Hijacked computer problems

Discussion in 'Computer Information' started by Whodat, May 22, 2004.

  1. Whodat

    Whodat Guest

    Hello to all -

    I'm trying to help a friend out (without much luck, sadly). He
    got his computer hijacked & can't figure out how to get rid of the
    problem. Hie start page now goes to Gets sent to
    SIChttp://your-searcher.com/index.htmSIC (sic added to kill the link).
    I've done a search & found what seems to be similar complaints
    that have to do with a bunch of .exe & htm files, not all of which we
    found on his computer. We deleted the ones we could find, but I think
    there is something in the registery we need to get rid of & I can't
    find it. The advice I found is as follows:
    (run MSCONFIG and uncheck these entries all but the
    'upgrade service is there - you must use Registry Editor to delete it)
    Registry entries added:
    HKLM\Software\Microsoft\Windows\Current Version\RUN:
    Dial32 c:\windows\dl.exe
    Dial33 c:\windows\dlm.exe
    Reg32 c:\windows\reg33.exe
    Upgrade Service c:\windows\sxchost.exe

    The problem is I can't find HKLM anywhere. HKEY yes, HKLM no.
    We drilled down to the same folder in HKEY with no luck & I'm not sure
    what we would search for to find the offending files.
    Tried HijackThis, Ad-aware, CWShredder, etc. Nothing gets to
    the problem.
    Can anyone shed some light on this? Many thanks from both of
    us!
     
    Whodat, May 22, 2004
    #1
    1. Advertising

  2. Whodat

    Brad Griffis Guest

    HKLM stands for HKEY_LOCAL_MACHINE. When you use Ad Aware, etc. be sure to
    download the latest updates. After you've updated Ad Aware, anti virus,
    etc. you should reboot your system to Safe Mode. You can get into Safe Mode
    by hitting F8 repeatedly at startup (right after the BIOS screen). Once
    you're booted to safe mode you should scan the system with all those
    programs to clean out all the junk.

    Another good thing to do is to just use the "Add/Remove Programs" feature in
    Windows to get rid of as much crap as possible.

    Brad


    "Whodat" <> wrote in message
    news:...
    > Hello to all -
    >
    > I'm trying to help a friend out (without much luck, sadly). He
    > got his computer hijacked & can't figure out how to get rid of the
    > problem. Hie start page now goes to Gets sent to
    > SIChttp://your-searcher.com/index.htmSIC (sic added to kill the link).
    > I've done a search & found what seems to be similar complaints
    > that have to do with a bunch of .exe & htm files, not all of which we
    > found on his computer. We deleted the ones we could find, but I think
    > there is something in the registery we need to get rid of & I can't
    > find it. The advice I found is as follows:
    > (run MSCONFIG and uncheck these entries all but the
    > 'upgrade service is there - you must use Registry Editor to delete it)
    > Registry entries added:
    > HKLM\Software\Microsoft\Windows\Current Version\RUN:
    > Dial32 c:\windows\dl.exe
    > Dial33 c:\windows\dlm.exe
    > Reg32 c:\windows\reg33.exe
    > Upgrade Service c:\windows\sxchost.exe
    >
    > The problem is I can't find HKLM anywhere. HKEY yes, HKLM no.
    > We drilled down to the same folder in HKEY with no luck & I'm not sure
    > what we would search for to find the offending files.
    > Tried HijackThis, Ad-aware, CWShredder, etc. Nothing gets to
    > the problem.
    > Can anyone shed some light on this? Many thanks from both of
    > us!
     
    Brad Griffis, May 22, 2004
    #2
    1. Advertising

  3. Whodat

    mark mandel Guest

    "Whodat" <> wrote in message
    news:...
    > Hello to all -
    >
    > I'm trying to help a friend out (without much luck, sadly). He
    > got his computer hijacked & can't figure out how to get rid of the
    > problem. Hie start page now goes to Gets sent to
    > SIChttp://your-searcher.com/index.htmSIC (sic added to kill the link).
    > I've done a search & found what seems to be similar complaints
    > that have to do with a bunch of .exe & htm files, not all of which we
    > found on his computer. We deleted the ones we could find, but I think
    > there is something in the registery we need to get rid of & I can't
    > find it. The advice I found is as follows:
    > (run MSCONFIG and uncheck these entries all but the
    > 'upgrade service is there - you must use Registry Editor to delete it)
    > Registry entries added:
    > HKLM\Software\Microsoft\Windows\Current Version\RUN:
    > Dial32 c:\windows\dl.exe
    > Dial33 c:\windows\dlm.exe
    > Reg32 c:\windows\reg33.exe
    > Upgrade Service c:\windows\sxchost.exe
    >
    > The problem is I can't find HKLM anywhere. HKEY yes, HKLM no.
    > We drilled down to the same folder in HKEY with no luck & I'm not sure
    > what we would search for to find the offending files.
    > Tried HijackThis, Ad-aware, CWShredder, etc. Nothing gets to
    > the problem.
    > Can anyone shed some light on this? Many thanks from both of
    > us!


    Unless you have a really thorough grasp of HijackThis, you should submit it
    to an "expert's" evaluation. There's a site, www.pcguide.com where a few of
    the tech geeks could do that for you.

    Mark Mandell
     
    mark mandel, May 22, 2004
    #3
  4. Whodat

    Lloyd Jones Guest

    Download CWShredder I guarantee if it will fix it.

    LJ
     
    Lloyd Jones, May 22, 2004
    #4
  5. Whodat

    Wizard Guest

    Have you tried "add remove software"?

    Whodat wrote:
    >
    > Hello to all -
    >
    > I'm trying to help a friend out (without much luck, sadly). He
    > got his computer hijacked & can't figure out how to get rid of the
    > problem. Hie start page now goes to Gets sent to
    > SIChttp://your-searcher.com/index.htmSIC (sic added to kill the link).
    > I've done a search & found what seems to be similar complaints
    > that have to do with a bunch of .exe & htm files, not all of which we
    > found on his computer. We deleted the ones we could find, but I think
    > there is something in the registery we need to get rid of & I can't
    > find it. The advice I found is as follows:
    > (run MSCONFIG and uncheck these entries all but the
    > 'upgrade service is there - you must use Registry Editor to delete it)
    > Registry entries added:
    > HKLM\Software\Microsoft\Windows\Current Version\RUN:
    > Dial32 c:\windows\dl.exe
    > Dial33 c:\windows\dlm.exe
    > Reg32 c:\windows\reg33.exe
    > Upgrade Service c:\windows\sxchost.exe
    >
    > The problem is I can't find HKLM anywhere. HKEY yes, HKLM no.
    > We drilled down to the same folder in HKEY with no luck & I'm not sure
    > what we would search for to find the offending files.
    > Tried HijackThis, Ad-aware, CWShredder, etc. Nothing gets to
    > the problem.
    > Can anyone shed some light on this? Many thanks from both of
    > us!
     
    Wizard, May 22, 2004
    #5
  6. Whodat

    Trent© Guest

    On Sat, 22 May 2004 12:51:09 +0100, "Lloyd Jones" <@yahoo.com> wrote:

    >Download CWShredder I guarantee if it will fix it.
    >
    >LJ
    >


    He already tried it.

    What kind of guarantee were you offering? LOL

    CWS is a good program...but it won't get rid of many trojans and
    virii.


    Have a nice week...

    Trent©

    Follow Joan Rivers' example --- get pre-embalmed!
     
    Trent©, May 23, 2004
    #6
  7. Whodat

    Lloyd Jones Guest

    I guarantee if he has spyware maleware etc. it will get rid of it. Anyway
    what makes you think he defiantly has a viri Trojan? MacAfee or Norton AV
    is the best out there so if you haven't any spy I suggest you buy one of the
    Anti Virus software I listed above. I know there is a lot of people that
    don't like any Norton's products in here but NAV 2004 is very good, im sure
    some one will post some thing negative about it so carry on. :)

    LJ
     
    Lloyd Jones, May 23, 2004
    #7
  8. Whodat

    ProfGene Guest

    I had that happen and got fed up with trying to fix it so I installed Opera
    which did not get hijacked. I finally had another problem which required
    doing a recovery which did get rid of it.
    "Whodat" <> wrote in message
    news:...
    > Hello to all -
    >
    > I'm trying to help a friend out (without much luck, sadly). He
    > got his computer hijacked & can't figure out how to get rid of the
    > problem. Hie start page now goes to Gets sent to
    > SIChttp://your-searcher.com/index.htmSIC (sic added to kill the link).
    > I've done a search & found what seems to be similar complaints
    > that have to do with a bunch of .exe & htm files, not all of which we
    > found on his computer. We deleted the ones we could find, but I think
    > there is something in the registery we need to get rid of & I can't
    > find it. The advice I found is as follows:
    > (run MSCONFIG and uncheck these entries all but the
    > 'upgrade service is there - you must use Registry Editor to delete it)
    > Registry entries added:
    > HKLM\Software\Microsoft\Windows\Current Version\RUN:
    > Dial32 c:\windows\dl.exe
    > Dial33 c:\windows\dlm.exe
    > Reg32 c:\windows\reg33.exe
    > Upgrade Service c:\windows\sxchost.exe
    >
    > The problem is I can't find HKLM anywhere. HKEY yes, HKLM no.
    > We drilled down to the same folder in HKEY with no luck & I'm not sure
    > what we would search for to find the offending files.
    > Tried HijackThis, Ad-aware, CWShredder, etc. Nothing gets to
    > the problem.
    > Can anyone shed some light on this? Many thanks from both of
    > us!
     
    ProfGene, May 23, 2004
    #8
  9. Whodat

    Whodat Guest

    On Sat, 22 May 2004 04:10:43 GMT, "Brad Griffis"
    <> summoned the strength to type:

    >HKLM stands for HKEY_LOCAL_MACHINE.


    (sheepishly) Right. I knew that. D'oh! Well, then we did that
    & none of the files exist.

    When you use Ad Aware, etc. be sure to
    >download the latest updates. After you've updated Ad Aware, anti virus,
    >etc. you should reboot your system to Safe Mode. You can get into Safe Mode
    >by hitting F8 repeatedly at startup (right after the BIOS screen). Once
    >you're booted to safe mode you should scan the system with all those
    >programs to clean out all the junk.


    So we should run Ad Aware in safe mode?
    >




    >Another good thing to do is to just use the "Add/Remove Programs" feature in
    >Windows to get rid of as much crap as possible.
    >
    >Brad
    >
    >
    >"Whodat" <> wrote in message
    >news:...
    >> Hello to all -
    >>
    >> I'm trying to help a friend out (without much luck, sadly). He
    >> got his computer hijacked & can't figure out how to get rid of the
    >> problem. Hie start page now goes to Gets sent to
    >> SIChttp://your-searcher.com/index.htmSIC (sic added to kill the link).
    >> I've done a search & found what seems to be similar complaints
    >> that have to do with a bunch of .exe & htm files, not all of which we
    >> found on his computer. We deleted the ones we could find, but I think
    >> there is something in the registery we need to get rid of & I can't
    >> find it. The advice I found is as follows:
    >> (run MSCONFIG and uncheck these entries all but the
    >> 'upgrade service is there - you must use Registry Editor to delete it)
    >> Registry entries added:
    >> HKLM\Software\Microsoft\Windows\Current Version\RUN:
    >> Dial32 c:\windows\dl.exe
    >> Dial33 c:\windows\dlm.exe
    >> Reg32 c:\windows\reg33.exe
    >> Upgrade Service c:\windows\sxchost.exe
    >>
    >> The problem is I can't find HKLM anywhere. HKEY yes, HKLM no.
    >> We drilled down to the same folder in HKEY with no luck & I'm not sure
    >> what we would search for to find the offending files.
    >> Tried HijackThis, Ad-aware, CWShredder, etc. Nothing gets to
    >> the problem.
    >> Can anyone shed some light on this? Many thanks from both of
    >> us!

    >
     
    Whodat, May 23, 2004
    #9
  10. Whodat

    Whodat Guest

    On Sat, 22 May 2004 05:44:37 GMT, "mark mandel" <>
    summoned the strength to type:


    >
    >Unless you have a really thorough grasp of HijackThis, you should submit it
    >to an "expert's" evaluation. There's a site, www.pcguide.com where a few of
    >the tech geeks could do that for you.
    >
    >Mark Mandell
    >


    Thanks Mark. I'll check it out.
     
    Whodat, May 23, 2004
    #10
  11. Whodat

    Whodat Guest

    Just a follow-up:

    I managed to get it cleaned up using Hijack This & going
    through the log & start-up files to see if anything odd was in there
    and sure enough, there was a program I'd never heard of and neither
    did my friend who owned the computer. Deleted everything associated
    with it and bingo! we were done.
    Thanks again for all the help!
     
    Whodat, May 30, 2004
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dan
    Replies:
    9
    Views:
    720
  2. sligo

    hijacked!

    sligo, Nov 7, 2004, in forum: Firefox
    Replies:
    2
    Views:
    601
    Sligo
    Nov 8, 2004
  3. Motorhead Lawyer

    Atolotl hijacked my Yahoo homepage?

    Motorhead Lawyer, Jan 7, 2005, in forum: Firefox
    Replies:
    8
    Views:
    753
    John Thompson
    Jan 13, 2005
  4. dimestore

    Hijacked after update!?!?!?

    dimestore, Feb 2, 2006, in forum: Firefox
    Replies:
    7
    Views:
    609
    EarthRimRoamer
    Feb 20, 2006
  5. Arawak
    Replies:
    5
    Views:
    573
    °Mike°
    Mar 7, 2004
Loading...

Share This Page