Jump to content

Hijack.Application


Recommended Posts

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5002

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

31/10/2010 01:14:14

mbam-log-2010-10-31 (01-14-14).txt

Scan type: Full scan (C:\|)

Objects scanned: 279354

Time elapsed: 51 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_application (Hijacker.Application) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Hello. Firstly how dangerous are these? I clicked the first link in a result of google images for a drink, and i got redirected to some dodgy site, I left, downloaded Mbam and scanned. Found these 2. I also ran AVG / Spybot, avg found nothing, spybot some tracking cookies.

I just ran a quick scan on mbam and the hijack.application are removed apparently. Question is should I be worried? Should I run any of scans? Can't find anything about these "infections" on google really.

Link to post
Share on other sites

Hi jestyo -

Please run a Full Malwarebytes scan and see if the infection is present in any form -

Can you post back after the Full Scan -

Thank You -

Thanks for the reply, the full scan about half way through, nothing yet.

Just wanted to ask, do you have any idea what these infections are, what they do and if they are serious? I'm waiting for full mbam scan to finish and i'll reply again. Also going to run super anti spyware.

Link to post
Share on other sites

Ok Mbam fullscan and all clear. But I'm still a little concerned as to what this was and what it does... Was it malicious enough to get any passwords I may of typed into emails / online banking? Currently running super antispyware, upto an impressive 14 tracking cookies and counting

Link to post
Share on other sites

[url="hxxpwww.helpmeopen.com/?n=app&ext=dat"] is a  redirect site to [url="hxxpwww.filecure.com/lp/download/"]

As a quick response - Did you post this item on the Avast forum between the last 12 to 24 hours ??

Helpmeopen is a "search site" for finding file extensions , but it also redirects to other sites like filecure -

These may not actually be 100% Malware , but they are redirect (and the only word I can find is) scam sites wanting cash to open files -

It is best to make sure these sites are fully removed from your system - Waiting your next post -

Thank You -

Link to post
Share on other sites

[url="hxxpwww.helpmeopen.com/?n=app&ext=dat"] is a  redirect site to [url="hxxpwww.filecure.com/lp/download/"]

As a quick response - Did you post this item on the Avast forum between the last 12 to 24 hours ??

Helpmeopen is a "search site" for finding file extensions , but it also redirects to other sites like filecure -

These may not actually be 100% Malware , but they are redirect (and the only word I can find is) scam sites wanting cash to open files -

It is best to make sure these sites are fully removed from your system - Waiting your next post -

Thank You -

Hi thanks for the reply. No I didn't post on the Avast forums, only here.

As far as I'm aware they are fully removed via mbam now, as the scans are showing clear. If you think there is anything else I should run let me know. Thank you.

Link to post
Share on other sites

No problem - It is just that there was an almost identical item on their forum (with the same sites listed there) -

If the Full Scan has now shown fully clean then just be sure to update Malwarebytes every day this week and see if it returns - Hopefully not -

Also be carefull of those sites that offer to find things for free , then you get directed to an area that wants cash to fix your problem -

Thank You -

Link to post
Share on other sites

No problem - It is just that there was an almost identical item on their forum (with the same sites listed there) -

If the Full Scan has now shown fully clean then just be sure to update Malwarebytes every day this week and see if it returns - Hopefully not -

Also be carefull of those sites that offer to find things for free , then you get directed to an area that wants cash to fix your problem -

Thank You -

Just saw the thread you mentioned, and another one posted on another part of this site. Seems it has effected a few people in a short amount of time. I'm quite sure I got the problem from clicking the google image as i mentione. Searched for a drink brand, clicked the first image in the search results, 3 seconds after the pic loaded it redirected me to a chinease site that was unable to connect to, or so it said. Strange.

Just to confirm, this thing wouldn't of keylogged any passwords or anything, its simply something that redirects me to different webpages?

Link to post
Share on other sites

its simply something that redirects me to different webpages?
As far as I can find out from the web searches , plus the internal chat around here -

Help is always available if you wish to follow these instructions and have an expert check your system -

As we do not work on Malware removal or diagnostics in the general forums please follow the Blue instructions -

Please print out, read and follow What do I do now? , skipping any steps you are unable to complete.

The next step is post a New Topic Here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that

you're alerted when someone has replied to your post - Please allow at least 48 hours for a reply as the experts can get busy at times -

Also add a brief note to the experts as to your problems -

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or via This Link

Always use the ADD REPLY Tab at the bottom of the page under the QUOTE Tab when you reply -

Thank You - :)

Link to post
Share on other sites

As far as I can find out from the web searches , plus the internal chat inside here -

Hmm, I can find very little on "Hijack.Application" let alone my specific problem. I guess i'll just scan again in a few days and if it's all clear rest easy. I wonder, is there any chance it was a false positive?

Link to post
Share on other sites

Not that I can think of - The redirects are noted but can be removed , generally by Malwarebytes -

If you are at all concerned , then follow the advice in Post #9 above -

Thanks -

I noticed someone already posted in that forum you link in post#9, I added to their thread. But I will post a seperate log of my issue just so someone can confirm what it is. Thanks

Link to post
Share on other sites

PLEASE ---- Never add to a post in the Malware Removal Forum - This is classified as replying to the post -

The bosses get Very Upset if you post like that - If you read the pinned items above all topics , it will tell you who can add to posts -

Only Administrators - in charge of running the site and handling maintenance and all of the day-to-day operations.

They can be contacted at any time by PM with issues regarding the site or Malwarebytes'.

Link to post
Share on other sites

  • Staff

Fyi,

This Hijack.application Is a Redirect that was installed with some software as part of an Affiliate Scam. All this does is redirect the unknown file type window when stated would you like to go online to find a program to open this filetype. Instead of microsoft it goes to this third party site.

Cheers.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.