Solved

Hijack This log to help diagnose my machine

Posted on 2013-11-11
6
403 Views
Last Modified: 2013-11-21
My computer is running Windows XP Pro in a network.  I've run Malwarebytes Anti-Malware, and SuperAntispyware  several times recently, and have gotten a few Trojans.  But I still continue to have the following issue... Every morning a couple of websites come up.  The URL changes about once a week.  Here are some of them...
web.tofushopnews.com
milesandkms.com
longfintuna.net
salesresourcdepartners.com
australiabrewingcompany.com

Attached is my HijackThis log.  An analysis would be appreciated.
hijackthis20131111.log
0
Comment
Question by:Josh Christie
  • 3
  • 2
6 Comments
 
LVL 18

Accepted Solution

by:
web_tracker earned 400 total points
ID: 39640222
There could be a number items that may look ligitimate in this log but could really be due to malware. I am not sure why some of the things are running in the background. Many of these applications will only slow down the computer and dont need to be running all the time. When you need to run the application you can open the application then they will run. You can use a tool such as msconfig to turn off this items, such as logme in (software to remotely connect to your computer), tomtom (gps updating software), research in motion (your rim device blackberry device) [unless you are costantly syncrhonizing the device with your computer], I also so pointers for google drives and drop box. Do you need to have both apps?  The more network related apps you have running in the background the greater chances of someone finding a loop hole to hack into your system. What I would do is run msconfig and turn off all the startup items, under services I would select hide microsoft services, then uncheck all the rest. Then restart your computer and see if you are still having the same symptoms. Once these items are disabled check malwarebytes once more to see if it catches the malware or you may try an app such as rogue killer.
0
 
LVL 4

Assisted Solution

by:FutureTechSysDOTcom
FutureTechSysDOTcom earned 100 total points
ID: 39646022
This is odd:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

What runs on port 9421 on your machine, anything?

You do seem to have a lot of what I call "JunkWare" running.  I recently wrote a cleanup article that covers unnecessary apps as well as viruses and spyware.  I'd recommend going through it.

http://bit.ly/HVE57U

Regards,
Chris M.
0
 

Author Comment

by:Josh Christie
ID: 39660826
web_tracker... I did what you said at msconfig.  I then ran malwarebytes again.  (Didn't find anything.)  But now the symptom I described has not shown up since then for several days.  

Chris M., ... I want to study your article and maybe use it at home also.  I see one of your favorite tools is Combofix.  I have used it with good effect in recent years.  I have also heard warnings about it, that it's maybe a bit too invasive.  Do I have to beware of using Combofix?  Currently netstat does not show any usage of Port 9421.  Maybe that's a result of doing what web_tracker had me do.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 4

Expert Comment

by:FutureTechSysDOTcom
ID: 39663564
Hermhart, I used ComboFix on my own personal business computer for the purposes of that article.  I'll give you the standard "legal disclaimer" of things are at your own risk, etc. but with that being said I have used it on probably 100 computers and had 0 issues.

Chances are, if you are running ComboFix, whatever its removing is causing more problems then it ever could.

Also always keep backups of your important things, take a backup of the registry before starting, etc.
0
 

Author Comment

by:Josh Christie
ID: 39666962
Chris, I really like your article at http://bit.ly/HVE57U.  It's very much where I'm at.  Just a footnote on AVG free.  The latest version of it does not give you the option to uncheck search engine and the toolbar.  What works though is to go ahead and install it and then go to Control Panel > Add or remove programs and run Change for AVG.  In there you are given the opportunity to undo those features.

I have used Spybot S&D for years and I like it.  But now they want a fistful of money for businesses.  Also I use SuperAntispyware.  It mostly finds harmless cookies, but it also gets some trojans.  

Thanks for the encouragement regarding Combofix.
0
 

Author Closing Comment

by:Josh Christie
ID: 39666971
My issue was resolved and I have some tips for the future.  I didn't give an A because the area of malware seems to me to be rather fuzzy, not very clear black or white.  When I have a success, I'm not quite sure just which tool was the main one that did the job.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now