Solved

Possible Virus? Browser automatically populates with "67yujhnm"

Posted on 2004-04-17
11
1,010 Views
Last Modified: 2010-07-27
For the past 2 weeks I've experienced my computer automatically executing commands, e.g. pop-screens, open / close applications and most often when I am working with Internet Explorer the command bar is populated with the string "67yujhnm".

I am using a Toshiba Satellite Pro 4600 and I am on Windowns 2000. A question on this has been asked before, but I've been unsuccessful downloading the tool mentioned (Hijack this).

I am always running Norton Anti-Virus which is also auto-enabled, but this does not seem to catch the problem.

Is this a virus, and how could I get rid of this?

Thanks in advance for the help, Johan.
0
Comment
Question by:johanyssel
11 Comments
 
LVL 4

Accepted Solution

by:
tituba2 earned 500 total points
ID: 10854779
It is spyware.  Your virus software doesn't catch spyware.

Download, install and update the following spyware software.

Click - start - run msconfig
clear all startup items

Boot in safe mode.

Run all these spyware products.  Delete whatever it finds.

Ad-ware
http://www.lavasoft.de/

Spybot
http://www.pcworld.com/downloads/file_description/0,fid,22262,00.asp

CW Shredder
http://www.softpedia.com/public/cat/10/17/10-17-150.shtml
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10855547
Try downloading here

HijackThis : http://www.spychecker.com/program/hijackthis.html

Alternatively , first take a backup of your registry
go inside registry and search for that term "67******" and remove all instances of it ,

Press CTRL + F to get search box. Type in that text there. Once it finds one , press F3 to find next and so on
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 10856602
I'm intrigued by this one. There's no reference to it anywhere else. McAfee doesn't know anything about it, nor does Symantec or any of the spyware removers.

Please see:

http://www.experts-exchange.com/Applications/Viruses/Q_20942585.html

The same problem was reported. Also, a similar problem was reported at computercops.com back in December:

http://computercops.biz/postp39116.html

I don't have any advice except to contact Symantec and check on how to send them an image of your hard drive. It could be a new virus/hijacker that has passed unnoticed so far.

Good Vibes!

Lobo
0
 

Author Comment

by:johanyssel
ID: 10866197
Hi Tituba2

Thanks for your help. I have all 3 the spyware programs (latest versions) you mentioned already, and even after executing all of them, it didn't solve the problem.

I cannot execute msconfig on my machine, I get the error "Cannot find the file "msconfig" (or one of its components). Make sure the path and filename are correct and that all required libraries are available." Could this be a possible cause of the problem?.

Johan

0
 

Author Comment

by:johanyssel
ID: 10866229
Question to Sunray_2003

I've searched my registry and could not find the problem string.

I've downloaded Hijack This. This program only generates a log. Should I post it here for your attention? Thanks. Johan
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 4

Expert Comment

by:tituba2
ID: 10867985
Sounds like a Trojan.  You need to find msconfig

Go to Windows Explorer, folder options, view all files.

Search for msconfig.*

Disable all startup items

Download and install this trojan finder
http://tinyurl.com/2d46w


Boot in safe and run this and please let us know as this appears to be a growing threat.
0
 

Author Comment

by:johanyssel
ID: 10869265
Thanks tituba2

I've searched my complete C drive and do not find the file msconfig! I've downloaded the Troyan Remover version 6.1.6 as you recommended, and executed it. (It found no problems, and ouput the message "No active malicious files were found and no changes were made".

However, since I could not find msconfig I did not disable startup items and did not boot (and execute) in safe mode. Is it important to do this in safe mode, or was it OK that I just executed this program in normal mode?



0
 

Expert Comment

by:voquangle
ID: 10915158
I need this trojan. Because I don't know how this trojan runs and i need its sourcecode.
0
 

Author Comment

by:johanyssel
ID: 10915885
Hi voquangle

How can I identify this trojan and send you the sourcecode?

0
 
LVL 4

Expert Comment

by:tituba2
ID: 10916979
If your OS is 2000, you wouldn't have msconfig.  However, you can use XP's msconfig on 2000 to disable startup items.  Go to

http://www.perfectdrivers.com/howto/msconfig.html

and download the msconfig or copy it from someone who has XP.

Have you been able to clean off this virus/trojan?  If you identify the virus file, send it to Symantec.  

So voq - are you a virus writer?

0
 

Author Comment

by:johanyssel
ID: 11296626
Hi everybody

Just to let you know that my problem has been solved, and I believe it was caused by a hardware problem, not a virus. I've followed all advice and tried (for days!) so many different options, until I finally re-fitted the keyboard cable. This solved 90% of my problems, until I then replaced the keyboard completely, and all problems are gone now!

Thanks for everybody who tried assisting in solving this problem.

Johan
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Change your password...do it now!. Probably the easiest point of access to your account is through guessing your password. If your password is guessable, do change it now. If not for your sake but for everyone else in your friends list. Remember …
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now