Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware alert and illegal operation


  • Please log in to reply

#1
zigzagswag

zigzagswag

    New Member

  • Member
  • Pip
  • 1 posts
Hello. Here are my problems:
1. Adaware SE appears to delete the process and all of the files for Coolwwwsearch. But after every Interet use, I run Adaware and find 40 more files.
2. My desktop has been overtaken by a bitmap file: Warning! Your computer is infected., which appears line after line across my screen. I can find and delete the bitmap WP.exe file, but don't know the source. I also get a pop-up: Spyware Alert. Check your system for Viruses and Spyware. There's a Yes button and No button, which is the one I click every 5 minutes.
3. Within a minute of booting my computer, I get: Explorer. This program has performed an illegal operation and will be shut down, etc. If I press Close .. that's it for running any functions.

I've run Spybot and Adaware SE. Here's my Hijack This Log (I'm now using Mozilla Firefox as my browser):

Logfile of HijackThis v1.99.1
Scan saved at 8:13:22 PM, on 6/4/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\CARPSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\ZLOADER3.EXE
C:\WINDOWS\SYSTEM\SHELL32.DLL
C:\WINDOWS\SYSTEM\LLHUWHYTTN5L8.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

O2 - BHO: (no name) - {0388EC16-BA98-416f-9D9B-B9A031E427AF} - C:\WINDOWS\SYSTEM\t55nw72du6sgl8.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [WindowsFZ] C:\WINDOWS\ZLOADER3.EXE
O4 - HKLM\..\Run: [FX] C:\WINDOWS\SYSTEM\2FMTUC41CSLMFE.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\LLHUWHYTTN5L8.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {01569B00-A2DF-11D9-9AD2-444553540000} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {01569B00-A2DF-11D9-9AD2-444553540000} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {0D94C2C0-A2DF-11D9-9AD2-444553540000} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0D94C2C0-A2DF-11D9-9AD2-444553540000} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C90EB520-A455-11D9-9AD2-444553540000} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C90EB520-A455-11D9-9AD2-444553540000} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2676C180-A456-11D9-9AD2-444553540000} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2676C180-A456-11D9-9AD2-444553540000} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {67E4ADA0-ADEB-11D9-9AD2-444553540000} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {67E4ADA0-ADEB-11D9-9AD2-444553540000} - (no file) (HKCU)
O16 - DPF: {6BE6BDA4-394F-11D3-B6AF-00105AA51E4C} - http://www.dash.com/DashInst.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {C738EA53-97C2-441B-AC52-DFBC597BCBE5} (Chess Control) - http://www.worldwinn...chess/chess.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c7.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
O19 - User stylesheet: (file missing)
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Download and doubleclick:
http://metallica.gee...m/smitfraud.reg
Confirm you want to merge it with the registry.

Then reboot and post a new HijackThis log.

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP