WTF Can I do? HELP!!!! 20 replies

Please wait...

GateCrusher420 VIP Member

What is this place?

71,255 XP

17th February 2007

0 Uploads

6,233 Posts

1 Threads

#1 10 years ago

Ok....some of you may or may not know but I usually know things about hardware only. My problem is related to a software problem. I think my computer has been both hacked and hijacked. Whats is going is, 1) I'll be typing something and all of a sudden the computer types something like a link to something. I don't watch porn and very rarely download something. If I do download something, I know what it is and who makes the program. 2) Clicks outside of the current window to disrupt activities that I am doing. 3) Does other random shit to piss me off What can I do to fix this? I need to know fast because I'm fucked if I don't fix it. Can anyone provide a solution. If theres a downloadable program, it had better be from someone everyone knows and isn't going to screw my computer up even more. This shit is getting old real fast. I have a backup of my original system setup which would lose alot of stuff but if it will get rid of my problem, then by god I'm doin it.




ConstanceJill

Huh yeah, whatever ^^

38,762 XP

6th December 2006

0 Uploads

3,246 Posts

1 Threads

#2 10 years ago

Might sound crazy but ... do you have a wireless keyboard and mouse ? Perhaps your neighbour has a similar one ^^'

--> Maybe you should check if that still happens when not connected to your network (using wifi, btw ? )




GateCrusher420 VIP Member

What is this place?

71,255 XP

17th February 2007

0 Uploads

6,233 Posts

1 Threads

#3 10 years ago

I don't use wireless internet or wireless devices. My keyboard is wired and so is my mouse. Its got to be a program running because its the same link over and over and it does the same stuff over and over. I just don't know what to do. I'm about |----| that close to burning my piece of shit computer or using my windows backup program.




Freyr VIP Member

A2Files Staff

46,875 XP

6th February 2005

11 Uploads

4,275 Posts

0 Threads

#4 10 years ago

Could you download HijackThis and post the log please? That will tell us whats running on your PC and might provide some insight into the problem.




GateCrusher420 VIP Member

What is this place?

71,255 XP

17th February 2007

0 Uploads

6,233 Posts

1 Threads

#5 10 years ago

I just ran a anti-virus program and it seems to have stopped. I'm not going to reboot until right before bed. I'll try running HijackThis if the problem persists. I didn't think about that. I will keep you guys updated when ever something happens.




GateCrusher420 VIP Member

What is this place?

71,255 XP

17th February 2007

0 Uploads

6,233 Posts

1 Threads

#6 10 years ago

Heres the log file from hijack this.




Sgt. D. Pilla

Uber Geek

50 XP

23rd October 2007

0 Uploads

3,473 Posts

0 Threads

#7 10 years ago

TeeHee! That happened to me lol! Mine did turn out to be a remote access trogan lol, It was fun, Cause I'd type stuipd stuff "Your a fag" or something lol. Anyways, resonably easy fix, safe mode, disable remote desktop, find the trojan (mine was a biach and resulted in a format though)

--EDIT-- A quick run over of HijackThis log, and I may have already found a possible suspect...

C:\WINDOWS\Explorer.EXE

Yes, I know what you think its for, BUT Windows NEVER EVER, uses a capital letter for the extension, or the name of the process, ever, not for explorer.exe and HijackThis wouldn't have changed it because otherwise its giving out false data

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

AVG, Not the best obviously, nothing is, but its a very demanding Free AntiVirus for what Avast could do for less Rescources, and a bit more through, maybe consider and update, but like you said, you know about computers which I've seen you around here a bit, so you use it for a reason...Just a suggestion ;)

R3 - URLSearchHook: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\Ron\Local Settings\Application Data\CyberDefender\ssstbar.dll

You have that? Actually, I do now aswell, in my quarantine bin...Avast detected a virus in it as soon as it hit the hard drive...Maybe run an on line McAfee scan to be sure

O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray

After googling napster.exe, it just comes with a whole heap of return results, those being those obvious 'we want to scan your computer to install a virus' type of websites....example..So its possibly that, seeing results like that make me nervous of spyware/adware

They are the only ones I can see that are either suspicious, or other. I'm not good with HijackThis logs though, so don't take my word on the above, it was figured out from some basic googling

--EDIT-- Back to the sus Explorer.EXE process, which may be clean, I just know MS would never report a process with capitals like that. Anyways, see if you can do the same to this....

I recently discovered the trojan "explorer.exe" on my machine (XP-512MB RAM-Intel Processor-1.8 Ghz). It was in a hidden directory "dllcache" masquerading as a dll, but in fact a trojan program called "explorer.exe".

Search for that folder 'dllcache' You know about hardware, so you should know the basic, that the ONLY explorer.exe on a system is in the Windows folder, ever. So just search, and set my mind at ease!




GateCrusher420 VIP Member

What is this place?

71,255 XP

17th February 2007

0 Uploads

6,233 Posts

1 Threads

#8 10 years ago

Virus scan just ended after scanning over 500k files. Found nothing. I searched the explorer thing Explorer.EXE it came up with the following explorer based in C:/Windows (application) EXPLORER.EXE-082F38A9.pf based in C:/WINDOWS/Prefetch (pf file) CML_explorer (related to GIMP) FractalExplorer (related to GIMP) What should I get rid of? I'll search for the .dll file in a min.




>Omen<

Modern Warfare

50 XP

1st January 2005

0 Uploads

7,395 Posts

0 Threads

#9 10 years ago

According to the HjT auto log analyzer there are 4 entries that should be fixed: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch .cyberdefender.com/smallsearch.html R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O1 - Hosts: 12.129.205.209 search.netscape.com O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-C6ED-ED6AA787AD2D} - C:\PROGRA~1\POWERS~1\Toolbar\pwrsfrst.dll The only odd thing I saw in the auto analyzer is it said this entry... O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE ...should be fixed even though it marked it as safe with the comment "This entry was classified from our visitors as good." (Needless to say you have to be careful how you use the auto analyzer.) In checking this is what I found ALCMTR.EXE to be: "Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously to monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers. If you delete this file, then you will not be able to properly update your drivers in the future. It is therefore recommended that you disable the startup instead." The first one is the one that looks most suspicious to me. In all the times I've used the HjT auto log analyzer I've never seen a website link show after copying and pasting one of the entries. It actually appeared along with their slogan the first time I pasted it. Then I tried putting a space in it to avoid it showing as a link (so people wouldn't click on it) and it still did, but without the slogan.




Sgt. D. Pilla

Uber Geek

50 XP

23rd October 2007

0 Uploads

3,473 Posts

0 Threads

#10 10 years ago

HA! I knew that Safe Search was sus for a reason...*Thanks Avast for stopping it!*

explorer based in C:/Windows (application) EXPLORER.EXE-082F38A9.pf based in C:/WINDOWS/Prefetch (pf file) CML_explorer (related to GIMP) FractalExplorer (related to GIMP)

What should I get rid of?

Neither, thats fine, aslong as it wasnt in a folder called 'dlcache' Prefetch is basically harddrive cacheing of programs, and the other is the windows folder lol

But fix the ones that Omen said. Especially that safe search bar, Avast stopped it when I tryed to download it before to see if it was the culpirate, and so far,