Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

malware \ spyware issues [CLOSED]


  • This topic is locked This topic is locked

#1
vidhya_80in

vidhya_80in

    Member

  • Member
  • PipPip
  • 11 posts
hey,
i've been having a lotta problems ever since the
Trojan-spy.html.smitfraud.c virus got into my system...i did the steps that were suggested and hopefully got rid of it..Now the problem is that this virus doesn't exist but a lotta new trojans get into my computer everytime i go on the net.i did a series of checks with possible anti spyware tools like
Ad-aware SE
Ccleaner
SpyBot S&D
XoftSpy
Spyware Blaster
i am using kaspersky to scan my computer..i initially had norton systemworks installed and updated.When the trojan-smitfraud virus got into the system norton started behaving wierd with a number of pop-up menus saying "Sending message 1/1" and smitfraud wudn't get out..uninstalled norton and the problem seemed to have gone.So got kaspersky installed.

the system is clean of all the viruses when offline and then i go online and it picks up varieties of trojans..like Opaserv worm,dyfuca.gen which don't get out and a whole lot of W32 viruses.am trying to clean these viruses in the safe mode.
Also my internet explorer homepage has got set to www.abcsearch4u.com (browser hijack) and a new application called powerscan has also got downloaded and installed.Am Unable to find where it is in the system...saw this in the start menu.
I might not be very clear in this post coz i dunno what to say...any kinda questions might help me give you a clearer picture....Please help...Am very scared to go online in that computer..Can someone tell me what are the precautions that i've to take before i go online and what else i can do to get out of this mess..i've been
trying out everything possible for the past three days..nothing seems to really help...
any kind of suggestions would be highly valuable...Please help...Thanku..

vidya
  • 0

Advertisements


#2
vidhya_80in

vidhya_80in

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
hey,
i've been having a lotta problems ever since the
Trojan-spy.html.smitfraud.c virus got into my system...i did the
steps that were suggested and hopefully got rid of it..Now the problem is that this virus doesn't exist but a lotta new trojans get into my computer everytime i go on the net.i did a series of checks with possible anti spyware tools like
Ad-aware SE
Ccleaner
SpyBot S&D
XoftSpy
Spyware Blaster
i am using kaspersky to scan my computer..i initially had norton systemworks installed and updated.When the trojan-smitfraud virus got into the system norton started behaving wierd with a number of pop-up menus saying "Sending message 1/1" and smitfraud wudn't get out..uninstalled norton and the problem seemed to have gone.So got kaspersky installed.

the system is clean of all the viruses when offline and then i go online and it picks up varieties of trojans..like Opaserv worm,dyfuca.gen which don't get out and a whole lot of W32 viruses.am trying to clean these viruses in the safe mode.
Also my internet explorer homepage has got set to www.abcsearch4u.com (browser hijack) and a new application called powerscan has also got downloaded and installed.Am Unable to find where it is in the system...saw this in the start menu.
I might not be very clear in this post coz i dunno what to say...any
kinda questions might help me give you a clearer picture....Please help...Am very scared to go online in that computer..Can someone tell me what are the precautions that i've to take before i go online and what else i can do to get out of this mess..i've been trying out everything possible for the past three days..nothing seems to really help...
any kind of suggestions would be highly valuable...Please help...Thanku..

vidya
  • 0

#3
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hey vidhya_80in :tazz:

Please read step 5 here about posting a Hijack log. After that copy and paste the Hijack log into this thread using the add reply button at the top of this page and someone will help you.

Thanks ;)
  • 0

#4
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi vidhya_80in and welcome to GeeksToGo!


If you are having malware issues, please got to the following site and follow all the instructions carefully.


You Must Read This Before Posting A Hijackthis Log

this will help you clean up to 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.

Thanks,

:tazz:

Excal
  • 0

#5
vidhya_80in

vidhya_80in

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
hey excal,
i'll check and post a HijackThis Log...thanku
  • 0

#6
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Sounds goods ;)

Please make sure you start a new thread in the malware forum and post it there ;)


Thanks,

:tazz:

Excal
  • 0

#7
vidhya_80in

vidhya_80in

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hey,

I ve been having problems of spyware and malware getting into my system. I ve followed all the requisite steps prescribed here for the removing the same excepting an online panda or trendpc scan coz there was some activex issues. Though Adaware, CWS Shredder, Trojan Hunter, TDS-3 gave a clean chit , SpyBot came up with this 1 entry of OPASERV which is not getting cleaned and Ewido identified and cleaned SPYWARE.ADKILLER.

Anyways The HJT log is as follows :

Logfile of HijackThis v1.99.1
Scan saved at 11:25:33 PM, on 7/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\wdfmgr.exe
D:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
F:\RepairRegistryPro.exe
D:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Intel\Intel® Active Monitor\imonalrt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quickt6 pro\qttask.exe" -atboottime
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Repair Registry Pro] F:\RepairRegistryPro.exe -s
O4 - HKLM\..\Run: [KAVPersonal50] "d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [KL AntiFunLove] C:\WINDOWS\System32\flcss.exe
O4 - HKLM\..\Run: [IMONTRAY] D:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\Sharath\Local Settings\Temp\EI40_\msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.172.102...hm::/update.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Wavefront Help Server (AWHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya5.0\docs\Wrapper.exe" -s "C:\Program Files\AliasWavefront\Maya5.0\docs/Wrapper.conf (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - D:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: kavsvc - Kaspersky Lab - d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


P.S. : one more problem that i have is KASPERSKY identifying :

c:\program files\HJT\hijack this.log

as a potentially dangerous program - Exploit.HTML.Mht.


Kindly Help.
  • 0

#8
vidhya_80in

vidhya_80in

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hey,

I ve been having problems of spyware and malware getting into my system. I ve followed all the requisite steps prescribed here for the removing the same excepting an online panda or trendpc scan coz there was some activex issues. Though Adaware, CWS Shredder, Trojan Hunter, TDS-3 gave a clean chit , SpyBot came up with this 1 entry of OPASERV which is not getting cleaned and Ewido identified and cleaned SPYWARE.ADKILLER.

Anyways The HJT log is as follows :

Logfile of HijackThis v1.99.1
Scan saved at 11:25:33 PM, on 7/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\wdfmgr.exe
D:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
F:\RepairRegistryPro.exe
D:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Intel\Intel® Active Monitor\imonalrt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quickt6 pro\qttask.exe" -atboottime
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Repair Registry Pro] F:\RepairRegistryPro.exe -s
O4 - HKLM\..\Run: [KAVPersonal50] "d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [KL AntiFunLove] C:\WINDOWS\System32\flcss.exe
O4 - HKLM\..\Run: [IMONTRAY] D:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\Sharath\Local Settings\Temp\EI40_\msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.172.102...hm::/update.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Wavefront Help Server (AWHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya5.0\docs\Wrapper.exe" -s "C:\Program Files\AliasWavefront\Maya5.0\docs/Wrapper.conf (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - D:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: kavsvc - Kaspersky Lab - d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


P.S. : one more problem that i have is KASPERSKY identifying :

c:\program files\HJT\hijack this.log

as a potentially dangerous program - Exploit.HTML.Mht.


Kindly Help.
  • 0

#9
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi vidhya_80in,

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.

:tazz:

Excal
  • 0

#10
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP