Hijacker came to visit

[jojo]

Been having a few minor problems with my computer over the last few days.

A warning would pop up, after I've ben online for a while, saying my firewall is not on. It would disappear quite quickly and checking, my firewall seems OK.

Another rather curious one, the sequence of the entries in my favourites folder was rearranged,. Again, no big hassel, though I couldn't get them to go back.

Anyhoo, did my weekly Malwarebytes scan and found some hijackers hiding in my registry.

Needless to say, they were promptly evicted.

Not sure where they came from.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_application (Hijacker.Application) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_xmllookup (Hijacker.XMLLookup) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> No action taken.

[ken]

There are a few about Jojo. If you just browsing through eBay, it a bad site to pick them up. If you miss the scroll bar and click on the right hand side of the page, watch out.

[jojo]

Thanks Ken.

I can understand why virus writers try to cause problems on machines. That what they do. Fortunately there doesn't seem to be that many around.

But hijackers, adware and spyware would seem to need to be as stealthy as possible. They want to perform a nefarious action, presumably, for as long as possible. Yet almost always, when you get one of these, it affects performance.

With the obvious intelegence these people have I would have thought they would spend just a bit of time testing their junk.

[ken]

The worst ones now are the Flash cookies, they are much bigger than a normal tracker and they seed the smaller cookies. It pays to have a Flash cookie remover, although C Cleaner normally gets them. SAS also gets some of them. If they dont get cleaned out, they replace the small cookies as soon as they are removed.

[jojo]

Thanks ken.

Have Flashcookiescleaner.exe. www.flashcookiecleaner.com/

Run it regularly, especially since it's so fast.

In fact, I got the link here. Not sure who posted it but its great.

[ken]

I posted it Jojo, but I couldn't remember if I said anything about them seeding trackers. They are light rittle breeders.