hijacked

can anybody help me plz when i’m on the internet www.system update keeps taking over my page and trying to get me to download media tickets i cant find it anywhere when i search on my pc just keeps booting me off web? ive used avast and spybot but not coming up with anything any ideas?

Not sure what your problem is… but have you tried AdAware?

http://www.lavasoftusa.com

noo im just going to get it now but i keep getting xxx sites taking over my web pages too? not just pop ups though i get redirected grrrrrrrrrrrr

Hi,

install, update, run & fix with SPYBOT, Ad-Aware , cwshredder for pre-cleaning

if your problem persists, please post a hijackthis-Log: http://hjt.klaffke.de/en

you might want to install some automatic protection with SPYWAREblaster from javacool
use board-search, User’s FAQs or google for links :wink:

and apply all Windowsupdates, and read about proper system security below in link “VirusRemoval”

ok ive done avast spybot spyware blaster and cw shredder still not right so here is my hijack log can you help me plz :cry: ty HijackThis v1.97.7
Scan saved at 12:50:23, on 02/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\WINDOWS\System32\MSU32.exe
C:\WINDOWS\System32\wuam.exe
C:\WINDOWS\System32\wuamgrd.exe
C:\WINDOWS\System32\atbwgl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\WINDOWS\System32\Anti.exe
C:\documents and settings\angi\local settings\temp\M.exe
C:\documents and settings\angi\local settings\temp\421q.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\WINDOWS\System32\mosso.exe
C:\WINDOWS\System32\wpabaln.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\angi\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM..\Run: [Microsoft Services Unitd] MSU32.exe
O4 - HKLM..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM..\Run: [Microsoft Update Time] wuam.exe
O4 - HKLM..\Run: [Microsofts Updates] wuamgrd.exe
O4 - HKLM..\Run: [Microsoft AUT Update] MSlti32.exe
O4 - HKLM..\Run: [Microsoft System Checkup] wnetlogin.exe
O4 - HKLM..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM..\Run: [clseeusj] C:\WINDOWS\System32\atbwgl.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM..\Run: [Reg_Serveices] C:\WINDOWS\System32\Anti.exe
O4 - HKLM..\Run: [BBDial] C:\Program Files\BT Voyager 105 ADSL Modem\BT Broadband.exe
O4 - HKLM..\Run: [M] C:\documents and settings\angi\local settings\temp\M.exe
O4 - HKLM..\Run: [421q] C:\documents and settings\angi\local settings\temp\421q.exe
O4 - HKLM..\RunServices: [Microsoft Services Unitd] MSU32.exe
O4 - HKLM..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKLM..\RunServices: [Microsoft Update Time] wuam.exe
O4 - HKLM..\RunServices: [Microsofts Updates] wuamgrd.exe
O4 - HKLM..\RunServices: [Microsoft AUT Update] MSlti32.exe
O4 - HKLM..\RunServices: [Microsoft System Checkup] wnetlogin.exe
O4 - HKCU..\Run: [Microsoft AUT Update] MSlti32.exe
O4 - HKCU..\Run: [Microsoft Services Unitd] MSU32.exe
O4 - HKCU..\Run: [Microsoft Update Time] wuam.exe
O4 - HKCU..\Run: [Microsoft Update] msconfg.exe
O4 - HKCU..\Run: [Microsofts Updates] wuamgrd.exe
O4 - HKCU..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra ‘Tools’ menuitem: Windows Messenger (HKLM)
O16 - DPF: ChatSpace Full Java Client 3.1.0.245 - http://chat-a1.freeserve.com/Java/cfs31245.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O17 - HKLM\System\CCS\Services\Tcpip..{5DA049DB-90DE-427D-A006-65E4BFFB91A1}: NameServer = 194.72.9.39 194.74.65.68
O17 - HKLM\System\CS1\Services\Tcpip..{5DA049DB-90DE-427D-A006-65E4BFFB91A1}: NameServer = 194.72.9.39 194.74.65.68

hmmmm i guess nobody can help me then

Yes, of course. You are higly infected with Backdoors or …BOTs. Yyou should do what is adviced here:
http://forum.avast.com/index.php?board=4;action=display;threadid=5373

—cut—
But everybody has to decide this for themselves according to how important the security of their system & the sensitivity of their data is because:

  • some people understandably don’t really want to go to all this trouble, especially not for a machine which is only used for surfing or gaming…
  • redoing/setting up the machine again needs to be done exactly RIGHT, otherwise it’s pointless !!
    If you don’t do this properly, you might just get reinfected with e.g. a network-worm with backdoor functionalities, before you’re even finished with installing/updating Windows & all your other stuff…

A “proper” Redo/Reinstallation of the system means:
a) backup of data, ServicePacks/Windowsupdates/patches, and maybe emails, adressbooks, contacts and important settings (before you restore them, you must of course scan the backups thoroughly for viruses/backdoors etc etc)
b) FORMAT C: (or whichever is the system/windows partition)
c) Reinstall Windows WITHOUT going online
d) Apply ALL ServicePacks & important patches/windowsupdates OFFLINE, or behind a properly configured firewall (WIN XP’s firewall should suffice, if ACTIVATED!!).
That means do it before you ever connect to the internet !! Otherwise you might just get infected automatically by network worms (this happens without you even opening the browser or reading an email, just by going online)

  • Of course changing all password & generally securing your system & IE still applies (see above);
    again, you must do this while you’re still OFFLINE/before EVER going online!!
    —cut—

thanks for all your help i hope i have things sorted now fingers crossed :-*