Possible hijacking, please help!

[Guest]

Today a strange icon apeared on the start menu. It showed up on the account
of two other users on my computer but did not apear on my account.
Neither of them have installed anything lately and they didn't notice it
untill today.
This is a screenshot of the start menu it includes the icon and the hover
description-
http://img443.imageshack.us/img443/2219/untitled29es.jpg
The icon takes me to this page-
http://.kickme.to/chrissnook
The page talks about how to browse the internet and also has a software
program that alows you to add a button to the right side of the start menu.
Along with screen savers, ect..
its a pretty cheesy page and I think it may just be a dummy.
There has been talk going around on some of the tech boards, that say this
might be a hijack or even a key logger!
Does someone know about this problem and how to fix remove it?

 

[Guest]

My advice, download ccleaner, spybot search and destroy, lavasoft adware se
(free), cwshredder (becareful with the new one there is a bug (the error is
listed on this site)).
Run all of them. If they find something get rid of it (obviously). With
ccleaner don't be afraid to delete the thousands of entries.
If nothing is found look up the name of the name of the icon (roll over it)
and look it up on yahoo. there is usually a solution.

 

[Guest]

Hello groovyblues;

In addition to what Jaz mentioned;

Please ensure you are doing this under a Administrator accºunt.

Have you tried these operations running in safe mºde?
In safe mode, some of the protective services which these programs use to
ensure that they aren't removed, are not running, so they are easier to
remºve.

Update both Microsoft Antispyware and your antivirus applicªtion.

Shut down the computer and turn off the power. Wait for at least 30 seconds,
and then restart the computer in Safe mode or VGA mºde.

You can clear prefetch files by going to Start menu and Run and typing
prefetch, and then click OK.
Prefetch files are there to help programs load/open quicker but they will be
replaced in prefetch when they are used agªin.
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html

HOW TO Enable Hidden Files:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339

Open a Internet window and go to Internet Options, Delete Cookies and Temp
Files and included all offline content then also go to start and run and type
%temp% and clear that fºlder.

Run the Disk Cleanup tººl
To start the Disk Cleanup tool, click Start, click run, type cleanmgr.exe in
the Open box, and then click OK.

Empty your IE cache and your other temporary file folders, eg: c:\temp,
c:\windows\temp or C:\Documents and Settings\<name>\Local Settings\Temp (the
path to your temp folder will change depending on your name) - sometimes
programmes can be hidden in there - watch out for mysterious *.exe files or
*.dll files in those fºlders.
and c:\Documents and Settings\username\local settings\Temporary Internet
Files\Content.IE5 and delete all the files in those directories and
subdirectºries).
http://www.mvps.org/winhelp2002/delcache.htm

3) Do full deep scans with Microsoft Antispyware. Repeat scanning until a
complete scan comes through clean. Ditto with the ªntivirus.

Let us know how it works ºut.

Engel

 

[Guest]

Hey GroovyBlues

I've just been checking this site and the programs are not malicious, Its
strange why its on your system if you havent downloaded the Program
"Brander-XP" at some stage as thats whats on your system, Ive checked the
files out with antivirus and antispy scanners and all the results come back
clean,

There is a problem with the coding in the program where if it gets
uninstalled there doesnt appear to be a way to remove the File from Start
Menu as it doesnt show in the start Menu folders and all the other files
except this start menu entry.

Here's a screenshot with it on my Start Menu

http://andymanchesta.com/MSAS/StartMenu.jpg

Info Page for Brander XP:

http://andymanchesta.com/MSAS/BranderInfo.jpg

Main Menu where you can change what it displays on the start menu

http://andymanchesta.com/MSAS/Brander.jpg ( **Note The "Restore" Button


And Finally the add remove screen entry

http://andymanchesta.com/MSAS/Add-RemoveScreen.jpg


If you have it installed then its simple to remove the entry and uninstall
it , Goto Start Menu then C:\Drive, choose Program Files and open the Brander
XP folder,

Start Brander and from the menu screen press "Restore" (As shown in the
screenshot) then exit Brander and press the Unistall button which is in the
same folder or use the Add/Remove screen entry.

Next Goto the Start Menu Button and right click it, choose Properties and
then press OK and it will then be gone and the program will be uninstalled

If you do not have it installed and cannot find a folder called Brander XP
in the program files area then download it from the link on the start menu
file(Kickme.to/chrissnook) press Programs then Brander XP , open it and
extract and run the program , when it opens Press "Restore" from the menu,
Again right click the start menu and press Properties and when it opens Press
OK and then it will have been removed from the start menu list. Next
uninstall Brander using the add/remove screen (Start Menu > Control Panel >
Add/Remove Programs )

Its not a problem file but not very well made with it leaving a entry on the
start menu thats not easy to remove, It could of been installed by some
adware to promote Dell as the messages can be changed using the menu, I just
typed dell into mine to show its the same, Removing it should be easy but let
us know if you have any problems.

Regards

Andy

 

[Guest]

Noticed a mistake there, I meant to write all the other entries except this
start menu file get removed when its uninstalled also the screenshot with the
menu and Restore button is this link

http://andymanchesta.com/MSAS/Brander.jpg

The one in the original message is bringing back an error page

Andy

 

[Guest]

Hey GroovyBlues

I've just been checking this site and the programs are not malicious, Its
strange why its on your system if you havent downloaded the Program
"Brander-XP" at some stage as thats whats on your system, Ive checked the
files out with antivirus and antispy scanners and all the results come back
clean,

There is a problem with the coding in the program where if it gets
uninstalled there doesnt appear to be a way to remove the File from Start
Menu as it doesnt show in the start Menu folders and all the other files
except this start menu entry.

Here's a screenshot with it on my Start Menu

http://andymanchesta.com/MSAS/StartMenu.jpg

Info Page for Brander XP:

http://andymanchesta.com/MSAS/BranderInfo.jpg

Main Menu where you can change what it displays on the start menu

http://andymanchesta.com/MSAS/Brander.jpg ( **Note The "Restore" Button


And Finally the add remove screen entry

http://andymanchesta.com/MSAS/Add-RemoveScreen.jpg


If you have it installed then its simple to remove the entry and uninstall
it , Goto Start Menu then C:\Drive, choose Program Files and open the Brander
XP folder,

Start Brander and from the menu screen press "Restore" (As shown in the
screenshot) then exit Brander and press the Unistall button which is in the
same folder or use the Add/Remove screen entry.

Next Goto the Start Menu Button and right click it, choose Properties and
then press OK and it will then be gone and the program will be uninstalled

If you do not have it installed and cannot find a folder called Brander XP
in the program files area then download it from the link on the start menu
file(Kickme.to/chrissnook) press Programs then Brander XP , open it and
extract and run the program , when it opens Press "Restore" from the menu,
Again right click the start menu and press Properties and when it opens Press
OK and then it will have been removed from the start menu list. Next
uninstall Brander using the add/remove screen (Start Menu > Control Panel >
Add/Remove Programs )

Its not a problem file but not very well made with it leaving a entry on the
start menu thats not easy to remove, It could of been installed by some
adware to promote Dell as the messages can be changed using the menu, I just
typed dell into mine to show its the same, Removing it should be easy but let
us know if you have any problems.

Regards

Andy

I did try unistalling it but it wasn't listed under (add/remove programs).
In fact I couldn't find anything related to it, even in the hidden files.
I Finally did managed to remove it through the registry, by searching for
(chris).

Thanks you everbody for your help.

Groovy

 

[Guest]

Good work GroovyBlues !

I always avoid asking people to edit the registry as its hard to know
through messages if they are confident using regedit and it could cause
bigger problems if mistakes are made so with the program not being malicious
I thought it's best to use the program that created it to remove the entry
and then uninstall the program but its great to hear you was able to remove
it from the registry without problems,

Its strange why this is on your pc if you or other users on your system
havent downloaded it in the past ,Id never heard of it untill I saw this
topic and it needs to be configured to add the message to the start menu so
its confusing how it got there unless its being bundled with other
applications,

Thanks for letting us know you got it resolved

All The Best

Andy