Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Some Kind of about:blank virus

Started by sKratch , Sep 16 2004 10:31 AM

  • Please log in to reply

#1
sKratch
Posted 16 September 2004 - 10:31 AM

sKratch

    New Member

  • Member
  • Pip
  • 2 posts
I just got home from college yesterday, and totally forgot that I had absolutely no protection on my mom's computer (she doesn't use the internet except for email, she doesn't know how to do anything else). Lo and behold, I go to a webpage and 23854 popups come up and stuff gets installed on my computer. Initially, it looked like the about:blank virus; my home page got switched and it was some search page. I downloaded adaware, spybot, and adware away, and installed norton (although norton didn't help much). After running all of these programs countless times, I eventually seemed to be clean, until I updated some definition files and I turned up to be a mess again. For a while, the web redirection was fixed but this morning it's back again. I have a feeling there's some hidden file on my computer that none of my programs can detect that keeps resurrecting the spyware. It also keeps installing a dialer on my computer, but I luckily have broadband so it can't do anything. Anyways, here is my highjack this log. Thanks a lot if you can help:

Logfile of HijackThis v1.98.2
Scan saved at 12:32:11 PM, on 9/16/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\golumm\services.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\AIM\aim.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\MgtS.exe
C:\WINDOWS\System32\Tpws.exe
C:\mIRC\mirc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://other.thenews...com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://other.thenews...com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://other.thenews...com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://other.thenews...com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coolsearch.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://other.thenews...com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - C:\WINDOWS\EliteBar\EliteBar version 50.dll (file missing)
O2 - BHO: (no name) - {5384A6C4-CDCD-4725-AA79-0016C028AE84} - C:\WINDOWS\system32\efoikh.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA880F} - C:\WINDOWS\EliteBar\EliteBar version 50.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [golumm] C:\WINDOWS\System32\golumm\services.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winxmh32.exe
O4 - HKLM\..\Run: [36@ASLK3HGJAQK] C:\WINDOWS\System32\Ozkx1Xc1.exe
O4 - HKLM\..\Run: [xF3j35g] dusui1.exe
O4 - HKLM\..\RunOnce: [KB824141] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKLM\..\RunOnce: [WMC_0] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\System32\wmpcore.dll"
O4 - HKLM\..\RunOnce: [WMC_1] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\System32\msdxm.ocx"
O4 - HKLM\..\RunOnce: [WMC_2] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\System32\dxmasf.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [sysinit] C:\WINDOWS\System32\golumm\services.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: v2cab - http://13213.searchm...m/cab/v2cab.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://2awm.com/pop/...m::/on-line.exe
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.173.250...othersearch.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...84f880889783bc3
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.over...com/WildApp.cab
  • 0

Advertisements

#2
admin
Posted 16 September 2004 - 10:30 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
First, we need to remove the pepper trojan. Download this file, run, and let terminate (it'll just blink briefly on your screen and won't appeared to have done much--this is normal):
http://www.geekstogo...=download&id=18

Reboot your PC.

If you would please, rescan with HijackThis, post a fresh log in this same topic, and we'll continue cleaning. <_<
  • 0

#3
sKratch
Posted 17 September 2004 - 10:21 AM

sKratch

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Ugh... I ran into some problems with SP2 crashing during install, and my system would no longer boot after uninstalling it, so I was unfortunately forced to reformat. But hey, at least the spyware's gone! Made sure to install all windows updates + SP2 and norton before I used the computer for anything.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP