aurora popup, nail.exe [RESOLVED]
Started by
shenzie2007
, Aug 24 2005 06:45 AM
-
This topic is locked
#16
Posted 29 August 2005 - 08:50 AM
Guse
-
- Member
-
- 624 posts
Visiting Staff
#17
Posted 29 August 2005 - 03:32 PM
Guse
-
- Member
-
- 624 posts
Visiting Staff
Ignore my last question. Here's a new set of instructions:
First, if you haven’t already, please uninstall Shareaza.
Then, open HijackThis
Reboot into safe mode.
Go to Start->Run and type in services.msc and hit OK. Then look for LogServerShell and double click on it. Click on the Stop button and under Startup type, choose Disabled.
Repeat the same thing for TaskManagerShell
Now open and run Ewido:
Close all browsers, windows and unneeded programs.
Open HijackThis and do a scan and place checks marks next to the following items:
O8 - Extra context menu item: Download with &Shareaza - res://F:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - F:\Program Files\CMAPP\Client\cmappmf.dll
O20 - Winlogon Notify: reset5 - F:\FCKYOU2\SYSTEM32\reset5.dll
Click Fix Checked
Using Windows Explorer, find and delete the following items:
F:\FCKYOU2\SYSTEM32\reset5.dll
F:\Program Files\Shareaza\ (<~~ entire folder)
F:\Program Files\CMAPP\ (<~~~ entire folder)
Now, let's remove some bad services:
Post back here with both the Ewido scan log (the newest only) and a new HijackThis log.
First, if you haven’t already, please uninstall Shareaza.
Then, open HijackThis
- At the first screen, click the Open the Misc Tools Section
- Click on the Main button
- Clear the box next to Run HijackThis at startup…
Reboot into safe mode.
Go to Start->Run and type in services.msc and hit OK. Then look for LogServerShell and double click on it. Click on the Stop button and under Startup type, choose Disabled.
Repeat the same thing for TaskManagerShell
Now open and run Ewido:
- Click on scanner
- Click Complete System Scan and the scan will begin.
- During the scan when it ask if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK
- When the scan is finished, look at the bottom of the screen and click the Save report button.
- Save the report to your desktop
Close all browsers, windows and unneeded programs.
Open HijackThis and do a scan and place checks marks next to the following items:
O8 - Extra context menu item: Download with &Shareaza - res://F:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - F:\Program Files\CMAPP\Client\cmappmf.dll
O20 - Winlogon Notify: reset5 - F:\FCKYOU2\SYSTEM32\reset5.dll
Click Fix Checked
Using Windows Explorer, find and delete the following items:
F:\FCKYOU2\SYSTEM32\reset5.dll
F:\Program Files\Shareaza\ (<~~ entire folder)
F:\Program Files\CMAPP\ (<~~~ entire folder)
Now, let's remove some bad services:
- Open HiJackThis
- Click on the configure button on the bottom right
- Click on the tab "Misc Tools"
- click on "delete an NT service"
- Copy and paste this in the box: LogServerShell
- Click "ok", then reboot
- Open HiJackThis
- Click on the configure button on the bottom right
- Click on the tab "Misc Tools"
- click on "delete an NT service"
- Copy and paste this in the box: TaskManagerShell
- Click "ok", then reboot
Post back here with both the Ewido scan log (the newest only) and a new HijackThis log.
#18
Posted 31 August 2005 - 10:43 PM
shenzie2007
- Topic Starter
-
- Member
-
- 10 posts
Member
Okay, I did everything you said to do. All seems to be clean, as far as I know, but I'll let you be the judge of that.
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 10:51:49 PM, 8/31/2005
+ Report-Checksum: C3B2052
+ Scan result:
No infected objects found.
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 11:41:55 PM, on 8/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\FCKYOU2\System32\smss.exe
F:\FCKYOU2\system32\winlogon.exe
F:\FCKYOU2\system32\services.exe
F:\FCKYOU2\system32\lsass.exe
F:\FCKYOU2\system32\svchost.exe
F:\FCKYOU2\System32\svchost.exe
F:\FCKYOU2\system32\spoolsv.exe
F:\FCKYOU2\system32\cisvc.exe
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\FCKYOU2\System32\svchost.exe
F:\FCKYOU2\Explorer.EXE
F:\Program Files\ClamWin\bin\ClamTray.exe
F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
F:\FCKYOU2\TPPALDR.EXE
F:\Program Files\Gaim\gaim.exe
F:\Documents and Settings\Shenzie\Desktop\hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Babylon Client] F:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [ClamWin] "F:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [DXDllRegExe] F:\FCKYOU2\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdllreg.exe
O4 - HKLM\..\Run: [TPP Auto Loader] F:\FCKYOU2\TPPALDR.EXE
O4 - HKCU\..\Run: [ClamWin] F:\Program Files\ClamWin\bin\ClamTray.exe --logon
O4 - HKCU\..\Run: [Gaim] F:\Program Files\Gaim\gaim.exe
O4 - Startup: IconPackager.lnk.disabled
O4 - Global Startup: Microtek Scanner Finder.lnk = F:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://f:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://f:\program files\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 10:51:49 PM, 8/31/2005
+ Report-Checksum: C3B2052
+ Scan result:
No infected objects found.
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 11:41:55 PM, on 8/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\FCKYOU2\System32\smss.exe
F:\FCKYOU2\system32\winlogon.exe
F:\FCKYOU2\system32\services.exe
F:\FCKYOU2\system32\lsass.exe
F:\FCKYOU2\system32\svchost.exe
F:\FCKYOU2\System32\svchost.exe
F:\FCKYOU2\system32\spoolsv.exe
F:\FCKYOU2\system32\cisvc.exe
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\FCKYOU2\System32\svchost.exe
F:\FCKYOU2\Explorer.EXE
F:\Program Files\ClamWin\bin\ClamTray.exe
F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
F:\FCKYOU2\TPPALDR.EXE
F:\Program Files\Gaim\gaim.exe
F:\Documents and Settings\Shenzie\Desktop\hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Babylon Client] F:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [ClamWin] "F:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [DXDllRegExe] F:\FCKYOU2\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdllreg.exe
O4 - HKLM\..\Run: [TPP Auto Loader] F:\FCKYOU2\TPPALDR.EXE
O4 - HKCU\..\Run: [ClamWin] F:\Program Files\ClamWin\bin\ClamTray.exe --logon
O4 - HKCU\..\Run: [Gaim] F:\Program Files\Gaim\gaim.exe
O4 - Startup: IconPackager.lnk.disabled
O4 - Global Startup: Microtek Scanner Finder.lnk = F:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://f:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://f:\program files\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
#19
Posted 01 September 2005 - 06:15 AM
Guse
-
- Member
-
- 624 posts
Visiting Staff
Last instruction:
Disable show hidden files and folders:
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading unselect Show hidden files and folders.
* Check the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK
Congrats, your Log is clean!
An update that I recommend is: Windows XP Service Pack 2. Since you're junkware free, the time to get it is NOW. Service Pack 2 is a MAJOR upgrade for XP. It adds numerous security and software patches, as well as new features and functionality. You will also be adding another layer of protection against future threats.
In the future, here are some suggestions to keep your computer more secure.
Use a firewall - If you’re on a broadband connection, this shouldn’t even be an option. You can get a good, FREE firewall from ZoneLabs called ZoneAlarm here.
Make sure that you keep Windows up to date - Microsoft is constantly releasing updates to plug holes in their OS. It’s a good idea to take advantage of these as frequently as possible. As a matter of fact, if you’re lazy like me you can set Automatic Updates by right clicking on My Computer and selecting Properties . Then click the Automatic Updates tab, then click the Automatic radio button then click OK.
Make sure you have an up-to-date virus scanner – This is super important. Heck, it typically doesn’t even matter which one that you use… just pick one and keep it updated. A free virus scanner can be had from Grisoft, called AVG. Get it here.
You can also get a more secure browser – Not a necessity at all, but most exploits are manufactured to attack Internet Explorer. For the time being, browsers such as Opera and Firefox aren’t nearly as exploitable… yet.
Practice safe browsing – Just some run of the mill things to keep you safer. Don’t open email attachments even from people you know unless you know the attachment is coming. Try to stay to larger websites… it’s the smaller… less public ones that typically give you trouble (*this isn’t to say NEVER go there, just minimize it*). Also, try to stay legal: warez (stolen software) and file sharing apps (Kazaa, Torrents) tend to have grotesque amounts of spyware associated.
These are just some helpful tips. Enjoy malware-free computing!
Disable show hidden files and folders:
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading unselect Show hidden files and folders.
* Check the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK
Congrats, your Log is clean!
An update that I recommend is: Windows XP Service Pack 2. Since you're junkware free, the time to get it is NOW. Service Pack 2 is a MAJOR upgrade for XP. It adds numerous security and software patches, as well as new features and functionality. You will also be adding another layer of protection against future threats.
In the future, here are some suggestions to keep your computer more secure.
Use a firewall - If you’re on a broadband connection, this shouldn’t even be an option. You can get a good, FREE firewall from ZoneLabs called ZoneAlarm here.
Make sure that you keep Windows up to date - Microsoft is constantly releasing updates to plug holes in their OS. It’s a good idea to take advantage of these as frequently as possible. As a matter of fact, if you’re lazy like me you can set Automatic Updates by right clicking on My Computer and selecting Properties . Then click the Automatic Updates tab, then click the Automatic radio button then click OK.
Make sure you have an up-to-date virus scanner – This is super important. Heck, it typically doesn’t even matter which one that you use… just pick one and keep it updated. A free virus scanner can be had from Grisoft, called AVG. Get it here.
You can also get a more secure browser – Not a necessity at all, but most exploits are manufactured to attack Internet Explorer. For the time being, browsers such as Opera and Firefox aren’t nearly as exploitable… yet.
Practice safe browsing – Just some run of the mill things to keep you safer. Don’t open email attachments even from people you know unless you know the attachment is coming. Try to stay to larger websites… it’s the smaller… less public ones that typically give you trouble (*this isn’t to say NEVER go there, just minimize it*). Also, try to stay legal: warez (stolen software) and file sharing apps (Kazaa, Torrents) tend to have grotesque amounts of spyware associated.
These are just some helpful tips. Enjoy malware-free computing!
Edited by Guse, 01 September 2005 - 06:17 AM.
#20
Posted 01 September 2005 - 06:30 AM
shenzie2007
- Topic Starter
-
- Member
-
- 10 posts
Member
Thank you! Thank you so much for your help! 
#21
Posted 01 September 2005 - 07:04 AM
Guse
-
- Member
-
- 624 posts
Visiting Staff
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. 
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
