Hijack When Connected From My Laptop To Dtac Via The Bluetooth On My Cell Phone

[Usermaxexpat]

Hey Guys!

I received a message that my connection was not secure and could be viewed by others when attempting to access my yahoo email. I performed a HijackThis which said the following lines are all hijacks!

O1 - Hosts: ::1 localhost

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{FCC1D93E-03FA-494C-BDC6-96CE70DC587F}: NameServer = 192.168.165.1 203.155.33.2

I deleted all lines. Disconnected from the DTAC network and performed another HijackThis scan while offline and everything appeared to be okay. However, when I connected again from my computer to the DTAC network using my bluetooth. Line 017 cam back again. This time with a different HIJACK address. I will paste below so you can see exactly what I am talking about.

O17 - HKLM\System\CCS\Services\Tcpip\..\{FCC1D93E-03FA-494C-BDC6-96CE70DC587F}: NameServer = 192.168.165.1 203.146.237.237

I contacted DTAC customer support which indicated that no one has ever reported this problem and that I will be receiving a call back from tech support. Needless to say, I never received that phone call. I know, I know...."Welcome to Thailand." :-)

All kidding aside. Can anyone tell me how eliminate this problem and how to prevent this from happening to me agian; short of switching providers? I would like to keep DTAC since they seem slightly faster then the others for downloading. Although, 15kbps isn't anything to be excited about.

Cheers!

[Fore Man]

I suggest that you subscribe to a help forum associated with malware and hijacks. I had a similar infection a few years ago and their expert counsel talked me through the process to get everything working again. There were several steps along the way and it is way too complex for anybody less than a tech to resolve. You can do irreparable damage to your system if you do something and get it wrong. These forums are free of charge and the level of assistance is amazing. Good luck.

Edited January 9, 2009 by Fore Man

[onethailand]

Hey Guys!

I received a message that my connection was not secure and could be viewed by others when attempting to access my yahoo email. I performed a HijackThis which said the following lines are all hijacks!

O1 - Hosts: ::1 localhost

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{FCC1D93E-03FA-494C-BDC6-96CE70DC587F}: NameServer = 192.168.165.1 203.155.33.2

I deleted all lines. Disconnected from the DTAC network and performed another HijackThis scan while offline and everything appeared to be okay. However, when I connected again from my computer to the DTAC network using my bluetooth. Line 017 cam back again. This time with a different HIJACK address. I will paste below so you can see exactly what I am talking about.

O17 - HKLM\System\CCS\Services\Tcpip\..\{FCC1D93E-03FA-494C-BDC6-96CE70DC587F}: NameServer = 192.168.165.1 203.146.237.237

I contacted DTAC customer support which indicated that no one has ever reported this problem and that I will be receiving a call back from tech support. Needless to say, I never received that phone call. I know, I know...."Welcome to Thailand." :-)

All kidding aside. Can anyone tell me how eliminate this problem and how to prevent this from happening to me agian; short of switching providers? I would like to keep DTAC since they seem slightly faster then the others for downloading. Although, 15kbps isn't anything to be excited about.

Cheers!

I don't know that I would call this a hijack without further info - all that appears to be happening is that the DNS servers are being assigned so that they can resolve requests for webpages.

The first one is an internal network address - 192.168 is standard. 165 may have been chosen as it is less likely to conflict with most other routers who choose 1 or 254.

The second one is either the national Thailand gateway or it belongs to CSLoxinfo - because those would normally be the DNS addresses I get through my normal connection.

So this line on its own probably doesn't mean much. As for secure connection - since I don't use Yahoo Mail, I don't know for sure - but it may simply be that the site begins with https:// - which requests a secure connection, which might not be supported properly through cellular connections, or bluetooth connections, or whatever.