Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Attacked by browser hijackers,Pls help me

Started by sameer , Apr 23 2005 01:09 AM

  • This topic is locked This topic is locked

#1
sameer
Posted 23 April 2005 - 01:09 AM

sameer

    New Member

  • Member
  • Pip
  • 1 posts
Respected team members and dear friends,since last week browser hijackers have taken complete control of my pc which is very irritating and frustrated,My 8 year daughter is a frequent user of the pc and it is really disgusting at time when the visited websites are been redirected to some stupid [bleep] sites and many other silly sites...As per instruction of how to post the logfile of Ad-aware i am doing the same ,While posting this topic I've been attacked like 20 times by this browser hijacking... :tazz: Hope you people will help me as soon as Possible ...thanks


The logfile as follows:


Ad-Aware SE Build 1.05
Logfile Created on:Saturday, April 23, 2005 12:00:45 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt(TAC index:3):1 total references
Tracking Cookie(TAC index:3):20 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R8 13.09.2004
Internal build : 12
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 344723 Bytes
Total size : 1092481 Bytes
Signature data size : 1068971 Bytes
Reference data size : 22998 Bytes
Signatures total : 30122
Fingerprints total : 154
Fingerprints size : 7129 Bytes
Target categories : 15
Target families : 560

4-23-2005 11:54:20 AM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650


4-23-2005 11:55:09 AM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:5 %
Total physical memory:129484 kb
Available physical memory:6264 kb
Total page file size:1104352 kb
Available on page file:988260 kb
Total virtual memory:2093056 kb
Available virtual memory:2044928 kb
OS:Microsoft Windows Millennium Edition

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


4-23-2005 12:00:45 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL
Command Line : n/a
ProcessID : 4279202951
Threads : 8
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE
Command Line : n/a
ProcessID : 4294952635
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE
Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE
ProcessID : 4294945883
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE

#:4 [MSTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE
Command Line : mstask.exe
ProcessID : 4294863707
Threads : 3
Priority : Normal
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:5 [NAVAPW32.EXE]
ModuleName : C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
Command Line : "C:\PROGRAM FILES\Norton AntiVirus\NAVAPW32.EXE"
ProcessID : 4294846771
Threads : 6
Priority : Normal
FileVersion : 5.3.0.25
ProductVersion : 5.3.0.25
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © Symantec Corporation 1991-1998
OriginalFilename : NAVAPW32.DLL

#:6 [KB891711.EXE]
ModuleName : C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
Command Line : n/a
ProcessID : 4294876767
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows KB891711 component
InternalName : KB891711
LegalCopyright : Copyright © Microsoft Corp. 1991-2005
OriginalFilename : KB891711.EXE

#:7 [mmtask.tsk]
ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk
Command Line : n/a
ProcessID : 4294840811
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk

#:8 [STMGR.EXE]
ModuleName : C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
Command Line : C:\WINDOWS\System\Restore\StMgr.exe
ProcessID : 4294792987
Threads : 4
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft ® PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft ® PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe

#:9 [EXPLORER.EXE]

ModuleName : C:\WINDOWS\EXPLORER.EXE
Command Line : C:\WINDOWS\Explorer.exe
ProcessID : 4294953947
Threads : 10
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE

#:10 [TASKMON.EXE]
ModuleName : C:\WINDOWS\TASKMON.EXE
Command Line : "C:\WINDOWS\taskmon.exe"
ProcessID : 4294815051
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:11 [SYSTRAY.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE
Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe"
ProcessID : 4294727307
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.EXE
#:12 [LOADQM.EXE]
ModuleName : C:\WINDOWS\LOADQM.EXE
Command Line : "C:\WINDOWS\loadqm.exe"
ProcessID : 4294715923
Threads : 3
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE

#:13 [REALSCHED.EXE]
ModuleName : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 4294809515
Threads : 2
Priority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:14 [QTTASK.EXE]
ModuleName : C:\WINDOWS\SYSTEM\QTTASK.EXE
Command Line : "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
ProcessID : 4294817519
Threads : 2
Priority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:15 [WMIEXE.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WMIEXE.EXE
Command Line : WmiExe WMI_fffc5347
ProcessID : 4294723719
Threads : 3
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe

#:16 [PING.EXE]
ModuleName : C:\WINDOWS\PING.EXE
Command Line : "C:\WINDOWS\ping.exe" 10.19.135.1 -t
ProcessID : 4294740207
Threads : 2
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : TCP/IP Ping Command
InternalName : ping.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : ping.exe

#:17 [WINOA386.MOD]
ModuleName : C:\WINDOWS\SYSTEM\WINOA386.MOD
Command Line : n/a
ProcessID : 4294722483
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Non-Windows application component for 386 enhanced mode
InternalName : WINOLDAP
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : WINOA386.MOD

#:18 [WINMGMT.EXE]
ModuleName : C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
Command Line : C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE -Embedding
ProcessID : 4294615011
Threads : 3
Priority : Normal
FileVersion : 1.50.1164.0000
ProductVersion : 1.50.1164.0000
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:19 [SPOOL32.EXE]
ModuleName : C:\WINDOWS\SYSTEM\SPOOL32.EXE
Command Line : C:\WINDOWS\SYSTEM\spool32.exe
ProcessID : 4294544999
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:20 [BBCLIENT.EXE]
ModuleName : C:\PROGRAM FILES\SIFY BROADBAND\BBCLIENT.EXE
Command Line : "C:\Program Files\Sify Broadband\BBClient.exe"
ProcessID : 4294609879
Threads : 1
Priority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 2, 1, 0, 1
ProductName : Sify Broadband Application
FileDescription : Sify Broadband Application
InternalName : Sify Broadband
LegalCopyright : Copyright © 2004
OriginalFilename : BBClient.EXE

#:21 [PSTORES.EXE]
ModuleName : C:\WINDOWS\SYSTEM\PSTORES.EXE
Command Line : C:\WINDOWS\SYSTEM\PSTORES.EXE
ProcessID : 4294643231
Threads : 3
Priority : Normal
FileVersion : 5.00.2133.2
ProductVersion : 5.00.2133.2
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : Protected storage server

#:22 [YPAGER.EXE]
ModuleName : C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
Command Line : "C:\Program Files\Yahoo!\Messenger\YPager.exe"
ProcessID : 4294676135
Threads : 13
Priority : Normal
FileVersion : 6,0,0,1922
ProductVersion : 6,0,0,1922
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
InternalName : Yahoo! Messengerr
LegalCopyright : Copyright 1998-2005
OriginalFilename : YPager.exe

#:23 [IEXPLORE.EXE]
ModuleName : C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
Command Line : "C:\PROGRA~1\INTERN~1\iexplore.exe"
ProcessID : 4294479835
Threads : 16
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : IEXPLORE.EXE

#:24 [ITTOOLBARSERVICE.EXE]
ModuleName : C:\PROGRAM FILES\INDIATIMES MESSENGER\ITTOOLBARSERVICE.EXE
Command Line : C:\PROGRA~1\INDIAT~1\ITTOOL~1.EXE -Embedding
ProcessID : 4294272879
Threads : 2
Priority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : itToolBarService Module
FileDescription : itToolBarService Module
InternalName : itToolBarService
LegalCopyright : Copyright 2004
OriginalFilename : itToolBarService.EXE

#:25 [DDHELP.EXE]
ModuleName : C:\WINDOWS\SYSTEM\DDHELP.EXE
Command Line : ddhelp.exe
ProcessID : 4294190339
Threads : 5
Priority : Realtime
FileVersion : 4.07.01.3000
ProductVersion : 4.07.01.3000
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2000
OriginalFilename : DDHelp.exe
#:26 [AD-AWARE.EXE]
ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
Command Line : "C:\PROGRA~1\LAVASOFT\AD-AWA~1\AD-AWARE.EXE" /598853 +483832
ProcessID : 4294534307
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\MainStart Pagehotoffers.info

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.hotoffers...s.info/ad0058/"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : .DEFAULT\Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "http://www.hotoffers...s.info/ad0058/"

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tarig@casalemedia[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\tarig@casalemedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tarig@realmedia[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\tarig@realmedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tarig@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\tarig@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tarig@bluestreak[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\tarig@bluestreak[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tarig@doubleclick[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\tarig@doubleclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tarig@zadserver[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\tarig@zadserver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tarig@2o7[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\tarig@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tarig@advertising[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\tarig@advertising[2].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 10
Objects found so far: 11



Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tarig@casalemedia[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\tarig@casalemedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tarig@realmedia[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\tarig@realmedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tarig@atdmt[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\tarig@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tarig@bluestreak[1].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\tarig@bluestreak[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tarig@doubleclick[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\tarig@doubleclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tarig@2o7[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\tarig@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tarig@zadserver[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\tarig@zadserver[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tarig@advertising[2].txt
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\tarig@advertising[2].txt

Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21


Deep scanning and examining files (d:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for d:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21

12:16:07 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:15:21.980
Objects scanned:59033
Objects identified:21
Objects ignored:0
New critical objects:21
  • 0

Advertisements

#2
Guest_Andy_veal_*
Posted 23 April 2005 - 06:25 AM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R40 20.04.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#3
Guest_Andy_veal_*
Posted 23 April 2005 - 06:48 AM

Guest_Andy_veal_*
  • Guest
Please could you download these extra tools:

Go here and download the EScan tool: http://www.mwti.net/antivirus/mwav.asp

Download the following program called Killbox from here: http://www.downloads...org/KillBox.zip

To remove this from your computer, you need to find the dll file in order to permanently delete this pest.

Heres the problem

Please run the EScan tool.

Scanning with that tool will produce a logfile, this will uncover the the dll. Then it is a simple matter to unregister the dll and use the Killbox to eradicate any infected files.

Usually the culprits are this:

C:\WINNT\System32\systr.dll

C:\WINDOWS\System32\guninst.exe

When entering the .dll file(s) into KillBox, check the box that says 'Unregister DLL before deleting'.

:tazz: Thanks


Andy
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP