Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Adzgalore [RESOLVED]

Started by nanajanet , May 16 2008 11:05 AM

This topic is locked

#31
sarahw

Posted 14 June 2008 - 04:52 AM

Malware Staff

Member
2,781 posts

Hi,
Sorry about the delay, I have been away.
Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\Documents and Settings\abdwybabe\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-7658ba13.zip
C:\Documents and Settings\abdwybabe\Desktop\Anti-Viral-Malware Programs\OTScanIt\MovedFiles\05032008_002907\C_WINDOWS\system32\{899433cf-4c4d-1386-3e32-b276b12a533e}.dll
C:\WINDOWS\LOT66225.exe

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

#32
nanajanet

Posted 14 June 2008 - 08:34 PM

Member

Topic Starter
Member
64 posts

Thanks. is this what you need to see?

C:\Documents and Settings\abdwybabe\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-7658ba13.zip moved successfully.
File/Folder C:\Documents and Settings\abdwybabe\Desktop\Anti-Viral-Malware Programs\OTScanIt\MovedFiles\05032008_002907\C_WINDOWS\system32\{899433cf-4c4d-1386-3e32-b276b12a533e}.dll not found.
File/Folder C:\WINDOWS\LOT66225.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06142008_223528

#33
Blender

Posted 16 June 2008 - 06:31 PM

Malware Expert

Member
187 posts

Hello,

Sorry for delay.
SarahW asked me to post here because she will be away from forums for a few days.

That was indeed the log we needed to see.
How is the system running now? Still see those popups?

Please delete the following folder if still present:

C:\Program Files\SelectRebates <--

If you can't do it in normal mode -- boot to safe mode & delete it. Then empty recycle bin.

Let me know how system is running please.

Thanks

#34
nanajanet

Posted 16 June 2008 - 08:47 PM

Member

Topic Starter
Member
64 posts

Hi - thanks. It's running fine but still had Adzgalore. It just does not leave!! LOL

I deleted that file. What does it do and how did it get there?

#35
Blender

Posted 16 June 2008 - 09:59 PM

Malware Expert

Member
187 posts

Hi,

SelectRebates is part of "ShopAtHome Select" adware.
It likely came bundled with a free game or something of that nature.

Open Hijackthis
Click "config"
Click "misc tools"
Click "open uninstall manager"
Click "save list..."
Save the list & post it here.

Next:

Open your FireFox then type this into the browser:

about:plugins

Hit enter.
Browser opens up a list of plugins you have...

Click "file"
"Save web page as..."
Call it "plugins.txt"
Under "file type" use the pulldown arrow to choose "text files"
Save it and attach it here please.

Thanks

#36
nanajanet

Posted 17 June 2008 - 10:26 AM

Member

Topic Starter
Member
64 posts

Thank you.

Hijack this...

4shared Uploader
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop 7.0
Adobe Reader 8.1.2
Agatha Christie Death on the Nile
AI RoboForm (All Users)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Pictures Tools (version 10.6.0.6)
AOL Registration
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Mobile Device Support
Apple Software Update
avast! Antivirus
Blaze Video Magic v2.0 Edition
Bonjour
Broadcom Management Programs
Camera Driver v1.0
Conexant HDA D110 MDC V.92 Modem
Cool Edit 2000
CutePDF Writer 2.7
Dell Support 3.2.1
Dell Wireless WLAN Card
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
ERUNT 1.1j
Garmin City Navigator Europe NT 2008
GomezPEER
Google Earth
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0.A
HP Photosmart Essential
HP Software Update
HP Solution Center 7.0
Intel® Graphics Media Accelerator Driver
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 6
Kaspersky Online Scanner
Learn2 Player (Uninstall Only)
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Web Publishing Wizard 1.52
Modem Helper
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
OCR Software by I.R.I.S 7.0
PCFriendly
QuickTime
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
Sonic Encoders
Sonic Update Manager
Spybot - Search & Destroy
Synaptics Pointing Device Driver
The Print Shop 12
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Media Player
WebEx
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
WinPatrol 2008

I have attached the other file.

Attached Files

plugins.txt 9.93KB 144 downloads

#37
Blender

Posted 19 June 2008 - 02:43 AM

Malware Expert

Member
187 posts

Hi,

Sorry for delay & thanks for the logs.

Uninstall list looks OK cept for one old version of Java installed.

Make sure all browsers are closed and uninstall:

J2SE Runtime Environment 5.0 Update 6

Reboot when done.

"plugins.txt" looks OK.
I think I'm looking in the wrong spot.

Copy the following text to a new notepad window.

cd "C:\Program Files\Mozilla Firefox\components"
dir *.dll > c:\dirlist.txt
notepad c:\dirlist.txt

Save the file as file name: peek.bat
As file types: all files
Save it to the desktop.

Once saved, double click it.
Notepad should open with a log.
Post the log here please.

You can delete "peek.bat" and "C:\dirlist.txt" when done.

Thanks

#38
nanajanet

Posted 19 June 2008 - 11:44 AM

Member

Topic Starter
Member
64 posts

Thanks. Here is the log...

Volume in drive C has no label.
Volume Serial Number is C05B-9345

Directory of C:\Program Files\Mozilla Firefox\components

04/17/2008 07:53 AM 67,696 jar50.dll
04/17/2008 07:53 AM 54,376 jsd3250.dll
04/17/2008 07:53 AM 34,952 myspell.dll
05/14/2008 04:52 AM 439,296 nsBrowserGal.dll
04/17/2008 07:53 AM 46,720 spellchk.dll
04/17/2008 07:53 AM 172,144 xpinstal.dll
6 File(s) 815,184 bytes
0 Dir(s) 23,155,306,496 bytes free

#39
Blender

Posted 20 June 2008 - 02:44 AM

Malware Expert

Member
187 posts

Bingo!!
Thanks

Upload this file please:

C:\Program Files\Mozilla Firefox\components\nsBrowserGal.dll

To this site:

http://www.bleepingc....php?channel=20

No need to register but please do mention I asked for the file and please post the URL from this thread at that site so I remember who the file belongs to.

Once you get success message that file is uploaded..

Copy these instructions to notepad or print them out.
You won't see these instructions in safe mode and you can't have your browser running during fix.

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Locate & delete the following file then empty recycle bin.
C:\Program Files\Mozilla Firefox\components\nsBrowserGal.dll <-- this file

Boot back up to normal mode please & test FireFox.
Let me know if you still get popups.

Thanks

#40
Blender

Posted 21 June 2008 - 07:02 PM

Malware Expert

Member
187 posts

You get it ok nanajanet?

#41
nanajanet

Posted 24 June 2008 - 12:18 AM

Member

Topic Starter
Member
64 posts

I am sorry, I was away and just got back. File is uploaded as you requested. Thanks again!

Edited by nanajanet, 24 June 2008 - 12:25 AM.

#42
nanajanet

Posted 25 June 2008 - 11:52 AM

Member

Topic Starter
Member
64 posts

Hi - It seems to have worked. Hopefully this has fixed it.

Do you know how I got it in the first place so I can avoid getting it again?

Thanks so much!!

#43
Blender

Posted 25 June 2008 - 05:45 PM

Malware Expert

Member
187 posts

Hi,

Thanks for the file & good to hear the popups have quit.

How you got it -- not sure. Possibly a game you downloaded.
Really have to watch the free stuff you download because often it is bundled with adware or worse.

Make sure you have the latest updates to your browser and Java. Your Java is up to date -- however..
Each time you update Java -- the old one needs to be uninstalled.

You may want to try "noscript" for your Firefox as well.

http://noscript.net/

You can allow sites you trust to run scripts. Others get blocked.

Here is some good info about staying safe:

http://users.telenet...prevention.html

------------------

Let me look through the thread and see what we have to clean up for tools and such.
I'll be back shortly.

#44
nanajanet

Posted 25 June 2008 - 05:53 PM

Member

Topic Starter
Member
64 posts

Hi,
Thanks. I don't download any games and stuff, so who knows. I will try your suggestions. Thanks again!!

#45
Blender

Posted 25 June 2008 - 06:38 PM

Malware Expert

Member
187 posts

Hi again,

I think most of the tools are cleaned up.
Just a couple logs I had you do and system restore to reset.

These files you can delete:

plugins.txt
uninstall_list.txt

If all is well after a few more reboots you can reset your system restore.

Right click "my computer"
Click "properties"
Click "system restore" tab
Checkmark "turn off system restore"
Hit apply> ok> ok.

Reboot

Go back and turn system restore back on by removing the check, hit apply, and OK.

A new restore point is created at this time.

Take care & surf safe!