Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SPYWARE..Plz Help


  • Please log in to reply

#1
clibm1

clibm1

    New Member

  • Member
  • Pip
  • 4 posts
i am having problems with first the myprod virus, it kept downloading the software, after following all the steps before posting this hijack log, i think i may have cleaned that up but now my browser keeps redirecting itself to websites with ads.
i use firefox and even than after a little while all of a sudden it redirects any website i have open to a weird ad site.

i am posting the hijack this log and ewido

Logfile of HijackThis v1.99.1
Scan saved at 3:28:15 PM, on 4/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\New Folder (2)\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000140.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay11...es/MsnPUpld.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\enr2l19o1.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\V2FxYXMgQWhtYWQ\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



HERE IS THE EWIDO

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:16:46 PM, 4/23/2006
+ Report-Checksum: 96B24926

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup
HKU\S-1-5-21-1343024091-920026266-839522115-500\Software\DNS -> Adware.Shorty : Cleaned with backup
HKU\S-1-5-21-1343024091-920026266-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1343024091-920026266-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup
[708] C:\WINDOWS\system32\utrfaxa.dll -> Adware.Look2Me : Error during cleaning
[836] C:\WINDOWS\system32\utrfaxa.dll -> Adware.Look2Me : Error during cleaning
:mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vhwbrnie.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vhwbrnie.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vhwbrnie.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vhwbrnie.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vhwbrnie.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vhwbrnie.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vhwbrnie.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vhwbrnie.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vhwbrnie.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vhwbrnie.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vhwbrnie.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vhwbrnie.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vhwbrnie.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vhwbrnie.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vhwbrnie.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vhwbrnie.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Administrator\My Documents\magic\82 Rare but Easy Magic Tricks\Magic Tricks\David Blaine Mega Magic.exe -> Trojan.Passview : Cleaned with backup
C:\Documents and Settings\Administrator\My Documents\magic\Louchuck's Magic Tricks Package\Magic Tricks\David Blaine Mega Magic.exe -> Trojan.Passview : Cleaned with backup
C:\iexplore.exe -> Dropper.VB.mn : Cleaned with backup
C:\Program Files\Common Files\services.exe -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\eMule\Incoming\calorie king diet & exercise diary for palm os 4.1 crack.zip/calorie king diet & exercise diary for palm os 4.1 crack.exe -> Downloader.Bagle.ai : Error during cleaning
C:\Program Files\outlook\p.zip/Setup.exe -> Worm.VB.dw : Error during cleaning
C:\Program Files\outlook\v.tmp -> Worm.VB.dw : Cleaned with backup
C:\Setup.exe -> Dropper.VB.mn : Cleaned with backup
C:\WINDOWS\keyboard11.exe -> Backdoor.VB.ary : Cleaned with backup
C:\WINDOWS\mousepad11.exe -> Hijacker.VB.mo : Cleaned with backup
C:\WINDOWS\newname11.exe -> Downloader.Adload.ae : Cleaned with backup
C:\WINDOWS\system32\ldr64.dll -> Downloader.Bagle.ah : Cleaned with backup
C:\WINDOWS\system32\rar.exe -> Dropper.VB.mn : Cleaned with backup
C:\WINDOWS\system32\setup.exe.tmp -> Downloader.VB.abh : Cleaned with backup
C:\WINDOWS\system32\winlog.exe -> Backdoor.Rbot : Cleaned with backup


::Report End

Edited by clibm1, 23 April 2006 - 01:34 PM.

  • 0

Advertisements


#2
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear clibm1, :whistling:

Welcome to the Geeks to Go forums.

We are currently studying your log. :blink:
  • 0

#3
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear clibm1, :whistling:

Can you please tell me in detail what antivirus software you are using on your computer, for example (Norton Antivirus, McAfee Antivirus, or AVG Antivirus, etc.)?

If you do have antivirus software on your computer, can you tell me if the yearly subscription on this software has expired?
  • 0

#4
clibm1

clibm1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
ty
  • 0

#5
clibm1

clibm1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
i am not using any antivirus on this computer but am thinking of installing trend micro pc cillin now
  • 0

#6
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
hold for a sec, clibm1, wait for my next post. :whistling:
  • 0

#7
clibm1

clibm1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
if i leave my browser idle for like 20 seconds

it redirects to such sites as :

http://www.looksearc.....t=craigs list

http://www.hug-edisc...s.com/muon.html

http://www.ecommerc-e.com/muon.html
  • 0

#8
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear clibm1, :whistling:

Since you have no antivirus software on your computer system, AVG makes an excellent free antivirus client, as do AntiVir or avast!.
I suggest you install and run one of these anitivirus software programs.

Please run your new antivirus software, and clean anything if finds.
*************************

Go to "My Computer", click on c:\ and then go to the "File" menu, choose New -> Folder. Name the folder "HJT" or "HijackThis" and then please move the "HijackThis.exe" executable there.

That is, please move the HijackThis.exe file from this directory, C:\Documents and Settings\Administrator\Desktop\New Folder (2) to this directory, C:\hijackthis or C:\HJT
*****************************************

Restart your computer and then please post a new HijackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps. :blink:
  • 0

#9
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear clibm1, :whistling:

(Note: Please read through these instructions a couple of times before executing the steps in this post.)

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop.
******************************

You have the Look2Me virus on your computer. I would like you to run Atri's Look2Me-Destroyer.exe fix to get rid of this Look2Me virus from your computer.

See the following link as a reference: http://www.atribune....ontent/view/28/.

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive...ib/MSWINSCK.OCX
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP