The Mother Board

Motherboards.org forums. Free tech support, motherboard ID, and more.
It is currently Sat Oct 20, 2018 12:44 am

All times are UTC - 8 hours




Post new topic Reply to topic  [ 27 posts ]  Go to page 1, 2, 3  Next
Author Message
 Post subject: Am I Being Hijacked?
PostPosted: Sun Jun 12, 2011 12:06 am 
Offline
Black Belt
Black Belt

Joined: Mon Feb 25, 2002 1:01 am
Posts: 918
Location: The Great State of Ohio
For the past few days I have been having problems with I think malware ... I would go to excite.com and firefox would open another tab to a place that keep congratulating me for winning ... I not sure what is causing it. AVG blocks it sometimes, but not all the time, and I have run spybot and ad aware to remove any spyware, but I still get the tab opening with that ad. I get messages from AVG that threats have been blocked.
Also the computer doesn't respond sometime too. I would click open firefox or any other program and nothing would happen ... the computer would just sit there. I would have to reboot to get a response. Sometime things will slow down even the audio would be slow and broken. Anyone have any idea what is going on? Do I need to do one of those hijack things? :twisted:

Thank you for looking at my post.

_________________
Main Rig_Intel i7 4770k@3.50
ECS H87H3-WM Ver1
16Gb DDR3 1600
Evga GTX 1050Ti GPU
WD100000 SATA 7200RPM
Seagate 1TB SATA 7200RPM
Corsair CX750M
Win7 Ultimate x64
Rig2_AMD FX8120
GIGABYTE GA-M68MT-S2 Mobo
4Gb DDR3 1600
ZOTAC GeForce GTX 550TI
Seagate 1TB SATA 7200RPM
WD100000 SATA 7200RPM
Rosewill M650
Win7 64


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Jun 12, 2011 2:11 am 
Offline
Enlightened Master
Enlightened Master

Joined: Fri Jun 14, 2002 1:03 am
Posts: 17142
Location: England
Ok, the first thing to do is to ditch AVG and download Microsoft Security essentials... Its free, but unlike others at the moment will catch nasties and not hog system resources.. Free ones like AVG, Avira, Avast etc are leaking like a sieve at the moment (I wonder why? Commercial enterprise perhaps?).. Update it... Download and run Malwarebytes Anti Malware, update that too... Boot into SAFE MODE and run malware bytes and see what it picks up... (Also clear your Internet cache)...

_________________
I have been programming on computers since the ZX81.
I am an apprentice trained Electronics Engineer with qualifications to back it up.
I have been repairing computers since 1996.
Yet to some people I still know nothing...


Top
 Profile  
Reply with quote  
 Post subject: uh oh oh
PostPosted: Sun Jun 12, 2011 6:26 pm 
Offline
Black Belt
Black Belt

Joined: Mon Feb 25, 2002 1:01 am
Posts: 918
Location: The Great State of Ohio
I downloaded the malware software and ran it in safe mode ... in found infections in the registry keys and in firefox about 15 ... I had it remove the problems and when to reboot back to windows ... it would not boot up ... I would get a quick blue screen flash, then the computer would start rebooting again. I got the screen that stated windows did not start successfully so I told it to load the last know good configuration ... then it was able to start. Don't know if the software worked yet or not ... will update when I know.

_________________
Main Rig_Intel i7 4770k@3.50
ECS H87H3-WM Ver1
16Gb DDR3 1600
Evga GTX 1050Ti GPU
WD100000 SATA 7200RPM
Seagate 1TB SATA 7200RPM
Corsair CX750M
Win7 Ultimate x64
Rig2_AMD FX8120
GIGABYTE GA-M68MT-S2 Mobo
4Gb DDR3 1600
ZOTAC GeForce GTX 550TI
Seagate 1TB SATA 7200RPM
WD100000 SATA 7200RPM
Rosewill M650
Win7 64


Top
 Profile  
Reply with quote  
 Post subject: Windows Not Happy
PostPosted: Mon Jun 13, 2011 11:22 am 
Offline
Black Belt
Black Belt

Joined: Mon Feb 25, 2002 1:01 am
Posts: 918
Location: The Great State of Ohio
Well sir ... I used the malware again and windows was not happy at all when it rebooted ... once again it asked for the most resent config where window would start. Had to do that again. And I'm still getting the tabs opening up with websites I don't want to see trying to sell me something I don't want.

I ran spybot again ... but no dice ... I'll keep trying other things to see if I get better results ... as I typed this post ... comodo reported a trojware.win32 .... I can't see all the details, but I've been getting notices of threats from comodo, AVG, and Adware. I don't like it ... I don't like it at all .... :twisted:

_________________
Main Rig_Intel i7 4770k@3.50
ECS H87H3-WM Ver1
16Gb DDR3 1600
Evga GTX 1050Ti GPU
WD100000 SATA 7200RPM
Seagate 1TB SATA 7200RPM
Corsair CX750M
Win7 Ultimate x64
Rig2_AMD FX8120
GIGABYTE GA-M68MT-S2 Mobo
4Gb DDR3 1600
ZOTAC GeForce GTX 550TI
Seagate 1TB SATA 7200RPM
WD100000 SATA 7200RPM
Rosewill M650
Win7 64


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Jun 13, 2011 12:06 pm 
Offline
Mobo-fu Master
Mobo-fu Master

Joined: Sun May 06, 2001 12:01 am
Posts: 37464
Location: Netherlands
I see a rootkit infection and a reinstall coming...

_________________
We hate rut, but we fear change.
********************************
System error, strike any user to continue...


Top
 Profile  
Reply with quote  
PostPosted: Mon Jun 13, 2011 6:19 pm 
Offline
Black Belt
Black Belt

Joined: Mon Feb 25, 2002 1:01 am
Posts: 918
Location: The Great State of Ohio
What make you think a reinstall will be necessary? Are you saying these trojans can't be removed?

These are the threats AVG finds but tell me when I tell it to remove them ... "Action was unsuccessful ... Object does not exist or is inaccessible"

It says its a trojan horse agent_r.ahr ... I've gotten several messages of threats ... multiple ...

c:\windows\temp\tsky\setup.exe ... the same file but with different folders
c:\windows\temp\uxnf\setup.exe
..........................\nkrh\.............
...........................\astp\............
bhlp, nspc, lovm, bnap, vjic, hubs, fkih, cmmf, fncs, ... and so on ... but all to the temp file.

This is one of the site AVG blocked ...
myonlinearcade.com/survey/1c94/index.php ... firefox open a new tab when I get them ...
So can anyone tell me what is going on? :o

_________________
Main Rig_Intel i7 4770k@3.50
ECS H87H3-WM Ver1
16Gb DDR3 1600
Evga GTX 1050Ti GPU
WD100000 SATA 7200RPM
Seagate 1TB SATA 7200RPM
Corsair CX750M
Win7 Ultimate x64
Rig2_AMD FX8120
GIGABYTE GA-M68MT-S2 Mobo
4Gb DDR3 1600
ZOTAC GeForce GTX 550TI
Seagate 1TB SATA 7200RPM
WD100000 SATA 7200RPM
Rosewill M650
Win7 64


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Jun 13, 2011 9:51 pm 
Offline
Enlightened Master
Enlightened Master

Joined: Fri Jun 14, 2002 1:03 am
Posts: 17142
Location: England
Ok, to save a reinstall create another account and set it to administrator as well as setting a password... Select your account and set it to Standard user... Clear the system of AVG totally, it can give false positives and let stuff through anyway, and install Microsoft Security Essentials - Do this under the admin account... Disable system restore, clear the Internet cache and temporary files - use Disk Cleanup for this (go to My Computer and right click on C drive, properties and Disk Cleanup), tick all the boxes and let it do its thing... Reboot into SAFE MODE and run Malwarebytes again... You don't have to clean the infection her, but note where it is, you can manually remove it usually.. Remove, or Reboot into normal mode and manually remove, then run Microsoft Security Essentials....

_________________
I have been programming on computers since the ZX81.
I am an apprentice trained Electronics Engineer with qualifications to back it up.
I have been repairing computers since 1996.
Yet to some people I still know nothing...


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Jun 14, 2011 8:32 am 
Offline
Mobo-fu Master
Mobo-fu Master

Joined: Sun May 06, 2001 12:01 am
Posts: 37464
Location: Netherlands
http://www.threatexpert.com/report.aspx ... ac01b2df14

http://www.pandasecurity.com/homeusers/ ... rticulares

now this is just the tool to drop more nasties. Yes we can try the safe mode/different user trick, but be aware there may be more surprises in there.

_________________
We hate rut, but we fear change.
********************************
System error, strike any user to continue...


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Jun 14, 2011 9:25 pm 
Offline
Black Belt 4th Degree
Black Belt 4th Degree

Joined: Fri Feb 27, 2004 1:01 am
Posts: 4410
Location: Saint Augustine Florida
You may want to consider downloading and running F Secure Black Light. It has in the past located a few very nasty nasties.

_________________
“Respect cannot be learned, purchased or acquired - it can only be earned” "Pay It Forward"


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Jun 15, 2011 2:35 pm 
Offline
Black Belt
Black Belt

Joined: Mon Feb 25, 2002 1:01 am
Posts: 918
Location: The Great State of Ohio
Mr T wrote:
Ok, to save a reinstall create another account and set it to administrator as well as setting a password... Select your account and set it to Standard user... Clear the system of AVG totally, it can give false positives and let stuff through anyway, and install Microsoft Security Essentials - Do this under the admin account... Disable system restore, clear the Internet cache and temporary files - use Disk Cleanup for this (go to My Computer and right click on C drive, properties and Disk Cleanup), tick all the boxes and let it do its thing... Reboot into SAFE MODE and run Malwarebytes again... You don't have to clean the infection her, but note where it is, you can manually remove it usually.. Remove, or Reboot into normal mode and manually remove, then run Microsoft Security Essentials....

Any idea why Malwarebytes makes windows xp mad when I use it and reboot? Why won't it restart properly after using Malwarebytes?

evasive wrote:
http://www.threatexpert.com/report.aspx?md5=ed1ad8a8ff2357b1665055ac01b2df14

http://www.pandasecurity.com/homeusers/ ... rticulares

now this is just the tool to drop more nasties. Yes we can try the safe mode/different user trick, but be aware there may be more surprises in there.

I have to check out those links and see if I can figure out how to use the tool.

c327 wrote:
You may want to consider downloading and running F Secure Black Light. It has in the past located a few very nasty nasties.

Downloaded the program installed and used it ... and it said it could not find any hidden malware.

Thanks anyway ... :wink:

_________________
Main Rig_Intel i7 4770k@3.50
ECS H87H3-WM Ver1
16Gb DDR3 1600
Evga GTX 1050Ti GPU
WD100000 SATA 7200RPM
Seagate 1TB SATA 7200RPM
Corsair CX750M
Win7 Ultimate x64
Rig2_AMD FX8120
GIGABYTE GA-M68MT-S2 Mobo
4Gb DDR3 1600
ZOTAC GeForce GTX 550TI
Seagate 1TB SATA 7200RPM
WD100000 SATA 7200RPM
Rosewill M650
Win7 64


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 27 posts ]  Go to page 1, 2, 3  Next

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group