1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

j0r.biz and n3monap23.exe

Discussion in 'Virus & Other Malware Removal' started by WBPCWZ, Feb 1, 2005.

Thread Status:
Not open for further replies.
  1. WBPCWZ

    WBPCWZ Thread Starter

    Joined:
    Jan 26, 2005
    Messages:
    2
    We have been seeing this the last day or so at the office. When a user opens IE, they are redirected to http://j0r.biz, which displays a fake yahoo front page. The executable controlling this hijacking of IE is n3monap23.exe. It is a clever little program, it will send out TCP connect requests to 10 random IP addresses, wait 10 seconds for a connection, then kill the request and open 10 more. It also opens an ftp connection, but the destination is not listed.

    Has anyone else seen this and have you found a way to get rid of the threat?
     
  2. mjack547

    mjack547 Malware Specialist

    Joined:
    Sep 1, 2003
    Messages:
    3,181
    Welcome to TSG

    Go to http://majorgeeks.com/download3155.html and download 'Hijack This!'.

    First make a folder on your computer in my documents called Hijackthis and then Unzip it to that folder.
    Then doubleclick the Hijackthis.exe.

    Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
    Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
    so do NOT fix anything yet.

    Someone here will be happy to help you analyze the results.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/325663

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice