Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Adware.Generic

Started by TxTrapper , Nov 05 2006 06:37 PM

  • Please log in to reply

#1
TxTrapper
Posted 05 November 2006 - 06:37 PM

TxTrapper

    New Member

  • Member
  • Pip
  • 1 posts
I did the required reading before posting and took appropriate actions, I hope! Everything did not go just right.

I am running Windows XP SP2 on a PowerEdge 400SC. I recently installed a firewall AVG and Zone Alarm.

Problems encountered;

1) Warning: Your computer may be infected with malicious spyware, adware of trojan object.
2) WinAntivirus pop up
3) Adware.Generic

Ewido scan in SafeMode found these but the update would not work before I ran it, and after I ran it in SafeMode the file would not save, but this is exactly what it read.

Adware.Generic
cookie.pointroll
cookie.cpvfeed
cookie.mediaplex
cookie.questionmarket
cookie.reliablestats

apply all action, fixed them all, select reports "no reports availlable"


ActiveScan;


Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\winuqw32.dll
Adware:adware/securityerror Not disinfected c:\windows\system32\ot.ico
Adware:adware/pornmagpass Not disinfected Windows Registry
Potentially unwanted tool:application/need2find Not disinfected HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TxTrapper\Desktop\VirtumundoBeGone.exe[²ƒÇ]
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{3002430C-0AE9-1033-0415-040101040001}\MyToolBar.dll
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\Common Files\{3002430C-0AE9-1033-0415-040101040001}\Uninst.exe
Possible Virus. Not disinfected C:\VundoFix Backups\gebyx.dll_bad.vir
Possible Virus. Not disinfected C:\WINDOWS\system32\gebyyyw.dll
Possible Virus. Not disinfected C:\WINDOWS\system32\jkkhfca.dll
Possible Virus. Not disinfected C:\WINDOWS\system32\opnlkkh.dll
Possible Virus. Not disinfected C:\WINDOWS\system32\pmkjh.dll.vir
Possible Virus. Not disinfected C:\WINDOWS\system32\rqrqpnk.dll.vir
Possible Virus. Not disinfected C:\WINDOWS\system32\rqrspom.dll

hijackthis;

Logfile of HijackThis v1.99.1
Scan saved at 18:18, on 06-11-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\TxTrapper\Desktop\Toolbox\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvman.dll,startup
O4 - HKLM\..\Run: [ewghcgk.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ewghcgk.dll,dmiuiv
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...indows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...indows-i586.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


thanks for the generious help,


TxTrapper
San Antonio, TX
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP