Solved

Hijack This log to help diagnose my machine

Posted on 2013-11-11
6
406 Views
Last Modified: 2013-11-21
My computer is running Windows XP Pro in a network.  I've run Malwarebytes Anti-Malware, and SuperAntispyware  several times recently, and have gotten a few Trojans.  But I still continue to have the following issue... Every morning a couple of websites come up.  The URL changes about once a week.  Here are some of them...
web.tofushopnews.com
milesandkms.com
longfintuna.net
salesresourcdepartners.com
australiabrewingcompany.com

Attached is my HijackThis log.  An analysis would be appreciated.
hijackthis20131111.log
0
Comment
Question by:Josh Christie
  • 3
  • 2
6 Comments
 
LVL 18

Accepted Solution

by:
web_tracker earned 400 total points
ID: 39640222
There could be a number items that may look ligitimate in this log but could really be due to malware. I am not sure why some of the things are running in the background. Many of these applications will only slow down the computer and dont need to be running all the time. When you need to run the application you can open the application then they will run. You can use a tool such as msconfig to turn off this items, such as logme in (software to remotely connect to your computer), tomtom (gps updating software), research in motion (your rim device blackberry device) [unless you are costantly syncrhonizing the device with your computer], I also so pointers for google drives and drop box. Do you need to have both apps?  The more network related apps you have running in the background the greater chances of someone finding a loop hole to hack into your system. What I would do is run msconfig and turn off all the startup items, under services I would select hide microsoft services, then uncheck all the rest. Then restart your computer and see if you are still having the same symptoms. Once these items are disabled check malwarebytes once more to see if it catches the malware or you may try an app such as rogue killer.
0
 
LVL 4

Assisted Solution

by:FutureTechSysDOTcom
FutureTechSysDOTcom earned 100 total points
ID: 39646022
This is odd:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

What runs on port 9421 on your machine, anything?

You do seem to have a lot of what I call "JunkWare" running.  I recently wrote a cleanup article that covers unnecessary apps as well as viruses and spyware.  I'd recommend going through it.

http://bit.ly/HVE57U

Regards,
Chris M.
0
 

Author Comment

by:Josh Christie
ID: 39660826
web_tracker... I did what you said at msconfig.  I then ran malwarebytes again.  (Didn't find anything.)  But now the symptom I described has not shown up since then for several days.  

Chris M., ... I want to study your article and maybe use it at home also.  I see one of your favorite tools is Combofix.  I have used it with good effect in recent years.  I have also heard warnings about it, that it's maybe a bit too invasive.  Do I have to beware of using Combofix?  Currently netstat does not show any usage of Port 9421.  Maybe that's a result of doing what web_tracker had me do.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 4

Expert Comment

by:FutureTechSysDOTcom
ID: 39663564
Hermhart, I used ComboFix on my own personal business computer for the purposes of that article.  I'll give you the standard "legal disclaimer" of things are at your own risk, etc. but with that being said I have used it on probably 100 computers and had 0 issues.

Chances are, if you are running ComboFix, whatever its removing is causing more problems then it ever could.

Also always keep backups of your important things, take a backup of the registry before starting, etc.
0
 

Author Comment

by:Josh Christie
ID: 39666962
Chris, I really like your article at http://bit.ly/HVE57U.  It's very much where I'm at.  Just a footnote on AVG free.  The latest version of it does not give you the option to uncheck search engine and the toolbar.  What works though is to go ahead and install it and then go to Control Panel > Add or remove programs and run Change for AVG.  In there you are given the opportunity to undo those features.

I have used Spybot S&D for years and I like it.  But now they want a fistful of money for businesses.  Also I use SuperAntispyware.  It mostly finds harmless cookies, but it also gets some trojans.  

Thanks for the encouragement regarding Combofix.
0
 

Author Closing Comment

by:Josh Christie
ID: 39666971
My issue was resolved and I have some tips for the future.  I didn't give an A because the area of malware seems to me to be rather fuzzy, not very clear black or white.  When I have a success, I'm not quite sure just which tool was the main one that did the job.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article summarizes using a simple matrix to map the different type of phishing attempts and its targeted victims. It also run through many scam scheme scenario with "real" phished emails. There are safeguards highlighted to stay vigilance and h…
There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now