Solved

Possible Virus? Browser automatically populates with "67yujhnm"

Posted on 2004-04-17
11
1,016 Views
Last Modified: 2010-07-27
For the past 2 weeks I've experienced my computer automatically executing commands, e.g. pop-screens, open / close applications and most often when I am working with Internet Explorer the command bar is populated with the string "67yujhnm".

I am using a Toshiba Satellite Pro 4600 and I am on Windowns 2000. A question on this has been asked before, but I've been unsuccessful downloading the tool mentioned (Hijack this).

I am always running Norton Anti-Virus which is also auto-enabled, but this does not seem to catch the problem.

Is this a virus, and how could I get rid of this?

Thanks in advance for the help, Johan.
0
Comment
Question by:johanyssel
11 Comments
 
LVL 4

Accepted Solution

by:
tituba2 earned 500 total points
ID: 10854779
It is spyware.  Your virus software doesn't catch spyware.

Download, install and update the following spyware software.

Click - start - run msconfig
clear all startup items

Boot in safe mode.

Run all these spyware products.  Delete whatever it finds.

Ad-ware
http://www.lavasoft.de/

Spybot
http://www.pcworld.com/downloads/file_description/0,fid,22262,00.asp

CW Shredder
http://www.softpedia.com/public/cat/10/17/10-17-150.shtml
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10855547
Try downloading here

HijackThis : http://www.spychecker.com/program/hijackthis.html 

Alternatively , first take a backup of your registry
go inside registry and search for that term "67******" and remove all instances of it ,

Press CTRL + F to get search box. Type in that text there. Once it finds one , press F3 to find next and so on
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 10856602
I'm intrigued by this one. There's no reference to it anywhere else. McAfee doesn't know anything about it, nor does Symantec or any of the spyware removers.

Please see:

http://www.experts-exchange.com/Applications/Viruses/Q_20942585.html

The same problem was reported. Also, a similar problem was reported at computercops.com back in December:

http://computercops.biz/postp39116.html

I don't have any advice except to contact Symantec and check on how to send them an image of your hard drive. It could be a new virus/hijacker that has passed unnoticed so far.

Good Vibes!

Lobo
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:johanyssel
ID: 10866197
Hi Tituba2

Thanks for your help. I have all 3 the spyware programs (latest versions) you mentioned already, and even after executing all of them, it didn't solve the problem.

I cannot execute msconfig on my machine, I get the error "Cannot find the file "msconfig" (or one of its components). Make sure the path and filename are correct and that all required libraries are available." Could this be a possible cause of the problem?.

Johan

0
 

Author Comment

by:johanyssel
ID: 10866229
Question to Sunray_2003

I've searched my registry and could not find the problem string.

I've downloaded Hijack This. This program only generates a log. Should I post it here for your attention? Thanks. Johan
0
 
LVL 4

Expert Comment

by:tituba2
ID: 10867985
Sounds like a Trojan.  You need to find msconfig

Go to Windows Explorer, folder options, view all files.

Search for msconfig.*

Disable all startup items

Download and install this trojan finder
http://tinyurl.com/2d46w


Boot in safe and run this and please let us know as this appears to be a growing threat.
0
 

Author Comment

by:johanyssel
ID: 10869265
Thanks tituba2

I've searched my complete C drive and do not find the file msconfig! I've downloaded the Troyan Remover version 6.1.6 as you recommended, and executed it. (It found no problems, and ouput the message "No active malicious files were found and no changes were made".

However, since I could not find msconfig I did not disable startup items and did not boot (and execute) in safe mode. Is it important to do this in safe mode, or was it OK that I just executed this program in normal mode?



0
 

Expert Comment

by:voquangle
ID: 10915158
I need this trojan. Because I don't know how this trojan runs and i need its sourcecode.
0
 

Author Comment

by:johanyssel
ID: 10915885
Hi voquangle

How can I identify this trojan and send you the sourcecode?

0
 
LVL 4

Expert Comment

by:tituba2
ID: 10916979
If your OS is 2000, you wouldn't have msconfig.  However, you can use XP's msconfig on 2000 to disable startup items.  Go to

http://www.perfectdrivers.com/howto/msconfig.html

and download the msconfig or copy it from someone who has XP.

Have you been able to clean off this virus/trojan?  If you identify the virus file, send it to Symantec.  

So voq - are you a virus writer?

0
 

Author Comment

by:johanyssel
ID: 11296626
Hi everybody

Just to let you know that my problem has been solved, and I believe it was caused by a hardware problem, not a virus. I've followed all advice and tried (for days!) so many different options, until I finally re-fitted the keyboard cable. This solved 90% of my problems, until I then replaced the keyboard completely, and all problems are gone now!

Thanks for everybody who tried assisting in solving this problem.

Johan
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you got the Conficker. You could go to each machine and run the eye chart test (http://www.confickerworkinggroup.org/infection_test/cfeyechart.html), but in a bigger environment, or if you prefer to work smarter and not harder, you need some …
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question