Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Please help me, I've been infected seriously!

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 1 posts
Earlier this morning my Norton Firewall detected that something windows-update-like was trying to get access FROM my computer and out on the Internet. I assumed this was some regular windowsupdate and allowed it to access internet, as suggested by my Norton program.

Immediately after I got this black screen "Your-in-danger"-crap from Topspyware.com or whatever their name is. It's been described in other posts on this forum I've seen.

I followed some instructions I found here and on other similar sites, and managed to get rid of the first problem, only to find myself with another problem hanging from my throat.

After removing the "Your-in-danger"-screen, and all the files causing harm related to that, I found a "Security iGuard"-icon on my desktop, and some yellow triangle next to my clock, saying I was at risk for spyware. (yeah, you ***'s tell me something I don't know, You've infected my computer, and should therefore die a painful death. ;) )

I ran a google-search on the name Security iGuard, only to learn that it was another spyware, appearing to be sort of a "phase 2" of the first problem I had. I mananged to find a suggested solution to that problem as well, and cannot seem to find any more files related to either of these two troublemakers I've experienced this morning.

However my computer is limping and several of my software-programs refuses to function. Basically this is the troubleshooting-list I'm staring at, at the moment:

1. My Symantec Internet Security-software refuses to function in any way, unable to start the program.

2. Ad-Aware refuses to start/run. I've even tried downloading the software again, only to discover that the setup-file I downloaded refuses to start

3. Spybot - Search & Destroy refuses to start/run

4. MSN 7 refuses to start/run

5. My Opera web-browser refuses to connect to the Internet

6. My start-site in Internet Explorer, http://www.betonbet.net ,refuses to load both at the first log on, and later if I type the URL in the browser.

7. I'm unable to open my hotmail-account, meaning I had to activate an "ancient" Yahoo-mail account in order to register here.

8. My girlfriend is still laughing (this started 9 hours ago) and is quite pleased that it was me and not her who was sitting at the keyboard when the problem occured. ;)

The scan I performed with Panda ActiveScan came up with this report now. Should I delete those Adware-files indicated which shows up as "no disinfected"? I recognize both the IGuard-name and the TopSpyware-name from the problems I had earlier today. :

Incident Status Location

Adware:Adware/Adsmart No disinfected C:\WINDOWS\System32\thun32.dll
Virus:Bck/Combo.B Disinfected Operating system
Adware:Adware/Searcher No disinfected Windows Registry
Adware:Adware/Adsmart No disinfected C:\WINDOWS\System32\thun32.dll
Adware:Adware/IGuard No disinfected C:\WINDOWS\System32\wldr.dll
Adware:Adware/CWS.Flsmngr No disinfected Windows Registry
Spyware:Spyware/YourSiteBar No disinfected C:\Documents and Settings\Eirin\Lokale innstillinger\Temporary Internet Files\Content.IE5\A54BEHE5\CA0Y6WJ5.HTM
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Magnus\Programdata\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fdafaa7-21dc4eda.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Magnus\Programdata\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fdafaa7-21dc4eda.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Magnus\Programdata\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fdafaa7-21dc4eda.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Magnus\Programdata\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2fdafaa7-21dc4eda.zip[Installer.class]
Adware:Adware/Adsmart No disinfected C:\WINDOWS\system32\thun.dll
Adware:Adware/IGuard No disinfected C:\WINDOWS\system32\wldr.dll
Adware:Adware/Adsmart No disinfected C:\WINDOWS\system32\__delete_on_reboot__thun32.dll
Adware:Adware/TopSpyware No disinfected C:\WINDOWS\Web\desktop.html

This is the log from the other scan I've done using Ewido. It seems as if it has dealt with a few of the unsolved problems from the Panda-Scan.

ewido security suite - Scan report

+ Created on: 22:35:59, 14.05.2005
+ Report-Checksum: C7890216

+ Date of database: 16.05.2005
+ Version of scan engine: v3.0

+ Duration: 85 min
+ Scanned Files: 128026
+ Speed: 24.95 Files/Second
+ Infected files: 7
+ Removed files: 7
+ Files put in quarantine: 7
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:

+ Scan result:
C:\Documents and Settings\Magnus\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Magnus\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Magnus\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\mwilbiot.exe -> TrojanDropper.Agent.ii -> Cleaned with backup
C:\WINDOWS\system32\scombop.exe -> Trojan.Small.ej -> Cleaned with backup
C:\WINDOWS\system32\thun32.dll -> TrojanProxy.Small.bk -> Cleaned with backup
C:\WINDOWS\system32\vxbbaaaa.exe -> TrojanProxy.Small.bk -> Cleaned with backup

::Report End

I've done some cleaning up, but deleting a file called ativvjoy.exe, combo.exce, combop,exe, fltmgr.dll, flsmngr.dll and wldr.dll

I have however still got a file called wbdborec.dll, which doesn't appear in the scan, but there's something fishy about it. There is also this one which appears in the scan:

O21 - SSODL: Themes Media - {DAC23335-0571-4BCB-B0F5-3C65AA507E10} - C:\WINDOWS\System32\odpdsfc.dll

My latest Hijack This log is like this:

Logfile of HijackThis v1.99.1
Scan saved at 16:09:35, on 15.05.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programfiler\ewido\security suite\ewidoguard.exe
C:\Programfiler\MSN Apps\Updater\01.02.3000.1001\no\msnappau.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.4000.1001\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.4000.1001\no\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programfiler\MSN Apps\Updater\01.02.3000.1001\no\msnappau.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [Access Update] C:\WINDOWS\System32\mdwmawex.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12....es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O21 - SSODL: Themes Media - {046105B3-581A-4CD7-A618-E29BE8A49AE1} - C:\WINDOWS\System32\odpdsfc.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programfiler\ewido\security suite\ewidoguard.exe

I hope someone could kindly be of assistance. :tazz:

Edited by Magnussss, 17 May 2005 - 08:45 AM.

  • 0


Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP