Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Hijack This log to help diagnose my machine

Posted on 2013-11-11
6
Medium Priority
?
421 Views
Last Modified: 2013-11-21
My computer is running Windows XP Pro in a network.  I've run Malwarebytes Anti-Malware, and SuperAntispyware  several times recently, and have gotten a few Trojans.  But I still continue to have the following issue... Every morning a couple of websites come up.  The URL changes about once a week.  Here are some of them...
web.tofushopnews.com
milesandkms.com
longfintuna.net
salesresourcdepartners.com
australiabrewingcompany.com

Attached is my HijackThis log.  An analysis would be appreciated.
hijackthis20131111.log
0
Comment
Question by:Josh Christie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 18

Accepted Solution

by:
web_tracker earned 1200 total points
ID: 39640222
There could be a number items that may look ligitimate in this log but could really be due to malware. I am not sure why some of the things are running in the background. Many of these applications will only slow down the computer and dont need to be running all the time. When you need to run the application you can open the application then they will run. You can use a tool such as msconfig to turn off this items, such as logme in (software to remotely connect to your computer), tomtom (gps updating software), research in motion (your rim device blackberry device) [unless you are costantly syncrhonizing the device with your computer], I also so pointers for google drives and drop box. Do you need to have both apps?  The more network related apps you have running in the background the greater chances of someone finding a loop hole to hack into your system. What I would do is run msconfig and turn off all the startup items, under services I would select hide microsoft services, then uncheck all the rest. Then restart your computer and see if you are still having the same symptoms. Once these items are disabled check malwarebytes once more to see if it catches the malware or you may try an app such as rogue killer.
0
 
LVL 4

Assisted Solution

by:FutureTechSysDOTcom
FutureTechSysDOTcom earned 300 total points
ID: 39646022
This is odd:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

What runs on port 9421 on your machine, anything?

You do seem to have a lot of what I call "JunkWare" running.  I recently wrote a cleanup article that covers unnecessary apps as well as viruses and spyware.  I'd recommend going through it.

http://bit.ly/HVE57U

Regards,
Chris M.
0
 

Author Comment

by:Josh Christie
ID: 39660826
web_tracker... I did what you said at msconfig.  I then ran malwarebytes again.  (Didn't find anything.)  But now the symptom I described has not shown up since then for several days.  

Chris M., ... I want to study your article and maybe use it at home also.  I see one of your favorite tools is Combofix.  I have used it with good effect in recent years.  I have also heard warnings about it, that it's maybe a bit too invasive.  Do I have to beware of using Combofix?  Currently netstat does not show any usage of Port 9421.  Maybe that's a result of doing what web_tracker had me do.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
LVL 4

Expert Comment

by:FutureTechSysDOTcom
ID: 39663564
Hermhart, I used ComboFix on my own personal business computer for the purposes of that article.  I'll give you the standard "legal disclaimer" of things are at your own risk, etc. but with that being said I have used it on probably 100 computers and had 0 issues.

Chances are, if you are running ComboFix, whatever its removing is causing more problems then it ever could.

Also always keep backups of your important things, take a backup of the registry before starting, etc.
0
 

Author Comment

by:Josh Christie
ID: 39666962
Chris, I really like your article at http://bit.ly/HVE57U.  It's very much where I'm at.  Just a footnote on AVG free.  The latest version of it does not give you the option to uncheck search engine and the toolbar.  What works though is to go ahead and install it and then go to Control Panel > Add or remove programs and run Change for AVG.  In there you are given the opportunity to undo those features.

I have used Spybot S&D for years and I like it.  But now they want a fistful of money for businesses.  Also I use SuperAntispyware.  It mostly finds harmless cookies, but it also gets some trojans.  

Thanks for the encouragement regarding Combofix.
0
 

Author Closing Comment

by:Josh Christie
ID: 39666971
My issue was resolved and I have some tips for the future.  I didn't give an A because the area of malware seems to me to be rather fuzzy, not very clear black or white.  When I have a success, I'm not quite sure just which tool was the main one that did the job.
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question