Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Adware.Generic


  • Please log in to reply

#1
TxTrapper

TxTrapper

    New Member

  • Member
  • Pip
  • 1 posts
I did the required reading before posting and took appropriate actions, I hope! Everything did not go just right.

I am running Windows XP SP2 on a PowerEdge 400SC. I recently installed a firewall AVG and Zone Alarm.

Problems encountered;

1) Warning: Your computer may be infected with malicious spyware, adware of trojan object.
2) WinAntivirus pop up
3) Adware.Generic

Ewido scan in SafeMode found these but the update would not work before I ran it, and after I ran it in SafeMode the file would not save, but this is exactly what it read.

Adware.Generic
cookie.pointroll
cookie.cpvfeed
cookie.mediaplex
cookie.questionmarket
cookie.reliablestats

apply all action, fixed them all, select reports "no reports availlable"


ActiveScan;


Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\winuqw32.dll
Adware:adware/securityerror Not disinfected c:\windows\system32\ot.ico
Adware:adware/pornmagpass Not disinfected Windows Registry
Potentially unwanted tool:application/need2find Not disinfected HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TxTrapper\Desktop\VirtumundoBeGone.exe[²ƒÇ]
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{3002430C-0AE9-1033-0415-040101040001}\MyToolBar.dll
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\Common Files\{3002430C-0AE9-1033-0415-040101040001}\Uninst.exe
Possible Virus. Not disinfected C:\VundoFix Backups\gebyx.dll_bad.vir
Possible Virus. Not disinfected C:\WINDOWS\system32\gebyyyw.dll
Possible Virus. Not disinfected C:\WINDOWS\system32\jkkhfca.dll
Possible Virus. Not disinfected C:\WINDOWS\system32\opnlkkh.dll
Possible Virus. Not disinfected C:\WINDOWS\system32\pmkjh.dll.vir
Possible Virus. Not disinfected C:\WINDOWS\system32\rqrqpnk.dll.vir
Possible Virus. Not disinfected C:\WINDOWS\system32\rqrspom.dll

hijackthis;

Logfile of HijackThis v1.99.1
Scan saved at 18:18, on 06-11-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\TxTrapper\Desktop\Toolbox\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvman.dll,startup
O4 - HKLM\..\Run: [ewghcgk.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ewghcgk.dll,dmiuiv
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...indows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...indows-i586.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


thanks for the generious help,


TxTrapper
San Antonio, TX
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP