-Mary mary_mbam_log_5_29_2008__17_22_47_.txt 5.68KB 124 downloads
Spyware Warning on Wallpaper - Help! [RESOLVED]
#1
Posted 30 May 2008 - 06:17 PM
-Mary mary_mbam_log_5_29_2008__17_22_47_.txt 5.68KB 124 downloads
#2
Posted 31 May 2008 - 10:37 AM
1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe Save it to your Desktop before you run it.
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.
Note:
Do not click on combofix's window while it's running. That may cause it to stall.
Download HijackThis at http://www.greyknigh.../HijackThis.exe Create a folder at C:\HJT and move HijackThis.exe there. Double-click on the program to run it.
1. If it gives you an intro screen, just choose Do a system scan and save a logfile.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.
#3
Posted 01 June 2008 - 11:51 AM
ComboFix.txt 21.61KB 112 downloads
#4
Posted 01 June 2008 - 11:58 AM
#5
Posted 01 June 2008 - 01:34 PM
My computer seems to be cured now... The wallpaper warning is gone and I was able to reset wallpaper. Also, I can now access my Task Manager, which I couldn't do before. I rebooted just to make sure all is well, and it is. I still have a little warning in my task bar which alerts me to a virus from "Windows Security Altert". However, when I click on it, I go directly to Microsoft instead of web address: "About: Security"
What do you think? - Mary
#6
Posted 02 June 2008 - 09:03 AM
Uninstall Yapta via the Add/Remove Programs panel if found.
Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.
If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:
Save this as CFScript.txt in the same location as the ComboFix.exe tool.KILLALL::
File::
C:\WINDOWS\winajbm.dll
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\xplugin.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\accesss.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mssys.exe
C:\WINDOWS\notepad32.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\internet.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\window.exe
C:\WINDOWS\editpad.exe
C:\WINDOWS\system32\g67.exe
C:\Documents and Settings\HP_Administrator\Application Data\0000000000t.dat
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\avpcc.dll
C:\WINDOWS\users32.exe
C:\WINDOWS\clrssn.exe
C:\WINDOWS\winmgnt.exe
Folder::
C:\Program Files\SurfingSoftware
C:\Program Files\Yapta\
C:\WINDOWS\system32\vd2
C:\WINDOWS\system32\rev3
C:\WINDOWS\system32\bTMP
C:\WINDOWS\system32\acom1
C:\WINDOWS\system32\1026c
C:\Documents and Settings\LocalService\Application Data\Yapta
C:\WINDOWS\system32\vntiho18
C:\Documents and Settings\HP_Administrator\Application Data\Zinaps7\
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXQGvww]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinaps7]
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.
Note: Do not click on combofix's window while it's running. That may cause it to stall.
Run a new HijackThis scan and post that log here as well.
#7
Posted 02 June 2008 - 09:48 AM
#8
Posted 04 June 2008 - 01:22 PM
To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.
Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hti OK to remove it. You should be set to go.
#9
Posted 05 June 2008 - 12:13 PM
Mary
#10
Posted 06 June 2008 - 10:03 AM
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users