /etc/hosts in Linux, c:\windows\hosts in win98, c:\windows\system32\hosts in winXP. if you are unsure where to find it, use your system search to locate old hosts file,open the file up with word or notepad and then fid the sites which is bing block in the list and then delete what you what to and then click save. But you have to delete all the other sites with the same name/extencetion or it wont work. example. google.com,google.net .de and so on.i just delete the whole lists.WARNING: only delete the www listing nothing else if not carfull you can delete somthing that is need.
                  when you do your search the file is called host or imhosts.
                  ^--- the wise

                  Comment


                    #10
                    Originally posted by 010110100110100
                    ^--- the wise
                    I am very sure he has no idea what was just said there.
                    He has more of a chance of purging this problem if he follows my instructions than he has of trying to figure out what was posted there.

                    More than likely the culprits are:
                    C:\WINDOWS\iedll.exe
                    C:\WINDOWS\LOADER.EXE

                    But just deleting thos files are not going to save you from the BSOD when you reboot. Oh no....your still going to find that you should have edited your registry so there are no mentionings of anything associated with.

                    This is just an example, but there are many others like it.
                    http://www.spywareinfo.com/~merijn/files/cwshredder.zip
                    is a good program that will purge this on its own...so you dont have to reg edit.

                    * Redirections to CoolWebSearch related pages
                    * Redirections when mistyping URLs
                    * Redirections when visiting Google
                    * Enormous IE slowdowns when typing
                    * IE start page/search page changing on reboot
                    * Sites in the IE Trusted Zone you didn't add
                    * Popups in Google and Yahoo when searching

                    Comment


                      #11
                      o i do know what i am taling about i fixed three fireds computer this way and then we installed a simular program to what you offered to make shure it did not happen again. If your not meaning me then never mind this message.

                      Comment


                        #12
                        Originally posted by zacharypike
                        o i do know what i am taling about i fixed three fireds computer this way and then we installed a simular program to what you offered to make shure it did not happen again. If your not meaning me then never mind this message.
                        I am not dissmissing your post....It's just very hard to read, and it wasnt layed out in an easy to read manor.

                        Comment


                          #13
                          Originally posted by -=007MIKE=-

                          The program is just as safe as adaware and spybot.
                          Once you have extracted it, run it.
                          Scan
                          and then press the same button that now says "save log"
                          After you are done, please post the log in these forums. It shouldnt be too long.
                          I should be able to tell you what the problem is by the end of today.
                          Thanks for trying to help, I'm not a computer novice by any means and I'm pretty experienced with stuff like this... however this one has got me stumped. Here's the log as requested:

                          Logfile of HijackThis v1.97.2
                          Scan saved at 2:00:11 PM, on 10/6/2003
                          Platform: Windows XP (WinNT 5.01.2600)
                          MSIE: Internet Explorer v6.00 (6.00.2600.0000)

                          Running processes:
                          C:\WINDOWS\System32\smss.exe
                          C:\WINDOWS\system32\winlogon.exe
                          C:\WINDOWS\system32\services.exe
                          C:\WINDOWS\system32\lsass.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
                          C:\WINDOWS\Explorer.EXE
                          C:\WINDOWS\system32\spoolsv.exe
                          C:\Program Files\NavNT\vptray.exe
                          C:\Program Files\Microsoft Hardware\Mouse\point32.exe
                          C:\Program Files\Logitech\iTouch\iTouch.exe
                          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                          C:\WINDOWS\System32\CTHELPER.EXE
                          C:\Program Files\CursorXP\CursorXP.exe
                          C:\WINDOWS\System32\RUNDLL32.EXE
                          C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
                          C:\Program Files\Internet Explorer\IEXPLORE.EXE
                          C:\Program Files\NavNT\defwatch.exe
                          C:\WINDOWS\System32\inetsrv\inetinfo.exe
                          C:\Program Files\NavNT\rtvscan.exe
                          C:\WINDOWS\System32\nvsvc32.exe
                          C:\WINDOWS\System32\tcpsvcs.exe
                          C:\WINDOWS\System32\snmp.exe
                          C:\WINDOWS\System32\MsgSys.EXE
                          C:\Eudora\Eudora.exe
                          C:\PROGRA~1\WINZIP\winzip32.exe
                          C:\Documents and Settings\Dave\Desktop\HijackThis.exe

                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
                          O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
                          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
                          O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
                          O4 - HKLM\..\Run: [rundil32] C:\windows\rundil32.exe
                          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                          O4 - HKLM\..\Run: [POINTER] point32.exe
                          O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
                          O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 4.exe
                          O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
                          O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
                          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                          O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
                          O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
                          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                          O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
                          O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
                          O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
                          O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
                          O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
                          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
                          O9 - Extra button: Messenger (HKLM)
                          O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
                          O9 - Extra button: ICQ Pro (HKLM)
                          O9 - Extra 'Tools' menuitem: ICQ (HKLM)
                          O9 - Extra button: Messenger (HKLM)
                          O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
                          O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                          O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
                          O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
                          O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
                          O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
                          O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...886.5789236111
                          O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab


                          Oh, and for future reference, I have no idea how this happened. It almost certainly activated after a reboot, because my box was working fine the night before and only developed problems immediately after I turned it on the next morning. Since I doubt BBC News gave me the problem, it must have been something from the previous day. I'm an adult, and I would sure as hell admit it if I had gotten this from some porn or warez site, but I didn't. Frankly, I can't think of anything out of the ordinary that I browsed to that day, but I'm sure I must have or I wouldnt be having this problem. Oh, and I NEVER click yes for anything. I've been computer savvy since Dos 3.0, I know better than that.

                          Comment


                            #14
                            Sounds a little like the QHOSTS trojan. I got it a few days ago myself (despite already having the IE patch that's suppose to "fix" the vulnerability, **** M$, I really should switch browsers). More info here: http://www.trendmicro.com/vinfo/viru...=TROJ_QHOSTS.A

                            Comment


                              #15
                              Originally posted by Mr Evil
                              Sounds a little like the QHOSTS trojan. I got it a few days ago myself (despite already having the IE patch that's suppose to "fix" the vulnerability, **** M$, I really should switch browsers). More info here: http://www.trendmicro.com/vinfo/viru...=TROJ_QHOSTS.A
                              I've read up on that and I even downloaded a symantec fix for it just in case, but it didn't find QHOSTS on my box.

                              When I did a virus scan right after this problem occurred, I did find a trojan, but it was not QHosts. It was called Trojan.ByteVerify and it was successfully removed. However, the problems did not resolve themselves. I do not know whether this virus caused the problem or not.

                              Comment

                              Working...
                              X