Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Winfixer; no popups, but is there


  • Please log in to reply

#1
Zangarath

Zangarath

    New Member

  • Member
  • Pip
  • 3 posts
When going to a forum I visit regularly, I got a malicious popup (I just knew it was when I saw it) about some winfixer thing. :tazz: I closed it so fast that I didn't clearly identify what it was, but I'm pretty sure it was this Winfixer thing. I am using Windows 98 Second Edition, a warez copy. I know it is less susceptible to malware due to its age, but this winfixer thing got on and now my activity on my computer is limited, for I have no idea what it does or what port it uses to contact its maker with the information it has mined.

I will not post a HiJackThis log unless it is needed. Please help me for I have no idea what to do or go about doing it. I've run Avast! antivirus, Spybot, and Ad-Aware and they found nothing; Spybot found the usual collection of tracking cookies that I collect from normal browsing, but nothing else. Also, I use the free version of Zone Labs Security (ZoneAlarm).


Please help me! I soo hate malware, especially this irremovable stuff for I can't find the process to kill it. This particular malware I have noticed is advanced enough that it is capable of running without being detected. I have not run Avast, Spybot, and Ad-aware in safe mode yet, for I want to do this without having to do so.

One more thing; is there something I can use to remove any other undetectable infection? Thanks in advance.

Edited by Zangarath, 04 September 2005 - 10:36 PM.

  • 0

Advertisements


#2
Zangarath

Zangarath

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Here is my HiJackThis log; I've discovered that Winfixer is embedded in either kernel32 or msgsrv32.exe.


Logfile of HijackThis v1.99.1
Scan saved at 4:43:29 PM, on 8/18/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\BROWSER MOUSE\LWBWHEEL.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\SPYBOT\TEATIMER.EXE
C:\PROGRAM FILES\WALL32\WALL32.EXE
C:\PROGRAM FILES\PROCEXP\PROCEXP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMS\HIJACKTHIS.EXE

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\lwbwheel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Shutdownaware] C:\WINDOWS\Shutdownaware.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRAM FILES\ZONEALARM\ZLCLIENT.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - Startup: Wall32.lnk = C:\Program Files\Wall32\WALL32.EXE
O4 - Startup: Process Explorer.lnk = C:\Program Files\Procexp\procexp.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
  • 0

#3
Zangarath

Zangarath

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I've come to the conclusion that I prevented the malware from installing when I closed the window. This topic may be deleted now.


I DO WANT a confirmation that I prevented it; please check and confirm or deny that the malware is not on my computer.

RESOLVED

Edited by Zangarath, 05 September 2005 - 09:18 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP