How to find detected "hijacker" source

H

Harris

Guest
RE: repeated "Hijacker" detections:

StopZilla is repeatedly finding two "MakeMeSearch.com" "Hijacker" infections

and 4 "System Policies.Disable Registry" occurrences. I remove them, and

within a few days StopZilla is again blocking & detecting these same

infections.

Can I assume these are real attempts to put viruses on change my registry to

hijack my system?

How do I determine where they are coming from?

My wife and I both use the internet, but don't access anything other than

legitimate commercial business sites.

Any suggestion on how to find the source of these infection detections would

be appreciated.

Harris

(Using XP on an e-machine. Microsoft security set at "medium.")

 
M

Malke

Guest
Harris wrote:

<span style="color:blue">

> RE: repeated "Hijacker" detections:

>

> StopZilla is repeatedly finding two "MakeMeSearch.com" "Hijacker"

> infections

> and 4 "System Policies.Disable Registry" occurrences. I remove them, and

> within a few days StopZilla is again blocking & detecting these same

> infections.

> Can I assume these are real attempts to put viruses on change my registry

> to hijack my system?

>

> How do I determine where they are coming from?

>

> My wife and I both use the internet, but don't access anything other than

> legitimate commercial business sites.

>

> Any suggestion on how to find the source of these infection detections

> would be appreciated.

>

> Harris

>

> (Using XP on an e-machine. Microsoft security set at "medium.")</span>

It sounds like something is respawning. I would do some more thorough

scanning for malware instead of relying on Stopzilla. While Stopzilla is a

legitimate antimalware program, it isn't one I use or recommend.

Go through these general malware removal steps systematically -

http://www.elephantboycomputers.com/page2....emoving_Malware

You can also check to see if there are targeted removal steps for your

malware here:

Bleeping Computer removal how-to's -

http://www.bleepingcomputer.com/forums/forum55.html

When all else fails, run HijackThis and post your log in one of the

specialty forums listed at the first link above (not here, please).

Standard disclaimer: I can't see and test your computer myself, so these are

just suggestions based on many years of being a professional computer tech;

suggestions based on what you've written. You should not take my

suggestions as a definitive diagnosis. If you can't do the work yourself

(and there is no shame in admitting this isn't your cup of tea), take the

machine to a professional computer repair shop (not your local equivalent

of BigComputerStore/GeekSquad). Please be aware that not all local shops

are skilled at removing malware and even if they are, your computer may be

so infested that Windows will need to be clean-installed. If possible, have

all your data backed up before you take the machine into a shop.

Malke

--

MS-MVP

Elephant Boy Computers

www.elephantboycomputers.com

Don't Panic!

 
V

Volodymyr M. Shcherbyna

Guest
I would start from buying a good antivirus software, which keeps PC in safe

on different parameters - file system filter, internet filter, MS document

checker. I am not advertising, but for my personal needs I use Nod32, which

is one of the best in my opinion.

--

V.

This posting is provided "AS IS" with no warranties, and confers no

rights.

"Harris" <HarrisNM@msn.com> wrote in message

news:c4wEj.84319$yE1.47518@attbi_s21...<span style="color:blue">

> RE: repeated "Hijacker" detections:

>

> StopZilla is repeatedly finding two "MakeMeSearch.com" "Hijacker"

> infections and 4 "System Policies.Disable Registry" occurrences. I remove

> them, and within a few days StopZilla is again blocking & detecting these

> same infections.

> Can I assume these are real attempts to put viruses on change my registry

> to hijack my system?

>

> How do I determine where they are coming from?

>

> My wife and I both use the internet, but don't access anything other than

> legitimate commercial business sites.

>

> Any suggestion on how to find the source of these infection detections

> would be appreciated.

>

> Harris

>

> (Using XP on an e-machine. Microsoft security set at "medium.")

> </span>

 
H

Harris

Guest
"----- Original Message -----

From: "Volodymyr M. Shcherbyna" <v_scherbina@online.mvps.org>

Newsgroups: microsoft.public.security.virus

Sent: Friday, March 21, 2008 4:50 AM

Subject: Re: How to find detected "hijacker" source

<span style="color:blue">

>I would start from buying a good antivirus software, which keeps PC in safe

>on different parameters - file system filter, internet filter, MS document

>checker. I am not advertising, but for my personal needs I use Nod32, which

>is one of the best in my opinion.

>

> --

> V.</span>

V.

I do, in addition to StopZilla, run (up-to-date) AVG 7.5 "Professional

edition" anti-virus.

It has not detected these "hijacker" attacks that StopZilla has been

complaining about. (Could StopZilla be complaining about AVG updates??)

My main reason for StopZilla is to put a lid on pop-ups.

So, I am wondering if the "highjacker" detections by StopZilla are valid.

Harris

 
M

Malke

Guest
Harris wrote:

do, in addition to StopZilla, run (up-to-date) AVG 7.5 "Professional<span style="color:blue">

> edition" anti-virus.

>

> It has not detected these "hijacker" attacks that StopZilla has been

> complaining about. (Could StopZilla be complaining about AVG updates??)

>

> My main reason for StopZilla is to put a lid on pop-ups.

> So, I am wondering if the "highjacker" detections by StopZilla are valid.</span>

I already told you what I think you should do. Scan with more/better tools

than StopZilla and AVG. If you don't want to do that, then the only way to

get an answer to your question is to contact StopZilla and ask them if

you're getting false positives.

Good luck and EOT for me.

Malke

--

MS-MVP

Elephant Boy Computers

www.elephantboycomputers.com

Don't Panic!

 
H

Harris

Guest
----- Original Message -----

From: "Malke" <malke@invalid.invalid>

Newsgroups: microsoft.public.security.virus

Sent: Friday, March 21, 2008 4:24 PM

Subject: Re: How to find detected "hijacker" source

<span style="color:blue">

> Harris wrote:

> do, in addition to StopZilla, run (up-to-date) AVG 7.5 "Professional<span style="color:green">

>> edition" anti-virus.

>>

>> It has not detected these "hijacker" attacks that StopZilla has been

>> complaining about. (Could StopZilla be complaining about AVG updates??)

>>

>> My main reason for StopZilla is to put a lid on pop-ups.

>> So, I am wondering if the "highjacker" detections by StopZilla are valid.</span>

>

> I already told you what I think you should do. Scan with more/better tools

> than StopZilla and AVG. If you don't want to do that, then the only way to

> get an answer to your question is to contact StopZilla and ask them if

> you're getting false positives.

>

> Good luck and EOT for me.

>

> Malke

> --

> MS-MVP

> Elephant Boy Computers

> www.elephantboycomputers.com

> Don't Panic</span>

I'm not ignoring your advice, Malke. Still munching on the 19 pages of

suggestion, but will let you know what I find out. Thanks for taking the

time to tell me.

Harris

p.s.

I thought AVG was supposed to be good.

For sure, Norton never impressed me.

 
V

Volodymyr M. Shcherbyna

Guest
Why don't you just download a trial version of Eset Nod32 Antivirus and try

it for 30 days?

--

V.

This posting is provided "AS IS" with no warranties, and confers no

rights.

"Harris" <HarrisNM@msn.com> wrote in message

news:NYXEj.32932$TT4.14792@attbi_s22...<span style="color:blue">

> ----- Original Message -----

> From: "Malke" <malke@invalid.invalid>

> Newsgroups: microsoft.public.security.virus

> Sent: Friday, March 21, 2008 4:24 PM

> Subject: Re: How to find detected "hijacker" source

>

><span style="color:green">

>> Harris wrote:

>> do, in addition to StopZilla, run (up-to-date) AVG 7.5 "Professional<span style="color:darkred">

>>> edition" anti-virus.

>>>

>>> It has not detected these "hijacker" attacks that StopZilla has been

>>> complaining about. (Could StopZilla be complaining about AVG updates??)

>>>

>>> My main reason for StopZilla is to put a lid on pop-ups.

>>> So, I am wondering if the "highjacker" detections by StopZilla are

>>> valid.</span>

>>

>> I already told you what I think you should do. Scan with more/better

>> tools

>> than StopZilla and AVG. If you don't want to do that, then the only way

>> to

>> get an answer to your question is to contact StopZilla and ask them if

>> you're getting false positives.

>>

>> Good luck and EOT for me.

>>

>> Malke

>> --

>> MS-MVP

>> Elephant Boy Computers

>> www.elephantboycomputers.com

>> Don't Panic</span>

>

> I'm not ignoring your advice, Malke. Still munching on the 19 pages of

> suggestion, but will let you know what I find out. Thanks for taking the

> time to tell me.

>

> Harris

>

> p.s.

>

> I thought AVG was supposed to be good.

> For sure, Norton never impressed me.

>

> </span>

 
You must log in or register to reply here.
Top Bottom