How to find detected "hijacker" source

H

Harris

RE: repeated "Hijacker" detections:

StopZilla is repeatedly finding two "MakeMeSearch.com" "Hijacker" infections
and 4 "System Policies.Disable Registry" occurrences. I remove them, and
within a few days StopZilla is again blocking & detecting these same
infections.
Can I assume these are real attempts to put viruses on change my registry to
hijack my system?

How do I determine where they are coming from?

My wife and I both use the internet, but don't access anything other than
legitimate commercial business sites.

Any suggestion on how to find the source of these infection detections would
be appreciated.

Harris

(Using XP on an e-machine. Microsoft security set at "medium.")
 
M

Malke

Harris wrote:

> RE: repeated "Hijacker" detections:
>
> StopZilla is repeatedly finding two "MakeMeSearch.com" "Hijacker"
> infections
> and 4 "System Policies.Disable Registry" occurrences. I remove them, and
> within a few days StopZilla is again blocking & detecting these same
> infections.
> Can I assume these are real attempts to put viruses on change my registry
> to hijack my system?
>
> How do I determine where they are coming from?
>
> My wife and I both use the internet, but don't access anything other than
> legitimate commercial business sites.
>
> Any suggestion on how to find the source of these infection detections
> would be appreciated.
>
> Harris
>
> (Using XP on an e-machine. Microsoft security set at "medium.")


It sounds like something is respawning. I would do some more thorough
scanning for malware instead of relying on Stopzilla. While Stopzilla is a
legitimate antimalware program, it isn't one I use or recommend.

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

You can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the first link above (not here, please).

Standard disclaimer: I can't see and test your computer myself, so these are
just suggestions based on many years of being a professional computer tech
suggestions based on what you've written. You should not take my
suggestions as a definitive diagnosis. If you can't do the work yourself
(and there is no shame in admitting this isn't your cup of tea), take the
machine to a professional computer repair shop (not your local equivalent
of BigComputerStore/GeekSquad). Please be aware that not all local shops
are skilled at removing malware and even if they are, your computer may be
so infested that Windows will need to be clean-installed. If possible, have
all your data backed up before you take the machine into a shop.

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!
 
V

Volodymyr M. Shcherbyna

I would start from buying a good antivirus software, which keeps PC in safe
on different parameters - file system filter, internet filter, MS document
checker. I am not advertising, but for my personal needs I use Nod32, which
is one of the best in my opinion.

--
V.
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Harris" <HarrisNM@msn.com> wrote in message
news:c4wEj.84319$yE1.47518@attbi_s21...
> RE: repeated "Hijacker" detections:
>
> StopZilla is repeatedly finding two "MakeMeSearch.com" "Hijacker"
> infections and 4 "System Policies.Disable Registry" occurrences. I remove
> them, and within a few days StopZilla is again blocking & detecting these
> same infections.
> Can I assume these are real attempts to put viruses on change my registry
> to hijack my system?
>
> How do I determine where they are coming from?
>
> My wife and I both use the internet, but don't access anything other than
> legitimate commercial business sites.
>
> Any suggestion on how to find the source of these infection detections
> would be appreciated.
>
> Harris
>
> (Using XP on an e-machine. Microsoft security set at "medium.")
>
 
H

Harris

"----- Original Message -----
From: "Volodymyr M. Shcherbyna" <v_scherbina@online.mvps.org>
Newsgroups: microsoft.public.security.virus
Sent: Friday, March 21, 2008 4:50 AM
Subject: Re: How to find detected "hijacker" source


>I would start from buying a good antivirus software, which keeps PC in safe
>on different parameters - file system filter, internet filter, MS document
>checker. I am not advertising, but for my personal needs I use Nod32, which
>is one of the best in my opinion.
>
> --
> V.


V.
I do, in addition to StopZilla, run (up-to-date) AVG 7.5 "Professional
edition" anti-virus.

It has not detected these "hijacker" attacks that StopZilla has been
complaining about. (Could StopZilla be complaining about AVG updates??)

My main reason for StopZilla is to put a lid on pop-ups.
So, I am wondering if the "highjacker" detections by StopZilla are valid.

Harris
 
M

Malke

Harris wrote:
do, in addition to StopZilla, run (up-to-date) AVG 7.5 "Professional
> edition" anti-virus.
>
> It has not detected these "hijacker" attacks that StopZilla has been
> complaining about. (Could StopZilla be complaining about AVG updates??)
>
> My main reason for StopZilla is to put a lid on pop-ups.
> So, I am wondering if the "highjacker" detections by StopZilla are valid.


I already told you what I think you should do. Scan with more/better tools
than StopZilla and AVG. If you don't want to do that, then the only way to
get an answer to your question is to contact StopZilla and ask them if
you're getting false positives.

Good luck and EOT for me.

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!
 
H

Harris

----- Original Message -----
From: "Malke" <malke@invalid.invalid>
Newsgroups: microsoft.public.security.virus
Sent: Friday, March 21, 2008 4:24 PM
Subject: Re: How to find detected "hijacker" source


> Harris wrote:
> do, in addition to StopZilla, run (up-to-date) AVG 7.5 "Professional
>> edition" anti-virus.
>>
>> It has not detected these "hijacker" attacks that StopZilla has been
>> complaining about. (Could StopZilla be complaining about AVG updates??)
>>
>> My main reason for StopZilla is to put a lid on pop-ups.
>> So, I am wondering if the "highjacker" detections by StopZilla are valid.

>
> I already told you what I think you should do. Scan with more/better tools
> than StopZilla and AVG. If you don't want to do that, then the only way to
> get an answer to your question is to contact StopZilla and ask them if
> you're getting false positives.
>
> Good luck and EOT for me.
>
> Malke
> --
> MS-MVP
> Elephant Boy Computers
> www.elephantboycomputers.com
> Don't Panic


I'm not ignoring your advice, Malke. Still munching on the 19 pages of
suggestion, but will let you know what I find out. Thanks for taking the
time to tell me.

Harris

p.s.

I thought AVG was supposed to be good.
For sure, Norton never impressed me.
 
V

Volodymyr M. Shcherbyna

Why don't you just download a trial version of Eset Nod32 Antivirus and try
it for 30 days?

--
V.
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Harris" <HarrisNM@msn.com> wrote in message
news:NYXEj.32932$TT4.14792@attbi_s22...
> ----- Original Message -----
> From: "Malke" <malke@invalid.invalid>
> Newsgroups: microsoft.public.security.virus
> Sent: Friday, March 21, 2008 4:24 PM
> Subject: Re: How to find detected "hijacker" source
>
>
>> Harris wrote:
>> do, in addition to StopZilla, run (up-to-date) AVG 7.5 "Professional
>>> edition" anti-virus.
>>>
>>> It has not detected these "hijacker" attacks that StopZilla has been
>>> complaining about. (Could StopZilla be complaining about AVG updates??)
>>>
>>> My main reason for StopZilla is to put a lid on pop-ups.
>>> So, I am wondering if the "highjacker" detections by StopZilla are
>>> valid.

>>
>> I already told you what I think you should do. Scan with more/better
>> tools
>> than StopZilla and AVG. If you don't want to do that, then the only way
>> to
>> get an answer to your question is to contact StopZilla and ask them if
>> you're getting false positives.
>>
>> Good luck and EOT for me.
>>
>> Malke
>> --
>> MS-MVP
>> Elephant Boy Computers
>> www.elephantboycomputers.com
>> Don't Panic

>
> I'm not ignoring your advice, Malke. Still munching on the 19 pages of
> suggestion, but will let you know what I find out. Thanks for taking the
> time to tell me.
>
> Harris
>
> p.s.
>
> I thought AVG was supposed to be good.
> For sure, Norton never impressed me.
>
>
 
Back
Top Bottom