Am I Being Hijacked?

Help and Discussion

Moderator: The Mod Squad

Am I Being Hijacked?

Postby OneSpirit » Sun Jun 12, 2011 12:06 am

For the past few days I have been having problems with I think malware ... I would go to excite.com and firefox would open another tab to a place that keep congratulating me for winning ... I not sure what is causing it. AVG blocks it sometimes, but not all the time, and I have run spybot and ad aware to remove any spyware, but I still get the tab opening with that ad. I get messages from AVG that threats have been blocked.
Also the computer doesn't respond sometime too. I would click open firefox or any other program and nothing would happen ... the computer would just sit there. I would have to reboot to get a response. Sometime things will slow down even the audio would be slow and broken. Anyone have any idea what is going on? Do I need to do one of those hijack things? :twisted:

Thank you for looking at my post.
Main Rig_Intel i7 4770k@3.50
ECS H87H3-WM Ver1
16Gb DDR3 1600
Evga GTX 1050Ti GPU
WD100000 SATA 7200RPM
Seagate 1TB SATA 7200RPM
Corsair CX750M
Win7 Ultimate x64
Rig2_AMD FX8120
GIGABYTE GA-M68MT-S2 Mobo
4Gb DDR3 1600
ZOTAC GeForce GTX 550TI
Seagate 1TB SATA 7200RPM
WD100000 SATA 7200RPM
Rosewill M650
Win7 64
OneSpirit
Black Belt
Black Belt
 
Posts: 912
Joined: Mon Feb 25, 2002 1:01 am
Location: The Great State of Ohio

Postby Mr T » Sun Jun 12, 2011 2:11 am

Ok, the first thing to do is to ditch AVG and download Microsoft Security essentials... Its free, but unlike others at the moment will catch nasties and not hog system resources.. Free ones like AVG, Avira, Avast etc are leaking like a sieve at the moment (I wonder why? Commercial enterprise perhaps?).. Update it... Download and run Malwarebytes Anti Malware, update that too... Boot into SAFE MODE and run malware bytes and see what it picks up... (Also clear your Internet cache)...
I have been programming on computers since the ZX81.
I am an apprentice trained Electronics Engineer with qualifications to back it up.
I have been repairing computers since 1996.
Yet to some people I still know nothing...
Mr T
Enlightened Master
Enlightened Master
 
Posts: 17087
Joined: Fri Jun 14, 2002 1:03 am
Location: England

uh oh oh

Postby OneSpirit » Sun Jun 12, 2011 6:26 pm

I downloaded the malware software and ran it in safe mode ... in found infections in the registry keys and in firefox about 15 ... I had it remove the problems and when to reboot back to windows ... it would not boot up ... I would get a quick blue screen flash, then the computer would start rebooting again. I got the screen that stated windows did not start successfully so I told it to load the last know good configuration ... then it was able to start. Don't know if the software worked yet or not ... will update when I know.
Main Rig_Intel i7 4770k@3.50
ECS H87H3-WM Ver1
16Gb DDR3 1600
Evga GTX 1050Ti GPU
WD100000 SATA 7200RPM
Seagate 1TB SATA 7200RPM
Corsair CX750M
Win7 Ultimate x64
Rig2_AMD FX8120
GIGABYTE GA-M68MT-S2 Mobo
4Gb DDR3 1600
ZOTAC GeForce GTX 550TI
Seagate 1TB SATA 7200RPM
WD100000 SATA 7200RPM
Rosewill M650
Win7 64
OneSpirit
Black Belt
Black Belt
 
Posts: 912
Joined: Mon Feb 25, 2002 1:01 am
Location: The Great State of Ohio

Windows Not Happy

Postby OneSpirit » Mon Jun 13, 2011 11:22 am

Well sir ... I used the malware again and windows was not happy at all when it rebooted ... once again it asked for the most resent config where window would start. Had to do that again. And I'm still getting the tabs opening up with websites I don't want to see trying to sell me something I don't want.

I ran spybot again ... but no dice ... I'll keep trying other things to see if I get better results ... as I typed this post ... comodo reported a trojware.win32 .... I can't see all the details, but I've been getting notices of threats from comodo, AVG, and Adware. I don't like it ... I don't like it at all .... :twisted:
Main Rig_Intel i7 4770k@3.50
ECS H87H3-WM Ver1
16Gb DDR3 1600
Evga GTX 1050Ti GPU
WD100000 SATA 7200RPM
Seagate 1TB SATA 7200RPM
Corsair CX750M
Win7 Ultimate x64
Rig2_AMD FX8120
GIGABYTE GA-M68MT-S2 Mobo
4Gb DDR3 1600
ZOTAC GeForce GTX 550TI
Seagate 1TB SATA 7200RPM
WD100000 SATA 7200RPM
Rosewill M650
Win7 64
OneSpirit
Black Belt
Black Belt
 
Posts: 912
Joined: Mon Feb 25, 2002 1:01 am
Location: The Great State of Ohio

Postby evasive » Mon Jun 13, 2011 12:06 pm

I see a rootkit infection and a reinstall coming...
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
evasive
Mobo-fu Master
Mobo-fu Master
 
Posts: 37389
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands

Root kit infection? Please explain ...

Postby OneSpirit » Mon Jun 13, 2011 6:19 pm

What make you think a reinstall will be necessary? Are you saying these trojans can't be removed?

These are the threats AVG finds but tell me when I tell it to remove them ... "Action was unsuccessful ... Object does not exist or is inaccessible"

It says its a trojan horse agent_r.ahr ... I've gotten several messages of threats ... multiple ...

c:\windows\temp\tsky\setup.exe ... the same file but with different folders
c:\windows\temp\uxnf\setup.exe
..........................\nkrh\.............
...........................\astp\............
bhlp, nspc, lovm, bnap, vjic, hubs, fkih, cmmf, fncs, ... and so on ... but all to the temp file.

This is one of the site AVG blocked ...
myonlinearcade.com/survey/1c94/index.php ... firefox open a new tab when I get them ...
So can anyone tell me what is going on? :o
Main Rig_Intel i7 4770k@3.50
ECS H87H3-WM Ver1
16Gb DDR3 1600
Evga GTX 1050Ti GPU
WD100000 SATA 7200RPM
Seagate 1TB SATA 7200RPM
Corsair CX750M
Win7 Ultimate x64
Rig2_AMD FX8120
GIGABYTE GA-M68MT-S2 Mobo
4Gb DDR3 1600
ZOTAC GeForce GTX 550TI
Seagate 1TB SATA 7200RPM
WD100000 SATA 7200RPM
Rosewill M650
Win7 64
OneSpirit
Black Belt
Black Belt
 
Posts: 912
Joined: Mon Feb 25, 2002 1:01 am
Location: The Great State of Ohio

Postby Mr T » Mon Jun 13, 2011 9:51 pm

Ok, to save a reinstall create another account and set it to administrator as well as setting a password... Select your account and set it to Standard user... Clear the system of AVG totally, it can give false positives and let stuff through anyway, and install Microsoft Security Essentials - Do this under the admin account... Disable system restore, clear the Internet cache and temporary files - use Disk Cleanup for this (go to My Computer and right click on C drive, properties and Disk Cleanup), tick all the boxes and let it do its thing... Reboot into SAFE MODE and run Malwarebytes again... You don't have to clean the infection her, but note where it is, you can manually remove it usually.. Remove, or Reboot into normal mode and manually remove, then run Microsoft Security Essentials....
I have been programming on computers since the ZX81.
I am an apprentice trained Electronics Engineer with qualifications to back it up.
I have been repairing computers since 1996.
Yet to some people I still know nothing...
Mr T
Enlightened Master
Enlightened Master
 
Posts: 17087
Joined: Fri Jun 14, 2002 1:03 am
Location: England

Postby evasive » Tue Jun 14, 2011 8:32 am

http://www.threatexpert.com/report.aspx ... ac01b2df14

http://www.pandasecurity.com/homeusers/ ... rticulares

now this is just the tool to drop more nasties. Yes we can try the safe mode/different user trick, but be aware there may be more surprises in there.
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
evasive
Mobo-fu Master
Mobo-fu Master
 
Posts: 37389
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands

Postby c327 » Tue Jun 14, 2011 9:25 pm

You may want to consider downloading and running F Secure Black Light. It has in the past located a few very nasty nasties.
“Respect cannot be learned, purchased or acquired - it can only be earned” "Pay It Forward"
c327
Black Belt 4th Degree
Black Belt 4th Degree
 
Posts: 4388
Joined: Fri Feb 27, 2004 1:01 am
Location: Saint Augustine Florida

Postby OneSpirit » Wed Jun 15, 2011 2:35 pm

Mr T wrote:Ok, to save a reinstall create another account and set it to administrator as well as setting a password... Select your account and set it to Standard user... Clear the system of AVG totally, it can give false positives and let stuff through anyway, and install Microsoft Security Essentials - Do this under the admin account... Disable system restore, clear the Internet cache and temporary files - use Disk Cleanup for this (go to My Computer and right click on C drive, properties and Disk Cleanup), tick all the boxes and let it do its thing... Reboot into SAFE MODE and run Malwarebytes again... You don't have to clean the infection her, but note where it is, you can manually remove it usually.. Remove, or Reboot into normal mode and manually remove, then run Microsoft Security Essentials....

Any idea why Malwarebytes makes windows xp mad when I use it and reboot? Why won't it restart properly after using Malwarebytes?

evasive wrote:http://www.threatexpert.com/report.aspx?md5=ed1ad8a8ff2357b1665055ac01b2df14

http://www.pandasecurity.com/homeusers/ ... rticulares

now this is just the tool to drop more nasties. Yes we can try the safe mode/different user trick, but be aware there may be more surprises in there.

I have to check out those links and see if I can figure out how to use the tool.

c327 wrote:You may want to consider downloading and running F Secure Black Light. It has in the past located a few very nasty nasties.

Downloaded the program installed and used it ... and it said it could not find any hidden malware.

Thanks anyway ... :wink:
Main Rig_Intel i7 4770k@3.50
ECS H87H3-WM Ver1
16Gb DDR3 1600
Evga GTX 1050Ti GPU
WD100000 SATA 7200RPM
Seagate 1TB SATA 7200RPM
Corsair CX750M
Win7 Ultimate x64
Rig2_AMD FX8120
GIGABYTE GA-M68MT-S2 Mobo
4Gb DDR3 1600
ZOTAC GeForce GTX 550TI
Seagate 1TB SATA 7200RPM
WD100000 SATA 7200RPM
Rosewill M650
Win7 64
OneSpirit
Black Belt
Black Belt
 
Posts: 912
Joined: Mon Feb 25, 2002 1:01 am
Location: The Great State of Ohio

Next

Return to Virus/Spyware/Security

Who is online

Users browsing this forum: Bing [Bot] and 0 guests