1
   

Hijacker points to nkvd.us

 
 
dougs
 
Reply Sun 11 Apr, 2004 10:02 pm
I am working to reclaim a friend's computer from a hijacker. Does anyone happen to know a hijacker that redirects or appends www.nkvd.us to all url entries? This one actually prevents him from being able to access the internet at all.
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 1 • Views: 2,720 • Replies: 7
No top replies

 
Monger
 
  1  
Reply Sun 11 Apr, 2004 10:13 pm
If you can get HijackThis onto the machine (it's small & should fit on a floppy), following are the sort of entries you need to fix to be able to visit other sites:

O13 - DefaultPrefix: http://www.nkvd.us/
O13 - WWW Prefix: http://www.nkvd.us/
O13 - Home Prefix: http://www.nkvd.us/
O13 - Mosaic Prefix: http://www.nkvd.us/

There will be additional problems to fix after removing those, but at least you'll be able to get to other parts of the Web again.

If you're not able to get to the machine to copy HijackThis over, let me know & I'll try to post manual fix instructions later on.

If you can run CWShredder, that might be able to fix this.


__________

HijackThis
Spybot
Ad-Aware
CWShredder
SpywareBlaster
Housecall online antivirus scan
Stinger
0 Replies
 
timberlandko
 
  1  
Reply Sun 11 Apr, 2004 10:15 pm
See This Thread,

This Tread[/b], and

This Thread.

Read through each of them first, before doing anything. Offhand, with no more information to go on than you've provided, I would guess the machine is infected with thebestse, instructions for the removal of which will be found in the above listed threads.

As Monger mentions, if the machine can't be made to access the internet, the first-shot analysis and fix tools will fit on standard floppies; download them with an uninfected machine and transfer them to the sick one.
0 Replies
 
dougs
 
  1  
Reply Sun 11 Apr, 2004 10:33 pm
Your responses...
Thanks much for your responses. I will have access to the machine tomorrow. I plan to run this to the ground and post any useful information back to this forum. Thanks again.
0 Replies
 
Monger
 
  1  
Reply Sun 11 Apr, 2004 10:43 pm
Even after fixing the url prefix hijacks I mentioned above, you still may be redirected when attempting to visit particular sites (such as the sites where spyware removal tools are downloaded from). This is typically done through modifying your "hosts" file.

Here is a discussion about the hosts file.

nkvd.us's IP is 81.211.105.25, so any line with that address is bad, but some sites possibly are being redirected to other addresses as well.

On Windows 95/98/ME the hosts file is located in the "c:\windows" directory and on Windows NT4/2000/XP/2003 in the "c:\winnt\system32\drivers\etc" directory. (A sample hosts file is supplied with Windows named "hosts.sam", located in the same directory.)

But all these hijacks will likely return after a reboot unless you hit at the source of the problem, so make sure to update & run all the removal programs mentioned, & post a hijackthis log here afterwards if need be.

Let us know how it goes. Smile
0 Replies
 
dougs
 
  1  
Reply Mon 12 Apr, 2004 05:45 pm
Cool Web
The hijacker was a variant of cool web and cws shredder did the job. Thanks much. Smile
0 Replies
 
Tomkitten
 
  1  
Reply Tue 20 Apr, 2004 01:38 pm
What i hikack this?
I have been seeing many hijackthis logs on this forum. What exactly is hijackthis, and is it something that one should have handy just i case? Confused
0 Replies
 
timberlandko
 
  1  
Reply Tue 20 Apr, 2004 01:53 pm
Tomkitten, HiJackThis is a pretty powerful analysis-and-repair tool useful in ridding computers of a variety of yuckwear. Its not a toy ... with a click of your mouse you can give yourself a machine only a full format of the root drive and total fresh full re-install of operating system and applications can revive. If you aren't familiar with how it works and what it does, and you're not comfortable with stuff like manual registry tweaking, defeating or bypassing Window's built-in safeguards, and playing around in hidden system-critical folders, its probably not something you should fool around with without guidance and advice from folks who play with it regularly.
0 Replies
 
 

Related Topics

Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
  1. Forums
  2. » Hijacker points to nkvd.us
Copyright © 2025 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.05 seconds on 05/03/2025 at 11:50:25