Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unknown Malware problem [RESOLVED]


  • This topic is locked This topic is locked

#1
Vince2005

Vince2005

    New Member

  • Member
  • Pip
  • 4 posts
Hi Guys,

I am having a problem, every time I log into the net and open IE a new window appears opening a page at floist dot com, then it redirects a page to p2pcasino dot net, I have ran every bit of spyware I have and my virus scanner and nothing picks this up. (I would not go to the two sites I have mentioned here unless you are really sure that you are very well protected)

There are a few other things that are not right, in the services. I have a service called:

Mouse button monitor

Which is a service that I cant stop, even if I click on the properties for the object the properties sheet does not appear, but if I then try to close the services it tells me that I must close all properties sheets before closing, the only way to get the services to close is to use Task Manager and force the issue. I have also ran HiJackThis but there seems to be nothing unusual about that either.

Also I am unable to stop the service RPC, which I know I should be able to stop if needed.

Does anyone have any suggestions as to what this is and how I can remove it from my system?

Thanks in advance for any help

Regards

Vince
  • 0

Advertisements


#2
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Please Click here!, and follow the recommendations in the guide.

If you're still having trouble, We'll need you to use a free diagnostic tool, Hijack This. Follow the instructions in step five of this guide, and reply here with your log.

Most of what Hijack This lists lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
Vince2005

Vince2005

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Guys,

OK here is the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 17:45:26, on 13/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\taskmgr.exe
C:\WINNT\etb\pokapoka75.exe
C:\HiJackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://testsite.co.uk/"); (C:\Documents and

Settings\Administrator\Application Data\Mozilla\Profiles\default\g0o2urf9.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",

"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and

Settings\Administrator\Application Data\Mozilla\Profiles\default\g0o2urf9.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat

6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat

6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat

6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [System service75] C:\WINNT\etb\pokapoka75.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ********
O17 - HKLM\System\CCS\Services\Tcpip\..\{21E28FB7-1AC0-4F72-BF31-F5C4396F8594}: NameServer = ***.***.***.***
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AAF6FDA-7239-42DC-A84E-1262EDF3CBDB}: NameServer = 212.74.114.129 212.74.114.193
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = *******.co.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = *******.co.uk
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. -

C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Unknown owner - C:\Program Files\Common

Files\EPSON\EBAPI\SAgent2.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

#4
Vince2005

Vince2005

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Guys,

I should have searched the forum better I have noticed another tread with the same problem and a fix my bad :tazz:

sory for wasting anyones time.

Regards

Vince
  • 0

#5
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP