an ANTI-VIRUS PROGRAM is the SOURCE OF MY PROBLEM! >< |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
|
|
|
 Mar 26 2006, 07:04 AM
Post
#1
|
|||
|
Member  Posts: 25 OS: XP Home Edition  |
First of all, i do not know if this is a virus or adware or whatever!!!
ok well i'll just start off explaining my problem and as soon as i get reports, descriptions and results from my scanning programs, i'll post them on this thread A.S.A.P 3 or 4 days ago, a problem occured... WOW!! i THINK the main source of problem is this program called "SpywareQuake" which is ironically an anti-virus program... LOL anyway the things it does to my computer are... 1) It REPEATEDLY keeps installing itself onto my computer without my permission, everytime I uninstall it. Currently I have uninstalled this program around 30 times... It installs instantly, so there's no .exe file to open or wizard which helps me install it. It just APPEARS on my screen and tells me to buy their product after it appears... 2) An icon (which is unable to be closed) on my system tray with the name 'VIRUS ALERT' keeps flashing the signs; a red restriction circle to a green 'disabled' picture. It will also pop up with the message "Your computer is infected!" which is definitely not infected. 3) My Internet Explorer browser changed its' homepage to 'http://www.systemupdates.net/' since the program hit my computer. 4) Popups with subjects "Adult Dating" and "Play Poker ONLINE!" have continued to appear on my screen for no apparent reason - even without the presence of IE browser!! 4) Also whenever I go surf the web, Norton Anti-Virus comes up with the message, asking if i want to change my homepage. (i have the picture posted up on... hopefully) *This is the logfile of HiJackthis Logfile of HijackThis v1.99.1 Scan saved at 12:10:28 AM, on 3/27/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvctrl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\FreeMem Standard\freemem.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\TrojanHunter 4.5\THGuard.exe C:\Documents and Settings\Lonely Heart\My Documents\Installations\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl.optusnet.com.au/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.kontona.com/modules.php?name=Ne...=article&sid=40 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet F2 - REG:system.ini: Shell= O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp58E4.tmp O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing) O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe" O4 - HKCU\..\Run: [FreeMem Pro] "C:\Program Files\FreeMem Standard\freemem.exe" Startup O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ALSO, if this helps?? (This was from the log file from Norton Anti Virus) Scan results: -------------------------------------------------------------------------------- Scan Start Time3/26/2006 8:51:59 PM Scan time: 38 minutes 11 seconds Items Scanned: 221530 Registry Sections: 2045 No action required: 45 Files: 219282 Reboot required: 1 Deleted: 1 No action required: 3 Processes: 39 Terminated: 1 Batch Files: 7 Services: 151 Startup Programs: 4 Layered Service Providers: 2 Threats Remediated: 2 Details Trojan.Zlob : Quarantined Manual Scanner Risk category: Virus Click for more information about this risk : Trojan.Zlob Action taken: Quarantined Description: Affected areas: 1 Files: C:\WINDOWS\system32\ld91FA.tmp - Reboot required 1 Additional areas: Unknown - Deleted Adware.180Solutions : Removed Manual Scanner Risk category: Adware Overall Risk Impact: Medium Performance: Medium Privacy: Low Removal: High Stealth: Low Click for more information about this risk : Adware.180Solutions Action taken: Removed Description: Affected areas: 1 Files: C:\Documents and Settings\Lonely Heart\Local Settings\Temporary Internet Files\Content.IE5\WLEE8B5I\Setup[1].exe - Deleted 1 Processes: C:\Program Files\Internet Explorer\iexplore.exe - Terminated Threats Remaining: 0 ------------------------------------------------------- I don't know if this was the right thing to do, but i deleted the trojan.zlob file directly from Norton Anti Virus program. I thought this may fix the problem, but it didn't. I Also did another few things - 1) I was directed to the site http://securityresponse.symantec.com/avcen...rojan.zlob.html after I found out about the virus. I followed their steps to the very end. Especially the part about typing 'regedit' in the Start->Run. I've restarted my computer numerous times and well, here i am, complaining about it to this site  .please help me, because i dont want to reboot my computer. i got too many important things that i need to keep. I've used more than 40 gigs on my hard disk lol thanQ very much if you are able to help me ^^ William
This post has been edited by Keita: Mar 26 2006, 07:11 AM
Attached thumbnail(s)
|
||
 |
 
|
Posts in this topic
Keita an ANTI-VIRUS PROGRAM is the SOURCE OF MY PROBLEM! >< Mar 26 2006, 07:04 AM
don77 HI and welcome Keita
Please run through this Topi... Mar 26 2006, 08:11 AM Keita ok i've done everything the link told me to do... Mar 31 2006, 10:35 PM Flrman1 Hi Keita
Welcome to G2G!
I have merged your... Apr 1 2006, 10:04 AM Keita err... have you given me any other replies lately?... Apr 2 2006, 06:31 AM don77 Hi keita sorry for the confusion I wanted you to p... Apr 2 2006, 03:31 PM Keita This is my HJT thing...
Logfile of HijackThis v1.... Apr 3 2006, 04:00 AM don77 Thats what I needed to see thank you
I would hig... Apr 3 2006, 04:44 AM Keita uh.... may i ask what is active?? I haven't go... Apr 3 2006, 08:05 AM don77 Sorry Activescan Panda
Panda Activescan Apr 3 2006, 10:09 AM Keita yep sorry about the long wait don, i am doing my V... Apr 8 2006, 09:51 PM Keita hey don, i don't know if this will help you or... Apr 9 2006, 02:02 AM don77 Hi again Keita
Ad-aware is finding some reg keys ... Apr 9 2006, 06:36 AM Keita umm... don i did that before. Does that mean i hav... Apr 10 2006, 06:07 AM don77 Sorry no need to download ATF again just run it th... Apr 10 2006, 09:14 AM Keita ok i think i did everything you told me to do, exc... Apr 13 2006, 08:02 AM don77 Run ATF again that will get rid of the cookies aga... Apr 13 2006, 06:16 PM Keita Here ya go DOn11
hope it helps
Logfile of HijackT... Apr 14 2006, 02:35 AM don77 Looking good
Lets remove spybot for the moment pl... Apr 14 2006, 05:03 AM Keita okie dokie... here we are...
Logfile of HijackThi... Apr 16 2006, 10:08 PM don77 QUOTEdoes this scan mean that killbot! is actu... Apr 17 2006, 10:54 AM Keita yo don everything is working fine!!
the s... Apr 18 2006, 03:02 AM don77 Great news Keita
Please use the following sug... Apr 18 2006, 04:15 AM Keita hey Don, one more thing if it's possible...
am... Apr 21 2006, 04:26 AM
barney77 I wouldn't reinstall Limewire,
Have a look Her... Apr 21 2006, 06:59 AM  |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
1 / 718 | 25th April 2005 - 12:05 PM tim2099 started - last by TonyKlein |
|||||
|
 |
3 / 605 | 16th August 2006 - 01:54 PM Matt L started - last by Facedown98 |
||||
|
0 / 933 | 16th August 2008 - 12:34 PM iglooo101 started - last by iglooo101 |
|||||
|
0 / 147 | 17th November 2008 - 12:23 AM tory l started - last by tory l |
|||||
|
Time is now: 21st November 2009 - 02:21 PM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising