Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 434
  • Last Modified:

Hijack This log to help diagnose my machine

My computer is running Windows XP Pro in a network.  I've run Malwarebytes Anti-Malware, and SuperAntispyware  several times recently, and have gotten a few Trojans.  But I still continue to have the following issue... Every morning a couple of websites come up.  The URL changes about once a week.  Here are some of them...
web.tofushopnews.com
milesandkms.com
longfintuna.net
salesresourcdepartners.com
australiabrewingcompany.com

Attached is my HijackThis log.  An analysis would be appreciated.
hijackthis20131111.log
0
Josh Christie
Asked:
Josh Christie
  • 3
  • 2
2 Solutions
 
web_trackerCommented:
There could be a number items that may look ligitimate in this log but could really be due to malware. I am not sure why some of the things are running in the background. Many of these applications will only slow down the computer and dont need to be running all the time. When you need to run the application you can open the application then they will run. You can use a tool such as msconfig to turn off this items, such as logme in (software to remotely connect to your computer), tomtom (gps updating software), research in motion (your rim device blackberry device) [unless you are costantly syncrhonizing the device with your computer], I also so pointers for google drives and drop box. Do you need to have both apps?  The more network related apps you have running in the background the greater chances of someone finding a loop hole to hack into your system. What I would do is run msconfig and turn off all the startup items, under services I would select hide microsoft services, then uncheck all the rest. Then restart your computer and see if you are still having the same symptoms. Once these items are disabled check malwarebytes once more to see if it catches the malware or you may try an app such as rogue killer.
0
 
FutureTechSysDOTcomCommented:
This is odd:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

What runs on port 9421 on your machine, anything?

You do seem to have a lot of what I call "JunkWare" running.  I recently wrote a cleanup article that covers unnecessary apps as well as viruses and spyware.  I'd recommend going through it.

http://bit.ly/HVE57U

Regards,
Chris M.
0
 
Josh ChristieAuthor Commented:
web_tracker... I did what you said at msconfig.  I then ran malwarebytes again.  (Didn't find anything.)  But now the symptom I described has not shown up since then for several days.  

Chris M., ... I want to study your article and maybe use it at home also.  I see one of your favorite tools is Combofix.  I have used it with good effect in recent years.  I have also heard warnings about it, that it's maybe a bit too invasive.  Do I have to beware of using Combofix?  Currently netstat does not show any usage of Port 9421.  Maybe that's a result of doing what web_tracker had me do.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
FutureTechSysDOTcomCommented:
Hermhart, I used ComboFix on my own personal business computer for the purposes of that article.  I'll give you the standard "legal disclaimer" of things are at your own risk, etc. but with that being said I have used it on probably 100 computers and had 0 issues.

Chances are, if you are running ComboFix, whatever its removing is causing more problems then it ever could.

Also always keep backups of your important things, take a backup of the registry before starting, etc.
0
 
Josh ChristieAuthor Commented:
Chris, I really like your article at http://bit.ly/HVE57U.  It's very much where I'm at.  Just a footnote on AVG free.  The latest version of it does not give you the option to uncheck search engine and the toolbar.  What works though is to go ahead and install it and then go to Control Panel > Add or remove programs and run Change for AVG.  In there you are given the opportunity to undo those features.

I have used Spybot S&D for years and I like it.  But now they want a fistful of money for businesses.  Also I use SuperAntispyware.  It mostly finds harmless cookies, but it also gets some trojans.  

Thanks for the encouragement regarding Combofix.
0
 
Josh ChristieAuthor Commented:
My issue was resolved and I have some tips for the future.  I didn't give an A because the area of malware seems to me to be rather fuzzy, not very clear black or white.  When I have a success, I'm not quite sure just which tool was the main one that did the job.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now