|
Posted by Harris on March 20, 2008, 12:15 pm
Please log in for more thread options
RE: repeated "Hijacker" detections:
StopZilla is repeatedly finding two "MakeMeSearch.com" "Hijacker" infections
and 4 "System Policies.Disable Registry" occurrences. I remove them, and
within a few days StopZilla is again blocking & detecting these same
infections.
Can I assume these are real attempts to put viruses on change my registry to
hijack my system?
How do I determine where they are coming from?
My wife and I both use the internet, but don't access anything other than
legitimate commercial business sites.
Any suggestion on how to find the source of these infection detections would
be appreciated.
Harris
(Using XP on an e-machine. Microsoft security set at "medium.")
|
|
Posted by Malke on March 20, 2008, 1:38 pm
Please log in for more thread options
Harris wrote:
> RE: repeated "Hijacker" detections:
>
> StopZilla is repeatedly finding two "MakeMeSearch.com" "Hijacker"
> infections
> and 4 "System Policies.Disable Registry" occurrences. I remove them, and
> within a few days StopZilla is again blocking & detecting these same
> infections.
> Can I assume these are real attempts to put viruses on change my registry
> to hijack my system?
>
> How do I determine where they are coming from?
>
> My wife and I both use the internet, but don't access anything other than
> legitimate commercial business sites.
>
> Any suggestion on how to find the source of these infection detections
> would be appreciated.
>
> Harris
>
> (Using XP on an e-machine. Microsoft security set at "medium.")
It sounds like something is respawning. I would do some more thorough
scanning for malware instead of relying on Stopzilla. While Stopzilla is a
legitimate antimalware program, it isn't one I use or recommend.
Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware
You can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html
When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the first link above (not here, please).
Standard disclaimer: I can't see and test your computer myself, so these are
just suggestions based on many years of being a professional computer tech;
suggestions based on what you've written. You should not take my
suggestions as a definitive diagnosis. If you can't do the work yourself
(and there is no shame in admitting this isn't your cup of tea), take the
machine to a professional computer repair shop (not your local equivalent
of BigComputerStore/GeekSquad). Please be aware that not all local shops
are skilled at removing malware and even if they are, your computer may be
so infested that Windows will need to be clean-installed. If possible, have
all your data backed up before you take the machine into a shop.
Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!
|
|
Posted by Volodymyr M. Shcherbyna on March 21, 2008, 4:50 am
Please log in for more thread options I would start from buying a good antivirus software, which keeps PC in safe
on different parameters - file system filter, internet filter, MS document
checker. I am not advertising, but for my personal needs I use Nod32, which
is one of the best in my opinion.
--
V.
This posting is provided "AS IS" with no warranties, and confers no
rights.
> RE: repeated "Hijacker" detections:
>
> StopZilla is repeatedly finding two "MakeMeSearch.com" "Hijacker"
> infections and 4 "System Policies.Disable Registry" occurrences. I remove
> them, and within a few days StopZilla is again blocking & detecting these
> same infections.
> Can I assume these are real attempts to put viruses on change my registry
> to hijack my system?
>
> How do I determine where they are coming from?
>
> My wife and I both use the internet, but don't access anything other than
> legitimate commercial business sites.
>
> Any suggestion on how to find the source of these infection detections
> would be appreciated.
>
> Harris
>
> (Using XP on an e-machine. Microsoft security set at "medium.")
>
|
|
Posted by Harris on March 21, 2008, 1:36 pm
Please log in for more thread options
"----- Original Message -----
Newsgroups: microsoft.public.security.virus
Sent: Friday, March 21, 2008 4:50 AM
Subject: Re: How to find detected "hijacker" source
>I would start from buying a good antivirus software, which keeps PC in safe
>on different parameters - file system filter, internet filter, MS document
>checker. I am not advertising, but for my personal needs I use Nod32, which
>is one of the best in my opinion.
>
> --
> V.
V.
I do, in addition to StopZilla, run (up-to-date) AVG 7.5 "Professional
edition" anti-virus.
It has not detected these "hijacker" attacks that StopZilla has been
complaining about. (Could StopZilla be complaining about AVG updates??)
My main reason for StopZilla is to put a lid on pop-ups.
So, I am wondering if the "highjacker" detections by StopZilla are valid.
Harris
|
|
Posted by Malke on March 21, 2008, 4:24 pm
Please log in for more thread options Harris wrote:
do, in addition to StopZilla, run (up-to-date) AVG 7.5 "Professional
> edition" anti-virus.
>
> It has not detected these "hijacker" attacks that StopZilla has been
> complaining about. (Could StopZilla be complaining about AVG updates??)
>
> My main reason for StopZilla is to put a lid on pop-ups.
> So, I am wondering if the "highjacker" detections by StopZilla are valid.
I already told you what I think you should do. Scan with more/better tools
than StopZilla and AVG. If you don't want to do that, then the only way to
get an answer to your question is to contact StopZilla and ask them if
you're getting false positives.
Good luck and EOT for me.
Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!
|
| Similar Threads | Posted | | browser hijacker | June 10, 2005, 5:18 am |
| About:Blank Homepage Hijacker | November 9, 2005, 3:20 am |
| Threat Detected | October 8, 2007, 8:58 pm |
| MRU Object Detected | February 10, 2008, 10:25 am |
| Sony Rootkit now detected by Symantec | November 9, 2005, 8:51 am |
| WARNING SPWARE detected on your computer - Install an antivirus or | February 3, 2006, 1:29 pm |
| tracking source of virus | December 14, 2005, 1:36 pm |
| THE > SUPER-MONEY-SOURCE < | December 22, 2005, 6:56 pm |
| Win32.Trojan.Spy.Agent.kb detected by ZoneAlarm Internet Security | May 23, 2008, 3:13 pm |
| Open Source Internet Filtering application | April 2, 2007, 4:18 pm |
|
XML Sitemap