Google hijack

  mimosa418 17:12 17 Apr 2005
Locked

When I search with google I get a lot of unwanted links to porn sites. obviously the search engine has been taken over by a hijacker. The following is a log from Hijackthis. Can anyone advise what to remove. This thread is continued on a second entry due to size.
Logfile of HijackThis v1.99.1
Scan saved at 16:41:38, on 17/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Microsoft Office\Office\OSA.EXE


C:\Program Files\Apoint2K\Apntex.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = click here

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 69.50.166.11 click here

O1 - Hosts: 69.50.166.11 google.com

O1 - Hosts: 69.50.166.11 click here


O1 - Hosts: 69.50.166.11 google.co.uk

O1 - Hosts: 69.50.166.11 click here

O1 - Hosts: 69.50.166.11 google.ca

O1 - Hosts: 69.50.166.11 click here

  Diodorus Siculus 17:16 17 Apr 2005

Search for a file called "hosts"

rename to hosts.old

Reboot and see if it works ok.

If not, click here
SpywareBlaster click here
SB click here
cws click here

  VoG II 17:21 17 Apr 2005

Keep to one thread please

click here

click here

  Diodorus Siculus 17:27 17 Apr 2005

mimosa418 - post all the logs in one thread, one posting after another as necessary.

  Nellie2 17:36 17 Apr 2005

Well you haven't posted a full log but I can see that your hosts file has been hijacked.

Download the Hoster by Toadbee from click here Unzip it to the desktop and double click on the Hoster exe. Click on the 'Restore Original Hosts' button and then exit the Hoster.

Run hijackthis again and post a fresh log... you might have picked up some malware from this, please post all of the log please

  Dan the Doctus 17:57 17 Apr 2005

I think click here may be a clue.

  mimosa418 09:06 18 Apr 2005

Many thanks for your help. Sorry for the bad posting of the log

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Alienware 17 R4 2017 review

These brilliant Lego posters show just what children's imaginations are capable of

Mac power user tips and hidden tricks

Comment réinitialiser votre PC, ordinateur portable ou tablette Windows ?