Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Fatal error! same as melissah0

Started by banbuszka , Feb 24 2008 01:32 PM

Please log in to reply

#1
banbuszka

Posted 24 February 2008 - 01:32 PM

New Member

Member
6 posts

HY
I've got the same problem as melissah0.
I have a lot of explorer window appeared like: "you need to download xy security software!" it's been drown nicely: just like a system window (except the "e" at the corner)
Star menu windows: "System performance monitor: system performance slowed down by:47%"
And simple windows: "critical warning!!!!"

And of course all of them is a hompage of a virus-defender software: like these
http://www.antispysh....com/?advid=177
http://www.winspykil...com/?advid=2654
and I've got more and more of them

Appears about in every 20 mins.

I've done the scan with the Anti-Malware
It's found 35 infected object, but the test hasen't finished yet.
I'll write down the results as soon as it's finished.

Do i have to writ down the running process? I've got a picture of it.

Attached Thumbnails

#2
banbuszka

Posted 24 February 2008 - 02:01 PM

New Member

Topic Starter
Member
6 posts

I've got the results:

Malwarebytes' Anti-Malware 1.05
Database version: 402

Scan type: Full Scan (C:\|H:\|N:\|O:\|)
Objects scanned: 255431
Time elapsed: 1 hour(s), 17 minute(s), 9 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 13
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 21

Memory Processes Infected:
c:\program files\netproject\scit.exe (Trojan.Zlob) -> No action taken.
c:\program files\netproject\scm.exe (Trojan.Zlob) -> No action taken.

Memory Modules Infected:
c:\program files\Helper\1203860476.dll (Trojan.Zlob) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{a3d76b96-30b9-4dcc-9b3d-d12e31280d29} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3d76b96-30b9-4dcc-9b3d-d12e31280d29} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> No action taken.
HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c2a1c5cb-c0ef-4689-9436-f62cca1c5383} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2a1c5cb-c0ef-4689-9436-f62cca1c5383} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\some (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\start (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\NetProject (Trojan.Zlob) -> No action taken.
C:\Program Files\Helper (Adware.BHO) -> No action taken.

Files Infected:
c:\program files\netproject\scit.exe (Trojan.Zlob) -> No action taken.
c:\program files\netproject\scm.exe (Trojan.Zlob) -> No action taken.
c:\program files\Helper\1203860476.dll (Trojan.Zlob) -> No action taken.
C:\Program Files\NetProject\ot.ico (Trojan.Zlob) -> No action taken.
C:\Program Files\NetProject\scu.exe (Trojan.Zlob) -> No action taken.
C:\Program Files\NetProject\ts.ico (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{37A42289-44CB-4D4D-BFF5-15515A87C150}\RP131\A0042338.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{37A42289-44CB-4D4D-BFF5-15515A87C150}\RP131\A0042339.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{37A42289-44CB-4D4D-BFF5-15515A87C150}\RP131\A0042340.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{37A42289-44CB-4D4D-BFF5-15515A87C150}\RP131\A0042341.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{37A42289-44CB-4D4D-BFF5-15515A87C150}\RP131\A0042342.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{37A42289-44CB-4D4D-BFF5-15515A87C150}\RP131\A0042646.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{37A42289-44CB-4D4D-BFF5-15515A87C150}\RP131\A0042647.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{37A42289-44CB-4D4D-BFF5-15515A87C150}\RP131\A0042648.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{37A42289-44CB-4D4D-BFF5-15515A87C150}\RP132\A0042670.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{37A42289-44CB-4D4D-BFF5-15515A87C150}\RP132\A0042671.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{37A42289-44CB-4D4D-BFF5-15515A87C150}\RP132\A0042672.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{37A42289-44CB-4D4D-BFF5-15515A87C150}\RP132\A0042673.exe (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{37A42289-44CB-4D4D-BFF5-15515A87C150}\RP135\A0042710.exe (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url (Rogue.Link) -> No action taken.

#3
banbuszka

Posted 24 February 2008 - 02:02 PM

New Member

Topic Starter
Member
6 posts

then what's next?

thanks anyway

#4
banbuszka

Posted 24 February 2008 - 02:15 PM

New Member

Topic Starter
Member
6 posts

is it clean for now?

no more massages, process:

Attached Thumbnails

#5
kahdah

Posted 24 February 2008 - 02:30 PM

GeekU Teacher

Retired Staff
15,822 posts

Hello banbuszka

Welcome to G2Go.

The more that you reply to your own topics the more you are overlooked.
=================
Your scan results from Mbam were not showing as you cleaned the items it says you ignored them.

For now do this :
Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

#6
banbuszka

Posted 25 February 2008 - 09:52 AM

New Member

Topic Starter
Member
6 posts

tanks, here's the text

SmitFraudFix v2.296

Scan done at 16:42:38,63, 2008. 02. 25.
Run from C:\The elder\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Balint

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Balint\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

------------and the process:

ImageName PID Threads Priority CPU Owner
Idle 0 2 0 33 Error 0x6 : The handle is invalid.
System 4 77 8 0 Error 0x5 : Access is denied.
smss.exe 612 3 11 0 NT AUTHORITY\SYSTEM
csrss.exe 680 15 13 0 NT AUTHORITY\SYSTEM
winlogon.exe 708 23 13 0 NT AUTHORITY\SYSTEM
services.exe 752 16 9 0 NT AUTHORITY\SYSTEM
lsass.exe 764 19 9 0 NT AUTHORITY\SYSTEM
ati2evxx.exe 920 4 8 0 NT AUTHORITY\SYSTEM
svchost.exe 944 17 8 0 NT AUTHORITY\SYSTEM
svchost.exe 1008 12 8 0 Error 0x5 : Access is denied.
svchost.exe 1100 80 8 0 NT AUTHORITY\SYSTEM
svchost.exe 1168 6 8 0 Error 0x5 : Access is denied.
svchost.exe 1236 15 8 0 Error 0x5 : Access is denied.
spoolsv.exe 1428 12 8 0 NT AUTHORITY\SYSTEM
AdskScSrv.exe 1604 5 8 0 NT AUTHORITY\SYSTEM
avgamsvr.exe 1632 10 8 0 NT AUTHORITY\SYSTEM
avgupsvc.exe 1660 3 8 0 NT AUTHORITY\SYSTEM
avgemc.exe 1688 9 8 0 NT AUTHORITY\SYSTEM
mdm.exe 1732 4 8 0 NT AUTHORITY\SYSTEM
raysat_3dsMax2008_32server.exe 1756 3 8 0 NT AUTHORITY\SYSTEM
PnkBstrA.exe 1808 2 8 0 NT AUTHORITY\SYSTEM
svchost.exe 1892 6 8 0 NT AUTHORITY\SYSTEM
WebCamPlusSrv.exe 2032 4 8 0 NT AUTHORITY\SYSTEM
ati2evxx.exe 432 4 8 0 SMALLBOX\Balint
explorer.exe 532 15 8 10 SMALLBOX\Balint
avgcc.exe 2068 10 8 0 SMALLBOX\Balint
alg.exe 2080 5 8 0 Error 0x5 : Access is denied.
CLI.exe 2140 17 8 0 SMALLBOX\Balint
SOUNDMAN.EXE 2160 1 8 0 SMALLBOX\Balint
qttask.exe 2172 2 8 0 SMALLBOX\Balint
jusched.exe 2972 1 8 0 SMALLBOX\Balint
ctfmon.exe 3028 1 8 0 SMALLBOX\Balint
GoogleToolbarNotifier.exe 3060 4 8 0 SMALLBOX\Balint
dna.exe 3120 4 8 0 SMALLBOX\Balint
DTProAgent.exe 3128 8 8 0 SMALLBOX\Balint
wcescomm.exe 3160 8 8 0 SMALLBOX\Balint
PCSuite.exe 3168 7 8 0 SMALLBOX\Balint
rapimgr.exe 476 6 8 0 SMALLBOX\Balint
ServiceLayer.exe 2852 13 8 0 NT AUTHORITY\SYSTEM
CLI.exe 3760 14 8 0 SMALLBOX\Balint
CLI.exe 3772 14 8 0 SMALLBOX\Balint
usnsvc.exe 2648 3 8 0 NT AUTHORITY\SYSTEM
svchost.exe 3092 8 8 0 NT AUTHORITY\SYSTEM
IEXPLORE.EXE 3864 1 8 0 SMALLBOX\Balint
WLLoginProxy.exe 684 8 8 0 SMALLBOX\Balint
NclUSBSrv.exe 3532 4 8 0 NT AUTHORITY\SYSTEM
NclRSSrv.exe 768 3 8 0 NT AUTHORITY\SYSTEM
firefox.exe 2164 14 8 0 SMALLBOX\Balint
NOTEPAD.EXE 452 1 8 0 SMALLBOX\Balint
cmd.exe 3340 1 8 0 SMALLBOX\Balint
Process.exe 2588 1 13 0 SMALLBOX\Balint

and thanks

#7
kahdah

Posted 25 February 2008 - 08:13 PM

GeekU Teacher

Retired Staff
15,822 posts

Please run a full scan again with the Mbam program and when it is done make sure that everything that it finds has a check next to it then click on remove items.
post back with the log it produces.
Thanks

#8
banbuszka

Posted 26 February 2008 - 09:41 AM

New Member

Topic Starter
Member
6 posts

hello, here're the results:

Malwarebytes' Anti-Malware 1.05
Database version: 402

Scan type: Full Scan (C:\|H:\|N:\|O:\|)
Objects scanned: 259283
Time elapsed: 1 hour(s), 18 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Process:

Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Balint>process

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]

ImageName PID Threads Priority CPU Owner
Idle 0 2 0 42 Error 0x6 : The handle is invalid.
System 4 77 8 0 Error 0x5 : Access is denied.
smss.exe 612 3 11 0 NT AUTHORITY\SYSTEM
csrss.exe 680 14 13 0 NT AUTHORITY\SYSTEM
winlogon.exe 708 24 13 0 NT AUTHORITY\SYSTEM
services.exe 752 16 9 0 NT AUTHORITY\SYSTEM
lsass.exe 764 19 9 0 NT AUTHORITY\SYSTEM
ati2evxx.exe 932 4 8 0 NT AUTHORITY\SYSTEM
svchost.exe 952 15 8 0 NT AUTHORITY\SYSTEM
svchost.exe 1008 10 8 0 Error 0x5 : Access is denied.
svchost.exe 1100 81 8 0 NT AUTHORITY\SYSTEM
svchost.exe 1152 6 8 0 Error 0x5 : Access is denied.
svchost.exe 1228 15 8 0 Error 0x5 : Access is denied.
spoolsv.exe 1436 12 8 0 NT AUTHORITY\SYSTEM
AdskScSrv.exe 1596 5 8 0 NT AUTHORITY\SYSTEM
avgamsvr.exe 1628 10 8 0 NT AUTHORITY\SYSTEM
avgupsvc.exe 1660 3 8 0 NT AUTHORITY\SYSTEM
avgemc.exe 1692 8 8 0 NT AUTHORITY\SYSTEM
mdm.exe 1736 4 8 0 NT AUTHORITY\SYSTEM
raysat_3dsMax2008_32server.exe 1752 3 8 0 NT AUTHORITY\SYSTEM
PnkBstrA.exe 1788 2 8 0 NT AUTHORITY\SYSTEM
svchost.exe 2044 5 8 0 NT AUTHORITY\SYSTEM
WebCamPlusSrv.exe 220 4 8 0 NT AUTHORITY\SYSTEM
alg.exe 1176 5 8 0 Error 0x5 : Access is denied.
ati2evxx.exe 568 4 8 0 SMALLBOX\Balint
explorer.exe 2748 15 8 0 SMALLBOX\Balint
CLI.exe 3428 16 8 0 SMALLBOX\Balint
SOUNDMAN.EXE 604 1 8 0 SMALLBOX\Balint
qttask.exe 3544 2 8 0 SMALLBOX\Balint
jusched.exe 3684 1 8 0 SMALLBOX\Balint
ctfmon.exe 3516 1 8 0 SMALLBOX\Balint
msnmsgr.exe 3712 39 8 0 SMALLBOX\Balint
GoogleToolbarNotifier.exe 2148 4 8 0 SMALLBOX\Balint
dna.exe 3716 4 8 0 SMALLBOX\Balint
DTProAgent.exe 3696 8 8 0 SMALLBOX\Balint
wcescomm.exe 3908 8 8 0 SMALLBOX\Balint
PCSuite.exe 4060 7 8 0 SMALLBOX\Balint
rapimgr.exe 3248 6 8 0 SMALLBOX\Balint
ServiceLayer.exe 2540 13 8 0 NT AUTHORITY\SYSTEM
svchost.exe 1224 8 8 0 NT AUTHORITY\SYSTEM
NclUSBSrv.exe 4068 4 8 0 NT AUTHORITY\SYSTEM
NclRSSrv.exe 2888 3 8 0 NT AUTHORITY\SYSTEM
CLI.exe 2444 14 8 0 SMALLBOX\Balint
CLI.exe 3264 14 8 0 SMALLBOX\Balint
wmplayer.exe 1952 18 8 0 SMALLBOX\Balint
mbam.exe 3708 3 8 0 SMALLBOX\Balint
usnsvc.exe 288 5 8 0 NT AUTHORITY\SYSTEM
bittorrent.exe 3148 5 8 0 SMALLBOX\Balint
WCESMgr.exe 3480 7 8 0 SMALLBOX\Balint
notepad.exe 2820 1 8 0 SMALLBOX\Balint
firefox.exe 640 13 8 0 SMALLBOX\Balint
cmd.exe 3024 1 8 0 SMALLBOX\Balint
Process.exe 1824 1 13 0 SMALLBOX\Balint

C:\Documents and Settings\Balint>

#9
kahdah

Posted 26 February 2008 - 08:25 PM

GeekU Teacher

Retired Staff
15,822 posts

Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.