Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware Warning on Wallpaper - Help! [RESOLVED]


  • This topic is locked This topic is locked

#1
MKnauer

MKnauer

    New Member

  • Member
  • Pip
  • 6 posts
I have completed all of the recommendations per instructions "before posting". Attached is my Malware Log. I'd appreciate any help you can provide.

-MaryAttached File  mary_mbam_log_5_29_2008__17_22_47_.txt   5.68KB   81 downloads
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hi Mary and welcome to GTG.

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe Save it to your Desktop before you run it.
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

Download HijackThis at http://www.greyknigh.../HijackThis.exe Create a folder at C:\HJT and move HijackThis.exe there. Double-click on the program to run it.

1. If it gives you an intro screen, just choose Do a system scan and save a logfile.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.
  • 0

#3
MKnauer

MKnauer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for the quick response. Here is the ComboFix log, I'm having difficulty uploading the HJT log--I'll try with a second reply. - Mary

Attached File  ComboFix.txt   21.61KB   67 downloads
  • 0

#4
MKnauer

MKnauer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Attached File  Knauerlog.txt   14.24KB   54 downloads

Here's the HJT log. - Mary
  • 0

#5
MKnauer

MKnauer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Dear Greyknight17:
My computer seems to be cured now... The wallpaper warning is gone and I was able to reset wallpaper. Also, I can now access my Task Manager, which I couldn't do before. I rebooted just to make sure all is well, and it is. I still have a little warning in my task bar which alerts me to a virus from "Windows Security Altert". However, when I click on it, I go directly to Microsoft instead of web address: "About: Security"

What do you think? - Mary
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Not done yet :)

Uninstall Yapta via the Add/Remove Programs panel if found.

Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

KILLALL::
File::
C:\WINDOWS\winajbm.dll
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\xplugin.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\accesss.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mssys.exe
C:\WINDOWS\notepad32.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\internet.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\window.exe
C:\WINDOWS\editpad.exe
C:\WINDOWS\system32\g67.exe
C:\Documents and Settings\HP_Administrator\Application Data\0000000000t.dat
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\avpcc.dll
C:\WINDOWS\users32.exe
C:\WINDOWS\clrssn.exe
C:\WINDOWS\winmgnt.exe
Folder::
C:\Program Files\SurfingSoftware
C:\Program Files\Yapta\
C:\WINDOWS\system32\vd2
C:\WINDOWS\system32\rev3
C:\WINDOWS\system32\bTMP
C:\WINDOWS\system32\acom1
C:\WINDOWS\system32\1026c
C:\Documents and Settings\LocalService\Application Data\Yapta
C:\WINDOWS\system32\vntiho18
C:\Documents and Settings\HP_Administrator\Application Data\Zinaps7\
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXQGvww]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinaps7]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

Run a new HijackThis scan and post that log here as well.
  • 0

#7
MKnauer

MKnauer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Done. Here's the attachment

Attached File  ComboFix.txt   18.51KB   141 downloads

-Mary
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hti OK to remove it. You should be set to go.
  • 0

#9
MKnauer

MKnauer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks so much--no problems at all. I'm heading over to the tutorial right now!

Mary
  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP