Solved

Hijack This log to help diagnose my machine

Posted on 2013-11-11
6
417 Views
Last Modified: 2013-11-21
My computer is running Windows XP Pro in a network.  I've run Malwarebytes Anti-Malware, and SuperAntispyware  several times recently, and have gotten a few Trojans.  But I still continue to have the following issue... Every morning a couple of websites come up.  The URL changes about once a week.  Here are some of them...
web.tofushopnews.com
milesandkms.com
longfintuna.net
salesresourcdepartners.com
australiabrewingcompany.com

Attached is my HijackThis log.  An analysis would be appreciated.
hijackthis20131111.log
0
Comment
Question by:Josh Christie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 18

Accepted Solution

by:
web_tracker earned 400 total points
ID: 39640222
There could be a number items that may look ligitimate in this log but could really be due to malware. I am not sure why some of the things are running in the background. Many of these applications will only slow down the computer and dont need to be running all the time. When you need to run the application you can open the application then they will run. You can use a tool such as msconfig to turn off this items, such as logme in (software to remotely connect to your computer), tomtom (gps updating software), research in motion (your rim device blackberry device) [unless you are costantly syncrhonizing the device with your computer], I also so pointers for google drives and drop box. Do you need to have both apps?  The more network related apps you have running in the background the greater chances of someone finding a loop hole to hack into your system. What I would do is run msconfig and turn off all the startup items, under services I would select hide microsoft services, then uncheck all the rest. Then restart your computer and see if you are still having the same symptoms. Once these items are disabled check malwarebytes once more to see if it catches the malware or you may try an app such as rogue killer.
0
 
LVL 4

Assisted Solution

by:FutureTechSysDOTcom
FutureTechSysDOTcom earned 100 total points
ID: 39646022
This is odd:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

What runs on port 9421 on your machine, anything?

You do seem to have a lot of what I call "JunkWare" running.  I recently wrote a cleanup article that covers unnecessary apps as well as viruses and spyware.  I'd recommend going through it.

http://bit.ly/HVE57U

Regards,
Chris M.
0
 

Author Comment

by:Josh Christie
ID: 39660826
web_tracker... I did what you said at msconfig.  I then ran malwarebytes again.  (Didn't find anything.)  But now the symptom I described has not shown up since then for several days.  

Chris M., ... I want to study your article and maybe use it at home also.  I see one of your favorite tools is Combofix.  I have used it with good effect in recent years.  I have also heard warnings about it, that it's maybe a bit too invasive.  Do I have to beware of using Combofix?  Currently netstat does not show any usage of Port 9421.  Maybe that's a result of doing what web_tracker had me do.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Expert Comment

by:FutureTechSysDOTcom
ID: 39663564
Hermhart, I used ComboFix on my own personal business computer for the purposes of that article.  I'll give you the standard "legal disclaimer" of things are at your own risk, etc. but with that being said I have used it on probably 100 computers and had 0 issues.

Chances are, if you are running ComboFix, whatever its removing is causing more problems then it ever could.

Also always keep backups of your important things, take a backup of the registry before starting, etc.
0
 

Author Comment

by:Josh Christie
ID: 39666962
Chris, I really like your article at http://bit.ly/HVE57U.  It's very much where I'm at.  Just a footnote on AVG free.  The latest version of it does not give you the option to uncheck search engine and the toolbar.  What works though is to go ahead and install it and then go to Control Panel > Add or remove programs and run Change for AVG.  In there you are given the opportunity to undo those features.

I have used Spybot S&D for years and I like it.  But now they want a fistful of money for businesses.  Also I use SuperAntispyware.  It mostly finds harmless cookies, but it also gets some trojans.  

Thanks for the encouragement regarding Combofix.
0
 

Author Closing Comment

by:Josh Christie
ID: 39666971
My issue was resolved and I have some tips for the future.  I didn't give an A because the area of malware seems to me to be rather fuzzy, not very clear black or white.  When I have a success, I'm not quite sure just which tool was the main one that did the job.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question