Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Something weird I noticed... [CLOSED]

Started by ALONGTHEWAY , Aug 23 2005 08:37 AM

  • This topic is locked This topic is locked

#1
ALONGTHEWAY
Posted 23 August 2005 - 08:37 AM

ALONGTHEWAY

    Member

  • Member
  • PipPip
  • 52 posts
Everytime I run SpyBot Search And Destroy V1.4 a ton of stuff comes up 50 entries or more... most of them are from advertising.com. Is this SpyWare, or just cookies and/or temp files?

I just recently switched my browser to FireFox... could that be the cause?

Should I switch back to IE? When I was running IE, rarely would I get more than 5 entries...

Also, I just upgraded to XP aswell.

Any suggestions?

P.S. I'm not sure if this belongs in this section, so if you guys move it please let me know.

Thanks

Steve
  • 0

Advertisements

#2
kool808
Posted 01 September 2005 - 06:09 PM

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Hello and welcome to Geeks to Go! :tazz: I'm kool808 and I will be helping you today.

We'll need you to use a free diagnostic tool [ HiJackThis ], read the short tutorial [ HERE ]

Then post the results of the scan here.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! I will be along to tell you what steps to take after you post the contents of the scan results.

In the event you cannot download it then you have to use another computer then transfer it to your PC.  If you are not able to run it through desktop or C:\HJT then you have to use the Task Manager, available through CTRL+ALT+DELETE then choose New Task.


  • 0

#3
ALONGTHEWAY
Posted 02 September 2005 - 07:50 AM

ALONGTHEWAY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Here ya go.

Logfile of HijackThis v1.99.1
Scan saved at 9:49:40 AM, on 9/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\PROGRA~1\COMMON~1\AOL\111634~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\atievxx.exe
C:\PROGRA~1\COMMON~1\AOL\111634~1\EE\AOLServiceHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Default\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1116346259\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124644115654
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124644103526
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
  • 0

#4
kool808
Posted 02 September 2005 - 10:10 AM

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
hi alongtheway,

Please SAVE THIS PAGE or secure a PRINT COPY of the instructions for reference.
++++++++++++++++++++++++++++++++++++++++++++
If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Do NOT run the scan yet!

Please download the trial version of Ewido Security Suite 3.5 here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please read the instructions for [ About:Buster ] then download it to a safe location where you can easily remember it.

++++++++++++++++++++++++++++++++++++++++++++
Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
++++++++++++++++++++++++++++++++++++++++++++
Download and install Cleanup. Do NOT run it yet.

++++++++++++++++++++++++++++++++++++++++++++
Reboot in SAFE MODE. (How to boot in Safe Mode...)

Killing the Running Processes:
1. Open HijackThis.
2. Click Config.
3. Click Misc Tools.
4. Under System Tools, click Open Process Manager.
5. Make sure to put a check mark on Show DLLs, found on the upper right corner.
5. Select the following file(s) if they exist, one at a time:

  • C:\PROGRA~1\COMMON~1\AOL\111634~1\EE\AOLHOS~1.EXE
  • C:\PROGRA~1\COMMON~1\AOL\111634~1\EE\AOLServiceHost.exe
6. Click Kill Process one at a time.
7. click back then close all remaining windows, disconnect from the internet, open HijackThis then click SCAN. Please put a check on the following items listed below:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

Make sure to double check the items you have selected, then click Fix Checked.

++++++++++++++++++++++++++++++++++++++++++++
Open Ad-aware and do a full scan. Remove all it finds.

++++++++++++++++++++++++++++++++++++++++++++
Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

++++++++++++++++++++++++++++++++++++++++++++
Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end.

++++++++++++++++++++++++++++++++++++++++++++
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

When you click the Close button you will be prompted to reboot, agree to it.

++++++++++++++++++++++++++++++++++++++++++++
reboot back in NORMAL MODE.


Have an On-line scan at this site: Panda Scan, save the results then post it.


please post back a new hijackthis log as well as the results from Ewido, About:Buster and Panda Scan.
  • 0

#5
ALONGTHEWAY
Posted 02 September 2005 - 10:31 AM

ALONGTHEWAY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Are the problems I have... worth all this?

I really don't want to add all these new programs to my computer. It's already old and lagging as it is.
  • 0

#6
kool808
Posted 02 September 2005 - 05:35 PM

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
these tools will just be temporarily installed so it can aid us in removing and diagnosing the infections in your system. Once we got rid of it you can safely remove them. :)

If you are engaged on online banking transactions, please renew or change all your confidential informations such as online banking details. :tazz:
  • 0

#7
ALONGTHEWAY
Posted 02 September 2005 - 10:45 PM

ALONGTHEWAY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

these tools will just be temporarily installed so it can aid us in removing and diagnosing the infections in your system. Once we got rid of it you can safely remove them.  :)

If you are engaged on online banking transactions, please renew or change all your confidential informations such as online banking details.  :tazz:

View Post


I do not do online banking. All I do is pay for things online. And I have a PayPal account.

Am I really at risk?

Edited by ALONGTHEWAY, 02 September 2005 - 11:17 PM.

  • 0

#8
ALONGTHEWAY
Posted 02 September 2005 - 11:16 PM

ALONGTHEWAY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Okay, I can't print out the instructions on this computer. I will print out the instructions on my work computer.

Although I did download Ad-aware. I ran it... got 94 entries. Yikes, I quarantined them. What do I do after that. Should I delete the file containing the quarantined stuff?

Lastly, am I really at such a risk? Can you explain?

Thanks so much for your time

Steve

Edited by ALONGTHEWAY, 02 September 2005 - 11:18 PM.

  • 0

#9
kool808
Posted 03 September 2005 - 08:39 AM

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
yes you can delete those quarantined files. :)

from the informations your log has presented, I have suspected one entry to be a password stealing trojan. It means that a key logger has been placed in your system. The key logger records all keystrokes,every character, and every confidential messages you do then stores these stolen informations on a file and transfered to its malicious master for bad purposes.

To verify that it is the one I am suspecting we need to diagnose the problem. To better protect yourself (better safe than sorry :tazz: ) it is recommended you change all online confidential informations. Also install one of this firewalls first:
Here are 3 free ones available for personal use:and a good antivirus (these are also free for personal use):
  • 0

#10
ALONGTHEWAY
Posted 03 September 2005 - 12:39 PM

ALONGTHEWAY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Okay so I just downloaded the Sygate firewall and AVG Anti-Virus. I run FireFox as my main browser and IE for windows updates. And AOL for my mail Client...I have a cable connection.

Are there any configurations I need know change? I can't have any e-mail being blocked in AOL, I run a mini online business.

Also how can I keep up-to-date on updates and changes to this particular firewall and Anti-virus? One of the things I find to be most annoying about these types of things is that they come out with a new version it seems like every week. And unless you know where to get them it seems like your version is always the old one.

All my PayPal and eBay passwords have been changed for the time being. On Monday when I get to work I will print out the new intrustions above. Below is my latest HiJack This scan.

So now currently on my computer I am running spybot, ad-aware SE, Hi Jack this, Sygate Firewall and AVG Anti-Virus... ugh it's going to be such a pain keeping up-to-date with this.

One more question. What's the best way to aviod getting these potential trojans anyway?

Logfile of HijackThis v1.99.1
Scan saved at 2:37:56 PM, on 9/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\PROGRA~1\COMMON~1\AOL\111634~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\111634~1\EE\AOLServiceHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Documents and Settings\Default\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1116346259\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124644115654
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124644103526
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Edited by ALONGTHEWAY, 03 September 2005 - 12:41 PM.

  • 0

Advertisements

#11
ALONGTHEWAY
Posted 03 September 2005 - 01:33 PM

ALONGTHEWAY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Holy Crap, I just ran that virus scan and it found so many torjans 33 infected 29 fixed and 2 there were problems while fixing the, object to be exact! Ugh, I hate computers! I'm getting so fed up with this stuff. :tazz:

Note* I changed my passwords after the Virus Scan was complete.

Here's my updated HiJack after the scan:

Logfile of HijackThis v1.99.1
Scan saved at 3:32:30 PM, on 9/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\PROGRA~1\COMMON~1\AOL\111634~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\111634~1\EE\AOLServiceHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Documents and Settings\Default\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1116346259\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124644115654
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124644103526
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Where do I go from here?

Thanks so much!

Steve
  • 0

#12
kool808
Posted 03 September 2005 - 07:40 PM

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
hi alongtheway,

Very good! You did it very well!

You can also save the instructions on your FAVORITES folder instead of printing.

C:\Documents and Settings\Default\Desktop\HijackThis.exe
It is highly recommended that you extract your HijackThis Tool from the ZIP file then install it in a safe location where you can easily find them. It is suggested you place them in a folder C:\HJT\, that way it could create backups necessary for future restore.

Were you able to obtain the scan results from the virus scan? Can you post it for me?
We will revise our fixes:

Do you use AOL as connection? We will start with a file submission:
  • Please go to Jotti's malware scan: http://virusscan.jotti.org/
  • Copy and paste the following file path into the "File to upload & scan" box on the top of the page:
    • C:\Program Files\Common Files\AOL\1116346259\EE\AOLHostManager.exe
    • C:\PROGRA~1\COMMON~1\AOL\111634~1\EE\AOLHOS~1.EXE <-- just an abbreviation, look for a similar filename
    • C:\PROGRA~1\COMMON~1\AOL\111634~1\EE\AOLServiceHost.exe
  • Click on the submit button
  • Please post the results in your next reply.
++++++++++++++++++++++++++++++++
Please download the trial version of Ewido Security Suite 3.5 here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

++++++++++++++++++++++++++++++++
Please close all remaining windows, disconnect from the internet, open HijackThis then click SCAN. Please put a check on the following items listed below:

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1116346259\EE\AOLHostManager.exe

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

Make sure to double check the items you have selected, then click Fix Checked.

++++++++++++++++++++++++++++++++
Reboot in SAFE MODE. (How to boot in Safe Mode...)

Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

++++++++++++++++++++++++++++++++
reboot back in NORMAL MODE.

Have an On-line scan at this site: Panda Scan, save the results then post it.

++++++++++++++++++++++++++++++++
* Please right-click this link to download Silent Runners.
* Save it to the desktop.
* Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
* You will see a text file appear on the desktop - it's not done yet, just let it run (it won't appear to be doing anything!)
* Once you receive the prompt "All Done!", double-click on the new text file on the desktop and copy that entire log and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

++++++++++++++++++++++++++++++++
THINGS TO POST:
1. new hijackthis log
2. results from Jotti.org
3. report from Ewido
4. results from Panda Scan
5. Silent Runners log
  • 0

#13
ALONGTHEWAY
Posted 04 September 2005 - 10:18 AM

ALONGTHEWAY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Okay I will print out those intructions an post my results ASAP.

I have a couple questions though if you don't mind.

After I was done installing the anti-spy ware and the new firewall my computer kinda spazzed out. I took care of that though.

First, how do I keep up-to-date on the new things I just downloaded (Sygate and AVG)?
Second, how do I prevent myself from becomming infected with these trojans?
Third, are there any sites out there that post the latest and greatest free programs and their update links?

Lastly, how do I know what things to let through my friewall and what things to block?

Thanks

Steve
  • 0

#14
kool808
Posted 04 September 2005 - 11:00 AM

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
after we clean your system, I will give you tons of tips to prevent future re-infections. Also lots of free stuffs to better protect. We will reserve it later when all seems to be clean.

It would be useless for now when infections will keep on coming back right? :tazz:
  • 0

#15
ALONGTHEWAY
Posted 04 September 2005 - 11:11 AM

ALONGTHEWAY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Okay cool.

For the firewall, something just popped up. I was unfamiliar with it so I clicked no don't let it through. And it restarted my computer.

How do I know what to let through and what not to let through in terms of the FireWall?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP