Usermaxexpat Posted January 9, 2009 Share Posted January 9, 2009 Hey Guys! I received a message that my connection was not secure and could be viewed by others when attempting to access my yahoo email. I performed a HijackThis which said the following lines are all hijacks! O1 - Hosts: ::1 localhost O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{FCC1D93E-03FA-494C-BDC6-96CE70DC587F}: NameServer = 192.168.165.1 203.155.33.2 I deleted all lines. Disconnected from the DTAC network and performed another HijackThis scan while offline and everything appeared to be okay. However, when I connected again from my computer to the DTAC network using my bluetooth. Line 017 cam back again. This time with a different HIJACK address. I will paste below so you can see exactly what I am talking about. O17 - HKLM\System\CCS\Services\Tcpip\..\{FCC1D93E-03FA-494C-BDC6-96CE70DC587F}: NameServer = 192.168.165.1 203.146.237.237 I contacted DTAC customer support which indicated that no one has ever reported this problem and that I will be receiving a call back from tech support. Needless to say, I never received that phone call. I know, I know...."Welcome to Thailand." :-) All kidding aside. Can anyone tell me how eliminate this problem and how to prevent this from happening to me agian; short of switching providers? I would like to keep DTAC since they seem slightly faster then the others for downloading. Although, 15kbps isn't anything to be excited about. Cheers! Link to comment Share on other sites More sharing options...
Fore Man Posted January 9, 2009 Share Posted January 9, 2009 (edited) I suggest that you subscribe to a help forum associated with malware and hijacks. I had a similar infection a few years ago and their expert counsel talked me through the process to get everything working again. There were several steps along the way and it is way too complex for anybody less than a tech to resolve. You can do irreparable damage to your system if you do something and get it wrong. These forums are free of charge and the level of assistance is amazing. Good luck. Edited January 9, 2009 by Fore Man Link to comment Share on other sites More sharing options...
onethailand Posted January 9, 2009 Share Posted January 9, 2009 Hey Guys! I received a message that my connection was not secure and could be viewed by others when attempting to access my yahoo email. I performed a HijackThis which said the following lines are all hijacks! O1 - Hosts: ::1 localhost O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{FCC1D93E-03FA-494C-BDC6-96CE70DC587F}: NameServer = 192.168.165.1 203.155.33.2 I deleted all lines. Disconnected from the DTAC network and performed another HijackThis scan while offline and everything appeared to be okay. However, when I connected again from my computer to the DTAC network using my bluetooth. Line 017 cam back again. This time with a different HIJACK address. I will paste below so you can see exactly what I am talking about. O17 - HKLM\System\CCS\Services\Tcpip\..\{FCC1D93E-03FA-494C-BDC6-96CE70DC587F}: NameServer = 192.168.165.1 203.146.237.237 I contacted DTAC customer support which indicated that no one has ever reported this problem and that I will be receiving a call back from tech support. Needless to say, I never received that phone call. I know, I know...."Welcome to Thailand." :-) All kidding aside. Can anyone tell me how eliminate this problem and how to prevent this from happening to me agian; short of switching providers? I would like to keep DTAC since they seem slightly faster then the others for downloading. Although, 15kbps isn't anything to be excited about. Cheers! I don't know that I would call this a hijack without further info - all that appears to be happening is that the DNS servers are being assigned so that they can resolve requests for webpages. The first one is an internal network address - 192.168 is standard. 165 may have been chosen as it is less likely to conflict with most other routers who choose 1 or 254. The second one is either the national Thailand gateway or it belongs to CSLoxinfo - because those would normally be the DNS addresses I get through my normal connection. So this line on its own probably doesn't mean much. As for secure connection - since I don't use Yahoo Mail, I don't know for sure - but it may simply be that the site begins with https:// - which requests a secure connection, which might not be supported properly through cellular connections, or bluetooth connections, or whatever. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now