1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Windows Hijacked, please assist! Thank you~

Discussion in 'Windows - Virus and spyware problems' started by LuckySevn, Apr 5, 2007.

  1. LuckySevn

    LuckySevn Member

    Joined:
    Apr 5, 2007
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    Dear all,

    I'm running Win2k Pro w/ SP4. Just 2 nights ago, I noticed whenever I type in a search string on Yahoo or Google, IE would be redirected to some site completely irrelevant. I ran Spybot, cleaned up about 10 malwares including SpyMarshall and followed by HiJackThis. HJT picked up several search string redirecting keys plus a bunch of keys for TCP protocols that has IP addresses in them that I manually entered to block in my router. I removed those and the problem stopped....for an hour.

    About one hour after that, my system became SUPER SLOW. I checked it and found the CPU and memory were under 100% load. Opened process view, saw Winmngt.exe that was never there before plus 2 extra scvhost.exe with one being 22,364kb and the other being 8780kb. I immediately ended those and ran HJT again...found nothing. Then I went online looking for latest AVG and Killbox...but couldn't click on ANY links nor dl anything at all. Then I found out that the Windows Search was disabled..when I clicked on it, it doesn't even run in the process. Plus, the winmngt.exe and scvhost.exe came back again. So I opened WINNT folder looking for files that weren't there before(I didn't install anything in over a week), and found the folder "empty" with no sub folders and files, same under Explorer. Opened its Properties, it's shared as $ADMIN$, so I disabled it, but re-enabled by itself again. The desktop background setting is also disabled, can't select any wallpaper nor even move its scrollbar.

    Opened Control Panel, all icons are now on the leftside. MS Update is blocked. MS main site is blocked. And now Spybot's homepage is blocked also, can't access those sites at all. Before all this happened, my sister's system started hogging down my connection about 2 weeks ago. I ran scans on her system found nothing. But in the process I saw a file named "g0ld.exe" that can't be ended, and is not found anywhere on the system. I unplugged her LAN for the past 2 weeks while she wasn't home....now that she's back, I plugged her back in and not long after all the problems started. I already ran outta ideas, please assist anyone, much appreciated!


    Blessings
     
  2. The_Fiend

    The_Fiend Guest

    g0ld.exe is a keylogger, and a nasty one at that.
    Try starting both systems in safemode with networking options *tap F8 at startup, then choose said option*, then download avg anti spyware, update and run it, then run HijackThis on both systems, and post the logs here *be sure to note which log belongs to which computer*.
     
  3. LuckySevn

    LuckySevn Member

    Joined:
    Apr 5, 2007
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    Hi Fiend thx for the reply. I'm at work right now, will be in home in about 2 hours and I'll run those steps and paste the logs. Thx again.
     
  4. The_Fiend

    The_Fiend Guest

    By that time, i'll be at work, so it might take a bit to get a response, but there's several other folks here who can help you just as well *if not better* with this.
    In any case, good luck.
     

Share This Page