Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

file:///C:/WINDOWS/privacy_danger/index.htm problem...plz help

Started by angad.rana , Oct 18 2008 10:23 PM

  • Please log in to reply

#1
angad.rana
Posted 18 October 2008 - 10:23 PM

angad.rana

    New Member

  • Member
  • Pip
  • 1 posts
hello ppl, while surfing the net last night,the computer went into cmd prompt mode and read ' starting copying 1 file' and after that, there's been a whole lot a malware/adware/spyware appearing. and now theres a red/white screen saying 'your system is infected'. i right clicked on the file->properties, it showed me this file:///C:/WINDOWS/privacy_danger/index.htm . and since then i've managed to scan, detect and remove some of the problems. i also managed to remove that red screen on the desktop. I want to check if there are any more problems and how i can get red of them. currently im using AVG 8 . and i used spy sweeper, ad aware 08 and malwarebytes. I just did a scan with Trend Micro HijackThis v2.0.2 & this is what came up. Any help would be welcome and appreciated.

Thanks in advance...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:21 AM, on 10/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
e:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
E:\Adware\aawservice.exe
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
e:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
H:\PROGRA~1\AVG\AVG8\avgam.exe
H:\PROGRA~1\AVG\AVG8\avgrsx.exe
H:\PROGRA~1\AVG\AVG8\avgnsx.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\PROGRA~1\AVG\AVG8\avgemc.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\ctfmon.exe
H:\PROGRA~1\AVG\AVG8\avgtray.exe
H:\Program Files\Folder Guard Pro\FGKey.exe
E:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
H:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe
C:\ActiveSync\Wcescomm.exe
C:\ACTIVE~1\rapimgr.exe
H:\WINDOWS\System32\svchost.exe
e:\Program Files\Webroot\WebrootSecurity\SSU.EXE
H:\Program Files\Mozilla Firefox\firefox.exe
e:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {2C55D676-AA0F-4FBC-BD2B-68F164FD8AC7} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] -HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] -RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] -ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] -"H:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] -"H:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] "H:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [FG_Monitor] "H:\Program Files\Folder Guard Pro\FGKey.exe" /Start
O4 - HKLM\..\Run: [SpySweeper] "E:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "H:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [SpriteService] "H:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "H:\Documents and Settings\David Jones\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ACTIVE~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ACTIVE~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll sfrjmh.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Adware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - e:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - e:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O24 - Desktop Component 1: Privacy Protection - file:///H:\WINDOWS\privacy_danger\index.htm

--
End of file - 5424 bytes
  • 0

Advertisements

#2
miekiemoes
Posted 18 October 2008 - 11:43 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP