http://www.identitytheftsecrets.com/ive-been-hijacked-again The Secrets that Identity Thieves Don't Want You To Know Sun, 02 Oct 2011 22:41:06 +0000 hourly 1 http://wordpress.org/?v=3.2.1 http://www.identitytheftsecrets.com/ive-been-hijacked-again/comment-page-1#comment-519 Kevin Sat, 02 May 2009 13:19:33 +0000 http://identitytheftsecrets.com/identitytheftsecrets2/ive-been-hijacked-again#comment-519 Hey there. I just signed up for your site this morning (9:50 EST 5.2.09) and I think I can help you with this malware issue. This information involves editing the registry so be <b>very</b> careful. You'll need a couple of tools to start with. The <a href="http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx" rel="nofollow">SysInternal Suite</a> from Microsoft Technet, for one. Once you download that, run the component called "Root Kit Revealer" and identify the registy keys and files that aren't visible to Windows. Next, edit the registry to remove them, and, here's a catch that not many people are aware of: Registry keys can have permissions just like files. The regedit program can't change those permissions, but regedt32 (standard in windows, just like regedit) can. I'll bet, if you find those keys with regedit and try to delete them, you'll get an 'access denied' error, so use regedt32 to change the permissions and delete the keys. Givng "everyone" "full control" is sufficient to accomplish this process. Next, you may have to download a program called <a href="http://technet.microsoft.com/en-us/sysinternals/bb897448.aspx" rel="nofollow">regdelnull</a> to remove registry keys that have a null value. Standard tools won't touch those keys and they are frequently used to hook an operating system. At that point, you should be able to boot without the offender running, but, I'd also suggest running "procmon" from the sysinternals tools for a while to make sure that you've killed the bug completely. Procmon can affect system performance, so it's not something to run all the time, but if you want a detailed report of all the system processes, what they're doing, what ports they're opening, file paths, and command lines, it's definitely the way to go. Hope this helps. Hey there. I just signed up for your site this morning (9:50 EST 5.2.09) and I think I can help you with this malware issue.
This information involves editing the registry so be very careful.
You’ll need a couple of tools to start with. The SysInternal Suite from Microsoft Technet, for one. Once you download that, run the component called “Root Kit Revealer” and identify the registy keys and files that aren’t visible to Windows.
Next, edit the registry to remove them, and, here’s a catch that not many people are aware of: Registry keys can have permissions just like files. The regedit program can’t change those permissions, but regedt32 (standard in windows, just like regedit) can. I’ll bet, if you find those keys with regedit and try to delete them, you’ll get an ‘access denied’ error, so use regedt32 to change the permissions and delete the keys. Givng “everyone” “full control” is sufficient to accomplish this process.
Next, you may have to download a program called regdelnull to remove registry keys that have a null value. Standard tools won’t touch those keys and they are frequently used to hook an operating system.
At that point, you should be able to boot without the offender running, but, I’d also suggest running “procmon” from the sysinternals tools for a while to make sure that you’ve killed the bug completely. Procmon can affect system performance, so it’s not something to run all the time, but if you want a detailed report of all the system processes, what they’re doing, what ports they’re opening, file paths, and command lines, it’s definitely the way to go.
Hope this helps.

]]>