Winfixer; no popups, but is there

When going to a forum I visit regularly, I got a malicious popup (I just knew it was when I saw it) about some winfixer thing. :tazz:

I closed it so fast that I didn't clearly identify what it was, but I'm pretty sure it was this Winfixer thing. I am using Windows 98 Second Edition, a warez copy. I know it is less susceptible to malware due to its age, but this winfixer thing got on and now my activity on my computer is limited, for I have no idea what it does or what port it uses to contact its maker with the information it has mined.

I will not post a HiJackThis log unless it is needed. Please help me for I have no idea what to do or go about doing it. I've run Avast! antivirus, Spybot, and Ad-Aware and they found nothing; Spybot found the usual collection of tracking cookies that I collect from normal browsing, but nothing else. Also, I use the free version of Zone Labs Security (ZoneAlarm).

Please help me! I soo hate malware, especially this irremovable stuff for I can't find the process to kill it. This particular malware I have noticed is advanced enough that it is capable of running without being detected. I have not run Avast, Spybot, and Ad-aware in safe mode yet, for I want to do this without having to do so.

One more thing; is there something I can use to remove any other undetectable infection? Thanks in advance.

Edited by Zangarath, 04 September 2005 - 10:36 PM.

Here is my HiJackThis log; I've discovered that Winfixer is embedded in either kernel32 or msgsrv32.exe.

Logfile of HijackThis v1.99.1
Scan saved at 4:43:29 PM, on 8/18/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\BROWSER MOUSE\LWBWHEEL.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\SPYBOT\TEATIMER.EXE
C:\PROGRAM FILES\WALL32\WALL32.EXE
C:\PROGRAM FILES\PROCEXP\PROCEXP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMS\HIJACKTHIS.EXE

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\lwbwheel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Shutdownaware] C:\WINDOWS\Shutdownaware.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - Startup: Wall32.lnk = C:\Program Files\Wall32\WALL32.EXE
O4 - Startup: Process Explorer.lnk = C:\Program Files\Procexp\procexp.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

#1
Zangarath

Posted 18 August 2005 - 06:21 PM

Advertisements

#2
Zangarath

Posted 19 August 2005 - 04:12 PM

#3
Zangarath

Posted 05 September 2005 - 09:16 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us