Help
Page 1 of 1
I've been HIJACKED!!! please any help would HELP!!
#2
theelviscerator 
- journeyman
- Group: Members
- Posts: 54
- Joined: 03-January 01
Posted 29 December 2004 - 11:00 AM
Format C: \s
#3
mnas
- stranger
- Group: Members
- Posts: 11
- Joined: 28-December 04
Posted 29 December 2004 - 12:25 PM
Hi!
To start with; it wouldn't be a bad idea to do a full reinstall of you operating system. You have loads of bloatware slowing down your machine. Or perhaps you could ask a friend (somebody who knows his/her way around a computer) to help you optimize your system. Or maybe you just like it like it is. Anyways...
I found a few suspicious entries in your log.
...
C:\WINDOWS\System32\cc325040.exe
...
...
O4 - HKLM\..\Run: [2a952157a896] C:\WINDOWS\System32\cc325040.exe
...
...
O4 - HKCU\..\Run: [WayBlah] C:\DOCUME~1\Owner\APPLIC~1\ITCHPU~1\soft name defy.exe
...
"cc325040.exe" is most likely what is causing you trouble. To get rid of it do as follows:
1. Press Ctrl-Alt-Del (or rightclick the taskbar and select Task manager).
2. Go to the processes-tab and locate cc325040.exe in the list.
3. Right-click cc325040.exe and select End task. Answer Yes. Do the same with the "soft name defy.exe" process, if it is present.
Now follows some registry editing which can screw up your computer totally if done wrong so make sure you don't do anything else than what is stated here.
4. Click Start and select Run from the start-menu.
5. Type regedit and press OK. You should now see the five main keys of the registry all starting with "HKEY_...".
6. Browse your way to the following key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
7. On the right hand side you should now see a list of the processes that runs at windows startup. Among them you will find the cc325040.exe. Select the line that says
[2a952157a896] C:\WINDOWS\System32\cc325040.exe
and delete it.
8. There is an entry in the
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
(plz note "HKEY_CURRENT_USER" not "HKEY_LOCAL MACHINE")
key called WayBlah that I'm not really sure about but I would remove it as well. It might be the process that created cc325040.exe in the first place.
9. Close the registry editor.
10. Now remove both the files "C:\WINDOWS\System32\cc325040.exe" and "C:\DOCUME~1\Owner\APPLIC~1\ITCHPU~1\soft name defy.exe" using Explorer.
You should also check if there are any strange entries in your Startup folder on the start menu.
I hope this will help you. /MN
To start with; it wouldn't be a bad idea to do a full reinstall of you operating system. You have loads of bloatware slowing down your machine. Or perhaps you could ask a friend (somebody who knows his/her way around a computer) to help you optimize your system. Or maybe you just like it like it is. Anyways...
I found a few suspicious entries in your log.
...
C:\WINDOWS\System32\cc325040.exe
...
...
O4 - HKLM\..\Run: [2a952157a896] C:\WINDOWS\System32\cc325040.exe
...
...
O4 - HKCU\..\Run: [WayBlah] C:\DOCUME~1\Owner\APPLIC~1\ITCHPU~1\soft name defy.exe
...
"cc325040.exe" is most likely what is causing you trouble. To get rid of it do as follows:
1. Press Ctrl-Alt-Del (or rightclick the taskbar and select Task manager).
2. Go to the processes-tab and locate cc325040.exe in the list.
3. Right-click cc325040.exe and select End task. Answer Yes. Do the same with the "soft name defy.exe" process, if it is present.
Now follows some registry editing which can screw up your computer totally if done wrong so make sure you don't do anything else than what is stated here.
4. Click Start and select Run from the start-menu.
5. Type regedit and press OK. You should now see the five main keys of the registry all starting with "HKEY_...".
6. Browse your way to the following key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
7. On the right hand side you should now see a list of the processes that runs at windows startup. Among them you will find the cc325040.exe. Select the line that says
[2a952157a896] C:\WINDOWS\System32\cc325040.exe
and delete it.
8. There is an entry in the
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
(plz note "HKEY_CURRENT_USER" not "HKEY_LOCAL MACHINE")
key called WayBlah that I'm not really sure about but I would remove it as well. It might be the process that created cc325040.exe in the first place.
9. Close the registry editor.
10. Now remove both the files "C:\WINDOWS\System32\cc325040.exe" and "C:\DOCUME~1\Owner\APPLIC~1\ITCHPU~1\soft name defy.exe" using Explorer.
You should also check if there are any strange entries in your Startup folder on the start menu.
I hope this will help you. /MN
#4
jwl812
- member
- Group: Members
- Posts: 117
- Joined: 14-September 01
Posted 29 December 2004 - 05:05 PM
Man I feel your pain...
If you use internet explorer and i.e. was hijacked, it will happen again. i.e. is prone to hijacking. Try using Firefox from www.mozilla.org
There's nothing worse than reformatting and spending hours getting everything back to "normal" and then getting hijacked again.
I speak from experience. This has happened to me twice. I will never use i.e. again. Heck, I read an article that M$ engineers used Firefox to show off the new MSN search engine. It was posted on the web, a picture of MSN search from M$ labs, running on Firefox!!
Good luck.
If you use internet explorer and i.e. was hijacked, it will happen again. i.e. is prone to hijacking. Try using Firefox from www.mozilla.org
There's nothing worse than reformatting and spending hours getting everything back to "normal" and then getting hijacked again.
I speak from experience. This has happened to me twice. I will never use i.e. again. Heck, I read an article that M$ engineers used Firefox to show off the new MSN search engine. It was posted on the web, a picture of MSN search from M$ labs, running on Firefox!!
Good luck.
#5
GTwannabe
- member
- Group: Members
- Posts: 198
- Joined: 03-June 01
Posted 29 December 2004 - 06:14 PM
Yup, best bet would be to either format or reinstall WinXP on top of itself (deletes and recreates the Windows directory)
Next time, download SpyBot and use the immunize feature. You should also switch to Firefox as your web browser and only resort to IE when a page doesn't work with Firefox (which is rare, and indicates poor coding)
Next time, download SpyBot and use the immunize feature. You should also switch to Firefox as your web browser and only resort to IE when a page doesn't work with Firefox (which is rare, and indicates poor coding)
#7
thatsteveguy
- enthusiast
- Group: Members
- Posts: 310
- Joined: 13-July 01
Posted 13 January 2005 - 05:26 PM
Originally posted by 02mash:
That is the worst way to do it. there is no guarantee that the spyware will be removed simply by installing over an existing OS installation. I won't even formant a drive. I WIPE it completely. then re-install.
s
Quote:
1.put in windows dics
2.click reinstall windows!
3.problem solved.
2.click reinstall windows!
3.problem solved.
That is the worst way to do it. there is no guarantee that the spyware will be removed simply by installing over an existing OS installation. I won't even formant a drive. I WIPE it completely. then re-install.
s
Share this topic:
Page 1 of 1