Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Dead or Alive?[CLOSED]

  • This topic is locked This topic is locked



    New Member

  • Member
  • Pip
  • 3 posts
I've been constantly barraged by this malwares and ads. www.the-best-promos.com and www.security-updater.com keeps on poping-up whenever I launch IE. I have followed your steps, then restarted the computer. I tried to browse the internet again, still this annoying pop-ups keeps on sprouting like mushrooms. :tazz:

This are the steps that I've made:
1. Launch CleanUp
2. Scan with Ad-Aware (nothing was found)
3. CWShredder (nothing was found)
4. Spybot then I "immunized" the system (nothing was found)
5. Microsoft Antispyware (just to be sure), it found egroup dialer from the registry, then I removed it.

Infected registry keys/values detected

6. Run Ewido & scan everything, but nothing was found.
7. Symantec Antivirus Corporate Edition no viruses were found.
8. Restart the computer
9. I'm using dial-up to connect to the internet.
10. Launch IE. Then for a few moments this CrazyGirls popup appeared from www.the-best-promos.com. Sometimes it advertised softwares, etc.

BTW when I launched IE for the 2nd time, Windows Antispyware blocked this egdaccess_1060.dll, and Ewido found an infected file msclock32.dll located at C:\Windows\system32 by a Dialer.Generic, i cleaned it. It is in the quarantine, yet ewido is still saying that it found msclock32.dll is still infected.

Please I really need your help on this guys! I've posted by HijackThis log file. This was done after using your steps. (some, I've scanned with MS Antispyware to be sure)

Logfile of HijackThis v1.99.1
Scan saved at 1:49:45 PM, on 23/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Sygate\SSA\smc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Courion Corporation\PasswordCourier with DIRECT! Access\direct.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WinZip\WZQKPICK.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://unet.unisys.com/default.aspx
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://unet.unisys.com/default.aspx
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [DIRECT!] C:\Program Files\Courion Corporation\PasswordCourier with DIRECT! Access\direct.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IMDETECT] "C:\Program Files\Unisys IT\IMDETECT.EXE"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ppaproj.com
O17 - HKLM\Software\..\Telephony: DomainName = ppaproj.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{35E56E2E-E01D-4A6A-86FE-E0903FA04B85}: Domain = ph.Unisys.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ppaproj.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = au.Unisys.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = au.Unisys.com
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\ramirezca\My Documents\Carlo\cwshredder.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Remote Process Killer - Unknown owner - C:\WINDOWS\system32\RKillSrv.exe
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: Udeliver - Marimba, Inc. - C:\PROGRA~1\Udeliver\CASTAN~1\Tuner.exe

Edited by Carlo, 24 July 2005 - 07:52 PM.

  • 0




    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Duplicate post: http://www.geekstogo...topic=44819&hl=
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP