Sign in with
Sign up | Sign in
Your question

possible hijack?

Last response: in Windows XP
Share
September 9, 2005 12:14:11 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

My machine (dell dimension 2400, winxp home ver 2002 SP1) is running
quite slow and I am trying to figure out why.

In the start up folder there is a file called 'od-stnd567.exe', and it
also has written itself to the pop-up menu under the 'start' button.

I don't know what this file is for - under it's properties information
it says that it's target is
C:\Program Files\Webdialer\od-stnd567.exe

When I google the file, I only get 5 hits, 4 of them in a foreign
language. But the english version is about someone who is trying to
resolve a hijacking situation on his computer - therefore leading me
to believe I may have a hijacking problem on my hands here.

Can't seem to find any other info regarding this file.

Could someone please help me out with this - some info or a nudge in
the right direction to get me started finding out what this is all
about and how I go about fixing it, if indeed, it needs to be fixed.

BTW, the machine uses a dsl line through the local telephone service
as it's internet connection, in case this info helps to make this sos
more clear to you.

Thanks so much for your time and expertise. It is always appreciated.

Joanne

More about : hijack

Anonymous
September 9, 2005 12:26:07 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Joanne, check out this thread. Read the third post.
http://pegestorf.dyndns.org/webdialer/thread.php?id=5


"Joanne" <jobobbuss@sbcglobal.com> wrote in message
news:e5l%23iHLtFHA.1372@TK2MSFTNGP09.phx.gbl...
> My machine (dell dimension 2400, winxp home ver 2002 SP1) is running
> quite slow and I am trying to figure out why.
>
> In the start up folder there is a file called 'od-stnd567.exe', and it
> also has written itself to the pop-up menu under the 'start' button.
>
> I don't know what this file is for - under it's properties information
> it says that it's target is
> C:\Program Files\Webdialer\od-stnd567.exe
>
> When I google the file, I only get 5 hits, 4 of them in a foreign
> language. But the english version is about someone who is trying to
> resolve a hijacking situation on his computer - therefore leading me
> to believe I may have a hijacking problem on my hands here.
>
> Can't seem to find any other info regarding this file.
>
> Could someone please help me out with this - some info or a nudge in
> the right direction to get me started finding out what this is all
> about and how I go about fixing it, if indeed, it needs to be fixed.
>
> BTW, the machine uses a dsl line through the local telephone service
> as it's internet connection, in case this info helps to make this sos
> more clear to you.
>
> Thanks so much for your time and expertise. It is always appreciated.
>
> Joanne
Anonymous
September 9, 2005 12:33:51 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

In article <e5l#iHLtFHA.1372@TK2MSFTNGP09.phx.gbl>,
jobobbuss@sbcglobal.com says...
> My machine (dell dimension 2400, winxp home ver 2002 SP1) is running
> quite slow and I am trying to figure out why.
>
> In the start up folder there is a file called 'od-stnd567.exe', and it
> also has written itself to the pop-up menu under the 'start' button.
>
> I don't know what this file is for - under it's properties information
> it says that it's target is
> C:\Program Files\Webdialer\od-stnd567.exe
>
> When I google the file, I only get 5 hits, 4 of them in a foreign
> language. But the english version is about someone who is trying to
> resolve a hijacking situation on his computer - therefore leading me
> to believe I may have a hijacking problem on my hands here.
>
> Can't seem to find any other info regarding this file.
>
> Could someone please help me out with this - some info or a nudge in
> the right direction to get me started finding out what this is all
> about and how I go about fixing it, if indeed, it needs to be fixed.
>
> BTW, the machine uses a dsl line through the local telephone service
> as it's internet connection, in case this info helps to make this sos
> more clear to you.
>
> Thanks so much for your time and expertise. It is always appreciated.

Read and follow these links as needed to fix your system:

Only download software you can validate as uncompromised - in the case
of non-vendor site you have no guarantee that the files are unmodified
or uncompromised. Anyone providing a link to a non-vendors site with a
direct download should not be trusted, the vendors sites are the safest
place to download their application.

Also, do not post HiJack log files here - there are HiJack groups for
just that purpose, not to mention all the web based forums setup for
looking at them.

Always remember - only download files from Trusted Sites.

These sites are for downloading Anti-Spyware tools, in order that I
would use them myself:

AdAwareSE can be found here:
http://www.lavasoft.de/support/download/

SpyBot Search and Destroy can be found here:
http://www.safer-networking.org/en/download/index.html

Ewido Security Suite Trial can be found here:
http://www.ewido.net/en/download/

The following are two links to Antivirus software in order that I would
use them:

You can also download Symantec Trial version of their Antivirus software
from here:
http://www.symantec.com/downloads/

Download AVG Personal Free edition from here:
http://free.grisoft.com/freeweb.php/doc/2/

These are the actual vendors sites, not some unknown or authorized no-
name site. They also don't artificially increase the hits for sites that
get paid for the amount of traffic they can generate like one poster has
admitted to in this group.

When running these application, install them, update them, then reboot
in SAFE MODE and run them again to get even more things.

If you take nothing else from this post, remember the following:

Only download files from Trusted Sites.


--

spam999free@rrohio.com
remove 999 in order to email me
Related resources
Anonymous
September 9, 2005 12:33:52 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

JoAnne -

Simply...

1 - Download AdAwareSE Personal and the latest definitions file
2 - Download SpyBot Search and Destroy and the latest definitions file
3 - Download HiJackThis

Reboot machine in Safe Mode, install AdAware and SpyBot. Apply the updated
definitions.

For AdAware simply copy the REF file to whereever you chose to install
AdAware.

For SpyBot just run the EXE file and the updates apply automatically.

Start AdAware and let it run a full system scan. Not a smart scan!

When that is complete fire up SpyBot and let it run a full scan

Run HiJack this, let it scan your system, then CAREFULLY put check boxes to
anything that looks bogus that is starting up on your system at boot. When
you have made your selections click Fix at the bottom and then close HiJack
this when it is done.

Reboot computer in Normal mode.

Things should be moving along better and any wierd startup items or popups
should be gone.

Go online and download MS AntiSpyware. Actually it is a great product, but
if you don't want an MS product then go and buy SpySweeper. Anyway, install
either MS AntiSpyware or SpySweeper and let them update and do full scans in
NORMAL boot.

That's it.

Scott
September 9, 2005 12:56:04 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Thank you all for your helpful information. I am sure I will now be
able to clean up this computer toot-sweet.

You guys made my day, and so fast, WOW, I love these forums.

Thanks again
Joanne

Joanne wrote:

>My machine (dell dimension 2400, winxp home ver 2002 SP1) is running
>quite slow and I am trying to figure out why.
>
>In the start up folder there is a file called 'od-stnd567.exe', and it
>also has written itself to the pop-up menu under the 'start' button.
>
>I don't know what this file is for - under it's properties information
>it says that it's target is
>C:\Program Files\Webdialer\od-stnd567.exe
>
>When I google the file, I only get 5 hits, 4 of them in a foreign
>language. But the english version is about someone who is trying to
>resolve a hijacking situation on his computer - therefore leading me
>to believe I may have a hijacking problem on my hands here.
>
>Can't seem to find any other info regarding this file.
>
>Could someone please help me out with this - some info or a nudge in
>the right direction to get me started finding out what this is all
>about and how I go about fixing it, if indeed, it needs to be fixed.
>
>BTW, the machine uses a dsl line through the local telephone service
>as it's internet connection, in case this info helps to make this sos
>more clear to you.
>
>Thanks so much for your time and expertise. It is always appreciated.
>
>Joanne
Anonymous
September 9, 2005 2:20:30 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Download, install, update and run all of the following.

Ad-Aware
http://www.pcbutts1.com/downloads/aawsepersonal.exe

Spybot search and destroy
http://www.pcbutts1.com/downloads/spybotsd14.exe

Ewido Security Suite Trial version
http://www.pcbutts1.com/downloads/ewidosetup.exe

Microsoft Windows AntiSpyware (Beta1)
http://www.microsoft.com/downloads/details.aspx?FamilyI...

If none of the above fixes the issue then download Hijack this, run it, save
a copy of the log file and cut and paste it back here to this group so that
I can analyze it. Ignore anyone especially the troll Leythos, who will tag
along a nonsense post to this message, who tells you to post it elsewhere. I
need to see it not them.


HijackThis
http://www.pcbutts1.com/downloads/HijackThis.zip


The authors of the above programs, with the exception of Microsoft has given
the owner of pcbutts1.com express written permission to redistribute their
software.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Joanne" <jobobbuss@sbcglobal.com> wrote in message
news:e5l%23iHLtFHA.1372@TK2MSFTNGP09.phx.gbl...
> My machine (dell dimension 2400, winxp home ver 2002 SP1) is running
> quite slow and I am trying to figure out why.
>
> In the start up folder there is a file called 'od-stnd567.exe', and it
> also has written itself to the pop-up menu under the 'start' button.
>
> I don't know what this file is for - under it's properties information
> it says that it's target is
> C:\Program Files\Webdialer\od-stnd567.exe
>
> When I google the file, I only get 5 hits, 4 of them in a foreign
> language. But the english version is about someone who is trying to
> resolve a hijacking situation on his computer - therefore leading me
> to believe I may have a hijacking problem on my hands here.
>
> Can't seem to find any other info regarding this file.
>
> Could someone please help me out with this - some info or a nudge in
> the right direction to get me started finding out what this is all
> about and how I go about fixing it, if indeed, it needs to be fixed.
>
> BTW, the machine uses a dsl line through the local telephone service
> as it's internet connection, in case this info helps to make this sos
> more clear to you.
>
> Thanks so much for your time and expertise. It is always appreciated.
>
> Joanne
Anonymous
September 9, 2005 2:28:03 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

In article <OO2Ue.4426$wk6.204@newssvr11.news.prodigy.com>, pcbutts1
@seedsv.com says...
> Download, install, update and run all of the following.

Only download software you can validate as uncompromised - in the case
of non-vendor site you have no guarantee that the files are unmodified
or uncompromised. Anyone providing a link to a non-vendors site with a
direct download should not be trusted, the vendors sites are the safest
place to download their application.

Also, do not post HiJack log files here - there are HiJack groups for
just that purpose, not to mention all the web based forums setup for
looking at them.

Always remember - only download files from Trusted Sites.

These sites are for downloading Anti-Spyware tools, in order that I
would use them myself:

AdAwareSE can be found here:
http://www.lavasoft.de/support/download/

SpyBot Search and Destroy can be found here:
http://www.safer-networking.org/en/download/index.html

Ewido Security Suite Trial can be found here:
http://www.ewido.net/en/download/

The following are two links to Antivirus software in order that I would
use them:

You can also download Symantec Trial version of their Antivirus software
from here:
http://www.symantec.com/downloads/

Download AVG Personal Free edition from here:
http://free.grisoft.com/freeweb.php/doc/2/

These are the actual vendors sites, not some unknown or authorized no-
name site. They also don't artificially increase the hits for sites that
get paid for the amount of traffic they can generate like one poster has
admitted to in this group.

When running these application, install them, update them, then reboot
in SAFE MODE and run them again to get even more things.

If you take nothing else from this post, remember the following:

Only download files from Trusted Sites.

--

spam999free@rrohio.com
remove 999 in order to email me
September 9, 2005 2:59:21 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Your warning is well taken and shall be heeded from now on. Thanks for
the invaluable tip.
Joanne
Leythos wrote:

>In article <OO2Ue.4426$wk6.204@newssvr11.news.prodigy.com>, pcbutts1
>@seedsv.com says...
>> Download, install, update and run all of the following.
>
>Only download software you can validate as uncompromised - in the case
>of non-vendor site you have no guarantee that the files are unmodified
>or uncompromised. Anyone providing a link to a non-vendors site with a
>direct download should not be trusted, the vendors sites are the safest
>place to download their application.
>
>Also, do not post HiJack log files here - there are HiJack groups for
>just that purpose, not to mention all the web based forums setup for
>looking at them.
>
>Always remember - only download files from Trusted Sites.
>
>These sites are for downloading Anti-Spyware tools, in order that I
>would use them myself:
>
>AdAwareSE can be found here:
>http://www.lavasoft.de/support/download/
>
>SpyBot Search and Destroy can be found here:
>http://www.safer-networking.org/en/download/index.html
>
>Ewido Security Suite Trial can be found here:
>http://www.ewido.net/en/download/
>
>The following are two links to Antivirus software in order that I would
>use them:
>
>You can also download Symantec Trial version of their Antivirus software
>from here:
>http://www.symantec.com/downloads/
>
>Download AVG Personal Free edition from here:
>http://free.grisoft.com/freeweb.php/doc/2/
>
>These are the actual vendors sites, not some unknown or authorized no-
>name site. They also don't artificially increase the hits for sites that
>get paid for the amount of traffic they can generate like one poster has
>admitted to in this group.
>
>When running these application, install them, update them, then reboot
>in SAFE MODE and run them again to get even more things.
>
>If you take nothing else from this post, remember the following:
>
>Only download files from Trusted Sites.
>
Anonymous
September 9, 2005 3:09:29 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

In article <#ZHw1jMtFHA.3452@TK2MSFTNGP14.phx.gbl>,
jobobbuss@sbcglobal.com says...
> Your warning is well taken and shall be heeded from now on. Thanks for
> the invaluable tip.
> Joanne

Joanne - there are a couple other things you should know about:

1) As much as possible run as a limited user account type. Windows
defaults to making the first user an Administrator type account and that
means anything you run (even by accident or without knowing it) can do
anything it wants to the computer/system.

2) Install Service Pack 2 after your system is clean

3) Install a minimum of a NAT Router between your computer and your
DSL/Cable modem, don't trust personal firewall software to do it alone -
if you misconfigure the PFS you are as exposed as if you were not using
a PFS

4) Only use IE in High-Security mode - also, switch to FireFox for your
primary browser. It's not that FireFox is perfect, but it's a LOT less
likely to get you hacked in it's default setup than IE.

5) Don't install any of the Peer-2-Peer software for file sharing or
song swapping

6) Don't fall for the "click here to close" things, use the RED X at the
upper right corner - you have a better chance to close the window
without agreeing to something you don't see

7) Never install anything you don't know where it came from and the same
is true for email attachments

Items 1,2,3,4 are the most important to follow in my opinion.

--

spam999free@rrohio.com
remove 999 in order to email me
Anonymous
September 9, 2005 4:07:39 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

In article <R74Ue.3618$LZ6.434@newssvr29.news.prodigy.net>, pcbutts1
@seedsv.com says...
> He has sent emails after to
> emails to the authors of those programs who have told him that I am trusted
> and authorized to do what I do.

They have not old me anything of the sort, and have indicated they are
looking into legal action. None of them have sent me anything that
indicates you can host their files on your site. Both SpyBot and Adaware
have specifically said you are unknown, are not a mirror, and do not
have their permission for the links you have posted.

I'm have no interest in stopping you from posting or hosting anything, I
really don't care about anything you do as long as you don't post
information that violates security norms.

If you stopped asking people to download items from your personal
website that are unknown/unverified and without any vendor considered
valid links, I would never post another thing in response to your
messages. If you continue to ask people to download vendor provided
software from your unknown/unverified site, I will continue to post the
Universal warning that everyone should know when dealing with unknown
websites and downloads.

If you don't want to see it any more - provide a website link instead if
direct files in your links, provide the vendors link information,
provide what the WORLD considers as proper methods to validate the
files.

--

spam999free@rrohio.com
remove 999 in order to email me
Anonymous
September 9, 2005 4:07:40 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

I'm with you on this, Leythos.

Tom

"Leythos" <void@nowhere.lan> wrote in message
news:MPG.1d8a9c59f0d5aa0989fb4@news-server.columbus.rr.com...
| In article <R74Ue.3618$LZ6.434@newssvr29.news.prodigy.net>, pcbutts1
| @seedsv.com says...
| > He has sent emails after to
| > emails to the authors of those programs who have told him that I am
trusted
| > and authorized to do what I do.
|
| They have not old me anything of the sort, and have indicated they are
| looking into legal action. None of them have sent me anything that
| indicates you can host their files on your site. Both SpyBot and Adaware
| have specifically said you are unknown, are not a mirror, and do not
| have their permission for the links you have posted.
|
| I'm have no interest in stopping you from posting or hosting anything, I
| really don't care about anything you do as long as you don't post
| information that violates security norms.
|
| If you stopped asking people to download items from your personal
| website that are unknown/unverified and without any vendor considered
| valid links, I would never post another thing in response to your
| messages. If you continue to ask people to download vendor provided
| software from your unknown/unverified site, I will continue to post the
| Universal warning that everyone should know when dealing with unknown
| websites and downloads.
|
| If you don't want to see it any more - provide a website link instead if
| direct files in your links, provide the vendors link information,
| provide what the WORLD considers as proper methods to validate the
| files.
|
| --
|
| spam999free@rrohio.com
| remove 999 in order to email me
September 9, 2005 4:07:40 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

>He has sent emails after to
>emails to the authors of those programs who have told him that I am trusted
>and authorized to do what I do. They have told me this. Leythos on the
other
>hand has refused to acknowledge this probably because of his >embarrassment
>at his futile efforts, so he continues to try to steer traffic away from my
>site thinking he is taking money away from me.


Leythos,
Nobody who comes here on a regular bases believed a word he said.

--
Mike Pawlak



Leythos wrote:
> In article <R74Ue.3618$LZ6.434@newssvr29.news.prodigy.net>, pcbutts1
> @seedsv.com says...
>> He has sent emails after to
>> emails to the authors of those programs who have told him that I am
>> trusted and authorized to do what I do.
>
> They have not old me anything of the sort, and have indicated they are
> looking into legal action. None of them have sent me anything that
> indicates you can host their files on your site. Both SpyBot and
> Adaware have specifically said you are unknown, are not a mirror, and
> do not have their permission for the links you have posted.
>
> I'm have no interest in stopping you from posting or hosting
> anything, I really don't care about anything you do as long as you
> don't post information that violates security norms.
>
> If you stopped asking people to download items from your personal
> website that are unknown/unverified and without any vendor considered
> valid links, I would never post another thing in response to your
> messages. If you continue to ask people to download vendor provided
> software from your unknown/unverified site, I will continue to post
> the Universal warning that everyone should know when dealing with
> unknown websites and downloads.
>
> If you don't want to see it any more - provide a website link instead
> if direct files in your links, provide the vendors link information,
> provide what the WORLD considers as proper methods to validate the
> files.
Anonymous
September 9, 2005 4:33:00 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Stop replying to my posts. If you want the op to know something respond to
them not me. Stalker.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Leythos" <void@nowhere.lan> wrote in message
news:MPG.1d8a9c59f0d5aa0989fb4@news-server.columbus.rr.com...
> In article <R74Ue.3618$LZ6.434@newssvr29.news.prodigy.net>, pcbutts1
> @seedsv.com says...
>> He has sent emails after to
>> emails to the authors of those programs who have told him that I am
>> trusted
>> and authorized to do what I do.
>
> They have not old me anything of the sort, and have indicated they are
> looking into legal action. None of them have sent me anything that
> indicates you can host their files on your site. Both SpyBot and Adaware
> have specifically said you are unknown, are not a mirror, and do not
> have their permission for the links you have posted.
>
> I'm have no interest in stopping you from posting or hosting anything, I
> really don't care about anything you do as long as you don't post
> information that violates security norms.
>
> If you stopped asking people to download items from your personal
> website that are unknown/unverified and without any vendor considered
> valid links, I would never post another thing in response to your
> messages. If you continue to ask people to download vendor provided
> software from your unknown/unverified site, I will continue to post the
> Universal warning that everyone should know when dealing with unknown
> websites and downloads.
>
> If you don't want to see it any more - provide a website link instead if
> direct files in your links, provide the vendors link information,
> provide what the WORLD considers as proper methods to validate the
> files.
>
> --
>
> spam999free@rrohio.com
> remove 999 in order to email me
Anonymous
September 9, 2005 2:29:46 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

In article <6O7Ue.2208$7D1.108@newssvr12.news.prodigy.com>, pcbutts1
@seedsv.com says...
> Here you go idiot http://128.149.220.248 I hope you do something stupid
> trying to access it so I can send them to arrest your ass.

Now that's funny: Bad Request (Invalid Hostname)

--

spam999free@rrohio.com
remove 999 in order to email me
Anonymous
September 9, 2005 2:30:37 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

In article <6O7Ue.2208$7D1.108@newssvr12.news.prodigy.com>, pcbutts1
@seedsv.com says...
> Here you go idiot http://128.149.220.248 I hope you do something stupid
> trying to access it so I can send them to arrest your ass.

Just another violation of the AUP - pretending to be another
users/companies website.

--

spam999free@rrohio.com
remove 999 in order to email me
September 9, 2005 6:00:40 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

IP is registered to NASA.gov.


"Leythos" <void@nowhere.lan> wrote in message
news:MPG.1d8b2e5c7a999863989fc7@news-server.columbus.rr.com...
> In article <6O7Ue.2208$7D1.108@newssvr12.news.prodigy.com>, pcbutts1
> @seedsv.com says...
>> Here you go idiot http://128.149.220.248 I hope you do something stupid
>> trying to access it so I can send them to arrest your ass.
>
> Just another violation of the AUP - pretending to be another
> users/companies website.
>
> --
>
> spam999free@rrohio.com
> remove 999 in order to email me
Anonymous
September 9, 2005 6:14:57 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

In article <cAgUe.710$SL.52777@twister.southeast.rr.com>,
SENDNOMAIL@hotmail.com says...
> IP is registered to NASA.gov.

LOL, we've done work for them :) 

Looks like butts would fit in with them too - he's a space cadet.

--

spam999free@rrohio.com
remove 999 in order to email me
September 9, 2005 8:21:49 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Amen!


"Leythos" <void@nowhere.lan> wrote in message
news:MPG.1d8b62e9668c9e3d989fcd@news-server.columbus.rr.com...
> In article <cAgUe.710$SL.52777@twister.southeast.rr.com>,
> SENDNOMAIL@hotmail.com says...
>> IP is registered to NASA.gov.
>
> LOL, we've done work for them :) 
>
> Looks like butts would fit in with them too - he's a space cadet.
>
> --
>
> spam999free@rrohio.com
> remove 999 in order to email me
September 9, 2005 8:23:48 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Still hung up on rear ends are you?


"pcbutts1" <pcbutts1@seedsv.com> wrote in message
news:5JhUe.1467$JN5.576@newssvr13.news.prodigy.com...

SNIP

> Leythos knows it's possible that why his stalker ass didn't say nothing.
>
> --
SNIP
!