Log in

View Full Version : Really fucking bad hijacker bitch program


L33tz
2008-12-20, 01:42
Well I am fucking typing this on some wierd ass browser because the hijacker will close anywindow even aim that says the word hijacker. I think it is a hijacker because it redirects me when i clikc on links in google and closes widnow s that try to fix the problem. I got HijackThis but i can't run it. Mcafee wont run. SpybotSD wont run I tried other shit but it didn't do anythin. I tried renaming it and tried all the stuff in safe mode but it didn't do anything. I think i know what program caused this.


DO NOT Execute IT IF YOU DON't KNOW WHAT YOUR DOING
http://www.dailykeys.com/today/ultramixer_key_generator.html

that bitch. And i noticed when i try to open Hijackthis it opens the agreement thing for a sec and then closes, so there is a slight delay and shit. So please help i read about other peoples problems with Hijackers but this bitch one on my computer seems much worse then theirs. Please help/advice something.



Oh yea. side note, if you don't bother to look the .exe modifies the dll kbdhe319.dll

And By the way Msconfig does run, but it says regestry editing has been disabled by the administrator. Oh and I think it took away the whole screen to show hidden files on explorer.

Thanks.

SWATFAG
2008-12-20, 03:17
http://www.superantispyware.com/


or

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Running System Restore from the Recovery Console (well, sort of)

Serdar Yegulalp, Contributor
02.21.2006
Rating: -3.86- (out of 5)


Digg This! StumbleUpon Toolbar StumbleUpon Bookmark with Delicious Del.icio.us


One of the most commonly requested features in Windows is the ability to boot to the Recovery Console and perform a System Restore operation. There are times when it's simply not possible to boot Windows in safe mode to run System Restore, and the Recovery Console has no built-in way of running System Restore.

That being said, if you need to run System Restore to revert the system to an earlier version of the SYSTEM or SOFTWARE Registry hive, because of a corrupted Registry, it is possible to do this manually. This method is far from perfect and doesn't take into account any of the other changes that System Restore might track (such as changed .DLLs or other system components), but it will allow you to recover copies of the Registry in the event of a failure—provided they've been saved with System Restore and are available.

Here is the 12-step process:

1. Boot the Recovery Console from the Windows XP installation CD.

2. When you're at the Recovery Console command prompt, change into the root directory of the system drive with the cd command (i.e., cd \).

3. Change into the System Volume Information directory by typing cd system~1 on most machines, or cd "System Volume Information."

(The filenames with ~1 are generated by default to provide backwards compatibility with programs that only recognize 8.3-format filenames. It's possible to disable 8.3 filename generation on NTFS volumes to gain some speed, but the speed gained by doing this is generally pretty small and it can have the unintended consequence of making it impossible to use 8.3 filenames in contexts like this. If you can't use 8.3 filenames to navigate, 8.3 name generation might be disabled. See Microsoft's support document called How to Disable the 8.3 Name Creation on NTFS Partitions.

4. The System Volume Information directory contains a folder name _restore followed by a GUID in curly braces. Change into it by typing cd _resto~1; if that doesn't work you'll have to type cd "_restore{GUID_STRING}", with the full GUID string in place of GUID_STRING.

5. In the _restore directory are a group of subdirectories starting with the letters RP and followed by a number. These are the different restore points available for that volume.

6. Check the date on each directory and look for one that corresponds to a date before you began experiencing problems.

7. Change into the appropriate directory. If the directory is named RP74, for instance, change into it by typing RP74.

8. Inside that directory will be a subdirectory named snapshot; change into that directory as well (cd snapshot)

9. The snapshot directory holds backup copies of the SOFTWARE and SYSTEM Registry hives, named _REGISTRY_MACHINE_SOFTWARE and _REGISTRY_MACHINE_SYSTEM, respectively.

10. The target directory for these files is \Windows\System32\Config, and the hives there are named SOFTWARE and SYSTEM. Rather than overwrite those files entirely, you can rename them to something else. Typing ren \windows\system32\config\software \windows\system32\config\software.bak and ren \windows\system32\config\system \windows\system32\config\system.bak will rename them to software.bak and system.bak, respectively.

11. Copy in the backup hives: copy _REGISTRY_MACHINE_SOFTWARE \windows\system32\config\software and copy _REGISTRY_MACHINE_SYSTEM \windows\system32\config\system.

12. Type exit to leave the Recovery Console and restart the computer.

If you have an alternate operating system, such as a Linux live-recovery CD or another installation of Windows, that has access to the NTFS file system, you can perform the file copying from there as well, without having to struggle as much with the command line.

http://searchwindowsserver.techtarget.com/tip/0,289483,sid68_gci1167895,00.html

You really need to be careful when you start messing with the registry so be careful or you could be destroying that installation of windows.

Angry Blue Bird of Death
2008-12-20, 03:41
Just format and fresh install.

You couldn't have been too cautious if you were running a keylogger on a regular system.

L33tz
2008-12-21, 04:47
It opens the superantispyware for a few seconds then closes when the installer says spyware.

If anyone could somehow get a anti-spyware program or SUPERantispyware in a totally different language or in some way so it doesn't say spyware or hijack or anything it would be sweet. I think Virtual PC would work but i'm not gonna install that thing. If i can't fix the problem by Monday ill try that system restore thing. And If I really have to, ill format.


Thanks.

L33tz
2008-12-22, 19:35
Ok i did that restore thing swatfag said. Well thanks cause it worked. I ran superantispyware and programs are no longer shut down if they say hijacker. Registry editing was still disabled, but with some searching I used this to reenable it

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

I wonder if that would have worked before idk.

BUT Links on google still go to different places and i have this process called csrssc running i can't get rid of. I used superantispyware and it didnt get rid of it. I have a feeling this hijacker isnt gone and can come back. How can i clean things up.

THanks.

SWATFAG
2008-12-22, 20:45
http://www.spywaredoctorhelp.com/remove-csrsscexe/

L33tz
2008-12-22, 22:37
I ran hijack this deleted some very suspicious entries and ran SpybotSD scan which took 2 hours. I lloked at the stuff it deleted. It changed all the registry changes back so i can view folder options and stuff. And it deleted some programs with descriptions that fit perfectly.

Thanks for help

I won't open random cracks anymore.

R. Kelly
2008-12-23, 00:18
http://www.totse.com/community/showthread.php?t=2152741