My PC Is hijacked help!!!

reset your router to factory defaults, usually need a paper clip or pencil to press the button. Also be worth running spybot, adaware, ewido & then trend housecall
 
What does it say in your hosts file? If you go to Windows\System32\Drivers\Etc\ and it should be in there. Open with notepad and copy the contents here.
 
is this it?
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
127.0.0.1 www.trendmicro.com
127.0.0.1 rads.mcafee.com
127.0.0.1 customer.symantec.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 updates.symantec.com
127.0.0.1 www.nai.com
127.0.0.1 secure.nai.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 download.mcafee.com
127.0.0.1 www.my-etrust.com
127.0.0.1 mast.mcafee.com
127.0.0.1 ca.com
127.0.0.1 www.ca.com
127.0.0.1 networkassociates.com
127.0.0.1 www.networkassociates.com
127.0.0.1 avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.avp.com
127.0.0.1 downloads4.kaspersky-labs.com
127.0.0.1 downloads3.kaspersky-labs.com
127.0.0.1 downloads2.kaspersky-labs.com
127.0.0.1 downloads1.kaspersky-labs.com
127.0.0.1 www.f-secure.com
127.0.0.1 viruslist.com
127.0.0.1 www.viruslist.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.mcafee.com
127.0.0.1 sophos.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 www.symantec.com
# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
 
there are quite a few,,,,,,,,which one?

## Copyright (c) 1993-2001 Microsoft Corp.
#
# This file has been automatically generated for use by Microsoft Internet
# Connection Sharing. It contains the mappings of IP addresses to host names
# for the home network. Please do not make changes to the HOSTS.ICS file.
# Any changes may result in a loss of connectivity between machines on the
# local network.
#

#192.168.0.1 e-woc10-10-2006.mshome.net # 2012 1 6 14 14 16 2 46
 
Last edited:
That one looks well dodgy.. some virus has infected your computer and is has added host entries to stop some of the more common AV solutions from contacting their update servers.

Delete all the lines starting with 127.0.0.1 apart from the first one. Then update your AV software and run a full scan.
 
Fix the following items with HijackThis

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.138.64.147:80
O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll
O4 - HKLM\..\Run: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe
O4 - HKLM\..\RunServices: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe
O4 - HKCU\..\Run: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
Click to expand...
 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.138.64.147:80

This is why you can't access your routers admin page.. the virus has added a proxy to your internet settings, probably to log what sites you're visting.

Cheeky.. :)
 
You must log in or register to reply here.
Back
Top Bottom