porn site hijackings

[ascot]

i have read and followed many of the malaware posts.

seems one cant answer the threads and i understand why to many cooks would be no help, but a hindrance..

now i was looking at the logs that are posted by some of the people in trouble..

and looking at them 1 particularity" I am being hijacked tread"

after checking the sites that are show in the log posted.

 

its no wonder.unfortunately these type of links are spammed with all sorts of explodes.and traps to set to hijack a browser.as thy require you have open services available to be able to watch there flv files..like flash player and open UDP ports...allow there adds,one could filter to a point.

 

if you look at the attachments you see my filters block this..on any porn links.

ok if you want to surf them by all means go ahead.

no problem but you are exposed to many possible hijacks.or worse..

yes there is no real defense from them.If wanting to view the flicks..

 

its a risk you will run..now if i were to allow this site as"demonstrated."

in my attachments..and

i as a new user would ask or state i am being hijacked by ????

 

what can i do...

[ascot]

wininit.....ms start application. 117 k now after testing the site it changed to a exe...

or something did..

 

so i found out after scanning the drive..the Trojan app.asked to stop it as it gave the warning it was infected..so after a reboot ,guess what ?

a nice black screen,with the heading ,no booting system(drive)

ok in with the repair disk try to fix it Ms.cd. said all was and reboot still the same.

 

had i left it as was then would of been ok..but ridding the infected file stopped my booting abilities..my problem was the duel booting system was all lost..

so now in with the flash drive booting from it.scanning from it every thing was passed..looking for the file yes it was gone..winint.exe (win32sys)

ok try again.same black screen..

this left me no alternative.but to use malcuim back up image..

so to try to get my pc back on my small drive,split.

when done

reboot ,nothing!

 

keeping this sort.::

 

format all the drives, to there normal size.then ran a image

of my favorite OS.

and using the slider.(malcuim).now reinstalled 1 drive full use.and got 90% of my apps working .reinstalling the rest ..

 

a big lesson ,had i not scanned i would of been ok.??? and running

with a infected pc..

but

scanning and the Trojan application cleaned it.left me with a non boot system..

 

so what did i get out of all this besides losing my drives...

stay away from porn sites! that what i always have done.but being a Pearson trying to find out .i got this a infected PC ,by allowing the sites to play the flv files.....MY own fault!! the stupid thing was thy were only funny clips..a boy at the water fall dog greeting his master and so on..

on the same site!!

 

my wife said ,that will teach you wont it!

[ascot]

C:\Windows\System32\wininit.exe is a crucial system file. It is the second

user mode process which runs when you start Windows, after the Session

Manager, smss.exe. It is responsible for starting the service control

manager, the LSA Subsystem and the Local Session Manager. If you delete

wininit.exe, Windows cannot run.

 

ok i have done a lot of surfing looking into this file..Windows\System32\wininit

 

and one reads different options,and statements..in my case win7 it halted my booting drives.

by killing the file..

i have blocked it from accessing the net by fire wall and every thing was fine.

and clear, by the same application.

 

.before i let it be destroyed.this happened surfing naked,less protection,

on the site.

very stupid of me..by allowing the files to play..and infect my file..

 

this time because the Trojan app, rang out the warning and,killed the file .

 

this bringing the end of the drive capability to boot..

 

ok we are good now.every thing is back to normal..(re imaged) by the way this is the first time this has happened,

 

any how .what i have done is.make it a read only .the ddl file and this file..

 

ok will this protect it?

 

or can it still be changed? as in written to..?

thanks in advance

 

oh yes its called wininit ...without the exe behind it.. and the same name (ddl file)

i also copy and pasted it to a safe place.

[ascot]

any one give me a boost here? as if its a safe way to protect the file?

and will it stop rewritten to? by the net or a Trojan change it..

i dont think it will but perhaps it may?

as i understand win7 will not allow changes made to file in read only mode..

[ascot]

in my never ending quest for help,and information.. i stumbled across this site and a interesting small app

 

http://www.irongeek.com/i.php?page=security/thumbscrew-software-usb-write-blocker

 

Thumbscrew is my attempt at a poor man's USB write blocker. When used it allows you to quickly enable or disable writing to all USB mass storage devices on your Windows system.

 

i don't know as my drives are shown as read and write,symbol non red marked

 

now i wonder when booting and the make the drive non write?

read only ..

let you know later..

[markusg]

do you need help to remove malware?

do the following:

We need to create an OTL Report

 

1. Please download OTL

http://oldtimer.geekstogo.com/OTL.exe

 

2. Save it to your desktop.

3. Double click on the icon on your desktop.

4. Click the "Scan All Users" checkbox.

5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.

6. Copy and Paste the following into the textbox.

 

 

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

winlogon.exe

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

 

7. Push "scan"

8. Two reports will open, copy and paste them in a reply here:

• OTListIt.txt <-- Will be opened

• Extra.txt <-- Will be minimized

perhaps you must post in two or more parts.

[ascot]

hi well i dont know about this down load..you say download it and run it ..

what will happen? and why would i trust this app.

what will it report and to who?

my app block the download as unknown.? asking me if i should allow it..

 

i dont need a malaware protector as i have one already IOBIT360

 

i was more interested in stopping writes to my files..and wondering if i attributed them to read only would thy be safe from the net

i dont mean all of the OS but some critical files..

thanks

[markusg]

you said you have malware, it shows me running programms, drivers, services, files creates in the last month in some important folders md5 checksums off some important files and so on so i can find malware.

[ascot]

you said you have malware,

thanks for the advice..no i had them but redid my system..after testing some sites to see what would happen unguarded .reduplicate ,a new user..and some of the people that had problems.wondering what would change..

now asking for extra advice as to how and if possible to Gard critical files..

so thy cant be changed.

i have installed sand box..and running.testing more possibilities..

ok i shall take your word of honer, and i ran it ..

wow a big report

run fix whats this do?

could not find it ..or made a report? perhaps i am missing something?

 

 

any how this is some app .thank you and take no offense..from my asking..

 

its a very sharp app.shows every thing..

i copy and pasted you files to add in the box for later running..

any suggestions as to add more please advice...

ascot

[ascot]

markusg

 

first of thank you !! i am sorry if i was a big doubtful as we have had a lot of bad posts..links wise...

i downloaded this on a hunch it would be ok...and ran it may i say its a ripper of a application.shows every thing what on a system..!! this is a top tool...

 

many thanks ten times fold for the link!!

this is for me a very useful tool to find any problem... or rogue installed...or running.crook apps..

[markusg]

ok, if you need help to fix your problem, attach this logfiles, you can delete your username if wanted

[ascot]

ok many thanks ..if i run into a big problem..i shall ask...

if in the event it may happen i don't muck about ,and redo my drive..(re image)

but your offer is very nice indeed..