Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Bad Popups & Network Monitor

  1. #1
    Junior Member
    Join Date
    Feb 2006
    Posts
    6

    Unhappy Bad Popups & Network Monitor

    Good evening,

    I've been trying to remove a bunch of pop up and haven't had any succuss. I've used Spybot, Ewido, Ad-Aware SE, and Symantec AntiVirus 10 (Corporate Edition). Any help would be appreciated.

    Spybot continuously comes back with "Network Monitor" and a couple of coolWWWsearch problems.

    Here is the HiJack This log.

  2. #2
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hello

    Download smitrem from one of these locations save the file to your desktop. (By noahdfear.)
    smitRem.exe
    smitRem.exe
    smitRem.exe
    Double click on the file to extract it to it's own folder on the desktop.
    Dont use it yet.

    Restart the PC into safe mode
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Click here if needed For instructions.

    Start Hijackthis and place a check next to these items If there.
    Close all browser windows and shut down all other programs that show in the taskbar.(even Folders)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    F3 - REG:win.ini: run=C:\WINDOWS\inet20003\winlogon.exe
    O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
    O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
    O4 - HKLM\..\Run: [0g640iv8.dll] RUNDLL32.EXE 0g640iv8.dll,b 637198663
    O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
    O4 - HKLM\..\Run: [ms042511172-201] C:\WINDOWS\ms042511172-201.exe
    O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
    O4 - HKLM\..\Run: [59WV] C:\windows\eee2.exe
    O4 - HKLM\..\Run: [HQJ9] C:\windows\eee2.exe
    O4 - HKLM\..\Run: [E-nrgyPlus] C:\Program Files\E-nrgyPlus\E-nrgyPlus.exe
    O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\winlogon.exe
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O20 - Winlogon Notify: htproc - htproc32.dll (file missing)
    O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\i4lole331h.dll (file missing)
    O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)
    O20 - Winlogon Notify: winmiu32 - winmiu32.dll (file missing)
    O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\system32\amdijocc.dll (file missing)
    O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\system32\dcom_13.dll (file missing)
    ====================================
    Hit fix checked and close Hijackthis.
    Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
    Wait for the tool to complete and disk cleanup to finish.
    The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
    Open Spybot check for and fix any problems found.
    Open Ad-aware and do a full scan. Remove all it finds.
    Run Ewido scan and fix all it finds, save the log to post later.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Restart back to a normal windows session
    Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present. click the apperence tab under Windows and buttons change it to Windows XP style > click apply and OK.

    Get this free onlines scan and post the results
    Kaspersky Lab - Free Online scan:
    http://www.kaspersky.com/virusscanner
    Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
    Then choose: my computer: scan all your hard drives and mapped disks.
    when finished click save as text and post that in your reply.

    In addremove programs uninstall webHancer
    Delete these files and folders if still there (be carefull spelling counts)
    C:\Program Files\webHancer
    C:\windows\eee2.exe
    C:\WINDOWS\SYSC00.exe
    C:\WINDOWS\ms042511172-201.exe
    c:\secure32.html
    C:\d.exe
    C:\d.exe.bak
    C:\messanger.ini
    C:\_dmm_.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\E-nrgyPlus
    C:\Program Files\E-nrgyPlus
    C:\WINDOWS\inet20003
    C:\WINDOWS\system32\amdijocc.dll (file missing)
    C:\WINDOWS\system32\dcom_13.dll
    C:\WINDOWS\system32\avAw6.sys
    Which were there ?

    Also post a blacklite log if any files show
    F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
    Click the i accept button near the bottom of that page.
    Download and run blacklite click > scan then > next, next again then exit
    there will be a new txt near blacklite. post it please.
    Important: If any files show Do not rename them.....legitimate files can be listed.
    Post a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log And Let us know if any problems persist.

  3. #3
    Junior Member
    Join Date
    Feb 2006
    Posts
    6

    Default Response

    Good evening,

    I just wanted to say thanks in advance for the advice. I wound up out of town for a couple days and am starting your recommendations as I write this.

    Jeff

  4. #4
    Junior Member
    Join Date
    Feb 2006
    Posts
    6

    Default Results

    Hello,

    I am still getting pop ups. Last night I started the Kaspersky scan, and woke up this morning to 57 pop ups. Of course, IE crashed and I had to restart the scan (with AOL Explorer).

    I found these files and removed them:
    C:\WINDOWS\SYSC00.exe
    C:\WINDOWS\ms042511172-201.exe
    C:\_dmm_.exe
    C:\Program Files\E-nrgyPlus

    Here are the logs. The kaspersky log was too big so you can access it here:
    http://jalandoak.its-official.com/kaspersky.txt

    ###################
    ###Here is the Smitfiles log:

    smitRem © log file
    version 2.8

    by noahdfear


    Microsoft Windows XP [Version 5.1.2600]
    The current date is: Tue 02/21/2006
    The current time is: 17:27:58.63

    Running from
    C:\temp\smitRem

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Pre-run SharedTask Export

    (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
    Copyright(C) 2006 BleepingComputer.com

    Registry Pseudo-Format Mode (Not a valid reg file):

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
    "{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}"="DCOM Server"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    checking for ShudderLTD key

    ShudderLTD key not present!

    checking for PSGuard.com key


    PSGuard.com key not present!


    checking for WinHound.com key


    WinHound.com key not present!

    spyaxe uninstaller NOT present
    Winhound uninstaller NOT present
    SpywareStrike uninstaller NOT present

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Existing Pre-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~

    logfiles


    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 800 'explorer.exe'

    Starting registry repairs

    Registry repairs complete

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    SharedTask Export after registry fix

    (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
    Copyright(C) 2006 BleepingComputer.com

    Registry Pseudo-Format Mode (Not a valid reg file):

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
    "{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}"="DCOM Server"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Deleting files

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Remaining Post-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~



    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~


    ~~~ Wininet.dll ~~~

    CLEAN!





    #################
    ###Here is the Ewido log:
    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 10:53:43 PM, 2/21/2006
    + Report-Checksum: 13533CE6

    + Scan result:

    C:\Documents and Settings\Amanda\Cookies\amanda@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Amanda\Cookies\amanda@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Amanda\Cookies\amanda@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
    C:\Documents and Settings\Amanda\Cookies\amanda@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
    C:\Documents and Settings\Amanda\Cookies\amanda@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Amanda\Cookies\amanda@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Amanda\Cookies\amanda@com[2].txt -> TrackingCookie.Com : Cleaned with backup
    C:\Documents and Settings\Amanda\Cookies\amanda@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
    C:\Documents and Settings\Amanda\Cookies\amanda@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
    C:\Documents and Settings\Amanda\Cookies\amanda@ilead.itrack[1].txt -> TrackingCookie.Itrack : Cleaned with backup
    C:\Documents and Settings\Amanda\Cookies\amanda@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned with backup
    C:\Documents and Settings\Amanda\Cookies\amanda@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Amanda\Cookies\amanda@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Amanda\Cookies\amanda@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
    C:\Documents and Settings\Amanda\Cookies\amanda@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Amanda\Cookies\amanda@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Amanda\Cookies\amanda@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Amanda\Cookies\amanda@www.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
    C:\Documents and Settings\Amanda\Cookies\amanda@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Amanda\Local Settings\Temp\Del648.tmp -> Hijacker.Agent.dt : Cleaned with backup
    C:\Documents and Settings\Compaq Customer\Cookies\compaq customer@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Compaq Customer\Cookies\compaq customer@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Compaq Customer\Cookies\compaq customer@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
    C:\Documents and Settings\Compaq Customer\Cookies\compaq customer@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
    C:\Documents and Settings\Compaq Customer\Cookies\compaq customer@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
    C:\Documents and Settings\Compaq Customer\Cookies\compaq customer@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Compaq Customer\Cookies\compaq customer@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Compaq Customer\Cookies\compaq customer@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Compaq Customer\Cookies\compaq customer@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
    C:\Documents and Settings\Compaq Customer\Cookies\compaq customer@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Compaq Customer\Cookies\compaq customer@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Compaq Customer\Cookies\compaq customer@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
    C:\Documents and Settings\Compaq Customer\Cookies\compaq customer@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
    C:\Documents and Settings\Compaq Customer\Cookies\compaq customer@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Compaq Customer\Cookies\compaq customer@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Compaq Customer\Cookies\compaq customer@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Compaq Customer\Cookies\compaq customer@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned with backup
    C:\Documents and Settings\Compaq Customer\Cookies\compaq customer@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Compaq Customer\Local Settings\Temp\Del24D.tmp -> Hijacker.Agent.dt : Cleaned with backup
    C:\Documents and Settings\Compaq Customer\Local Settings\Temp\Del250.tmp -> Hijacker.Agent.dt : Cleaned with backup
    C:\Program Files\E-nrgyPlus\trackurl.exe -> Hijacker.Agent.dt : Cleaned with backup


    ::Report End

    ###################
    ###Here is the Blacklight log:
    02/22/06 18:33:10 [Info]: BlackLight Engine 1.0.32 initialized
    02/22/06 18:33:10 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    02/22/06 18:33:12 [Note]: 7019 4
    02/22/06 18:33:12 [Note]: 7005 0
    02/22/06 18:33:24 [Note]: 7006 0
    02/22/06 18:33:24 [Note]: 7011 1316
    02/22/06 18:33:26 [Note]: 7015 420
    02/22/06 18:33:26 [Note]: 7015 5
    02/22/06 18:33:26 [Note]: 7015 736
    02/22/06 18:33:26 [Note]: 7015 5
    02/22/06 18:33:26 [Note]: 7015 920
    02/22/06 18:33:26 [Note]: 7015 5
    02/22/06 18:33:26 [Note]: 7015 1056
    02/22/06 18:33:26 [Note]: 7015 5
    02/22/06 18:33:28 [Note]: FSRAW library version 1.7.1015
    02/22/06 18:34:21 [Info]: Hidden file: C:\x___x\ali.exe
    02/22/06 18:34:21 [Note]: 7002 0
    02/22/06 18:34:21 [Note]: 7003 1
    02/22/06 18:34:21 [Note]: 10002 3
    02/22/06 18:34:21 [Info]: Hidden file: C:\x___x\cpy.exe
    02/22/06 18:34:21 [Note]: 10002 3
    02/22/06 18:34:21 [Info]: Hidden file: C:\x___x\dirlist
    02/22/06 18:34:21 [Note]: 7002 0
    02/22/06 18:34:21 [Note]: 7003 1
    02/22/06 18:34:21 [Note]: 10002 3
    02/22/06 18:34:21 [Info]: Hidden file: C:\x___x\dirlist.bak
    02/22/06 18:34:21 [Note]: 7002 0
    02/22/06 18:34:21 [Note]: 7003 1
    02/22/06 18:34:21 [Note]: 10002 3
    02/22/06 18:34:21 [Info]: Hidden file: C:\x___x\install.exe
    02/22/06 18:34:21 [Note]: 10002 3
    02/22/06 18:34:21 [Info]: Hidden file: C:\x___x\magic.exe
    02/22/06 18:34:21 [Note]: 7002 0
    02/22/06 18:34:21 [Note]: 7003 1
    02/22/06 18:34:21 [Note]: 10002 3
    02/22/06 18:34:21 [Info]: Hidden file: C:\x___x\mf.chm
    02/22/06 18:34:21 [Note]: 7002 0
    02/22/06 18:34:21 [Note]: 7003 1
    02/22/06 18:34:21 [Note]: 10002 3
    02/22/06 18:34:21 [Info]: Hidden file: C:\x___x\mf.txx
    02/22/06 18:34:21 [Note]: 7002 0
    02/22/06 18:34:21 [Note]: 7003 1
    02/22/06 18:34:21 [Note]: 10002 3
    02/22/06 18:34:21 [Info]: Hidden file: C:\x___x\mfx
    02/22/06 18:34:21 [Note]: 7002 0
    02/22/06 18:34:21 [Note]: 7003 1
    02/22/06 18:34:21 [Note]: 10002 3
    02/22/06 18:34:21 [Info]: Hidden file: C:\x___x\MFX.CFG
    02/22/06 18:34:21 [Note]: 7002 0
    02/22/06 18:34:21 [Note]: 7003 1
    02/22/06 18:34:21 [Note]: 10002 3
    02/22/06 18:34:21 [Info]: Hidden file: C:\x___x\mfx_cfg.org
    02/22/06 18:34:21 [Note]: 7002 0
    02/22/06 18:34:21 [Note]: 7003 1
    02/22/06 18:34:21 [Note]: 10002 3
    02/22/06 18:34:21 [Info]: Hidden file: C:\x___x\readme.txt
    02/22/06 18:34:21 [Note]: 7002 0
    02/22/06 18:34:21 [Note]: 7003 1
    02/22/06 18:34:21 [Note]: 10002 3
    02/22/06 18:34:21 [Info]: Hidden file: C:\x___x\tb.exe
    02/22/06 18:34:21 [Note]: 7002 0
    02/22/06 18:34:21 [Note]: 7003 1
    02/22/06 18:34:21 [Note]: 10002 3
    02/22/06 18:34:47 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\DRIVERS\MFX.sys
    02/22/06 18:34:47 [Note]: 7002 0
    02/22/06 18:34:47 [Note]: 7003 1
    02/22/06 18:34:47 [Note]: 10002 1
    02/22/06 18:36:26 [Note]: 7007 0

  5. #5
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    That looks like magic folders , Is it installed ?

    Post back with a fresh hijackthis log also describe the popups, when do they happen etc etc.

  6. #6
    Junior Member
    Join Date
    Feb 2006
    Posts
    6

    Default

    Magic Folders used to be installed. I thought I had uninstalled it, but maybe not. It used to be my laptop, now it's my daughters.

    The popups are coming with addresses such as screensavers.com, adssvr.com, and yield manager. They come in droves while IE is open, and I'll get a couple when windows explorer is opened, but they are not as bad. When those two programs are not open, there don't seem to be any.

    #############
    ###hijackthis.log

    Logfile of HijackThis v1.99.1
    Scan saved at 10:18:44 PM, on 2/22/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SYSTEM32\acs.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    C:\Programs\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    C:\WINDOWS\system32\qttask.exe
    C:\Programs\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Programs\DAEMON Tools\daemon.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\WINDOWS\win3208172-2012511.exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\Programs\AIM\aim.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\Common Files\AOL\1133135402\ee\AOLHostManager.exe
    C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
    C:\Program Files\Common Files\AOL\1133135402\ee\AOLServiceHost.exe
    C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
    C:\Program Files\Common Files\AOL\1133135402\ee\AOLServiceHost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\AOL\1133135402\ee\AOLServiceHost.exe
    C:\temp\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    F3 - REG:win.ini: run=C:\WINDOWS\inet20003\winlogon.exe
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\system32\qttask.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programs\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programs\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133135402\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [win3208172-2012511] C:\WINDOWS\win3208172-2012511.exe
    O4 - HKCU\..\Run: [AIM] C:\Programs\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\winlogon.exe
    O4 - Startup: WinMySQLadmin.lnk = C:\Programs\mysql\bin\winmysqladmin.exe
    O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
    O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
    O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programs\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - file://D:\Installers\QuickTime\qtplugin.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - http://www.bigad.com.au./player/vivid_ocx.jpeg
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\SYSTEM32\acs.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Programs\ewido anti-malware\ewidoctrl.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
    O23 - Service: MySql - Unknown owner - C:/Programs/mysql/bin/mysqld-nt.exe (file missing)
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

  7. #7
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Open a command prompt (start run type cmd press enter)
    type
    sc delete lsass
    press enter, type exit and press enter to exit the command prompt

    Start Hijackthis and place a check next to these items If there.
    Close all browser windows and shut down all other programs that show in the taskbar.(even Folders)
    F3 - REG:win.ini: run=C:\WINDOWS\inet20003\winlogon.exe
    O4 - HKLM\..\Run: [win3208172-2012511] C:\WINDOWS\win3208172-2012511.exe
    O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\winlogon.exe
    O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - http://www.bigad.com.au./player/vivid_ocx.jpeg
    O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
    ====================================
    Hit fix checked and close Hijackthis.
    Restart the PC
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Set windows to show hidden extensions, file's, folder's.
    >click here for instructions<.
    Manualy delete
    C:\WINDOWS\win3208172-2012511.exe < file
    C:\WINDOWS\inet20003 <folder

    Post a fresh hijackthis log please, be sure to mention any current problems.

  8. #8
    Junior Member
    Join Date
    Feb 2006
    Posts
    6

    Default

    I didn't find the folder C:\WINDOWS\inet20003, but I found and deleted the other file.

    I left Windows Explorer and IE open all day, and came home to no pop ups. Things appear to have worked.

    Here is the new log:
    ##############

    Logfile of HijackThis v1.99.1
    Scan saved at 5:12:44 PM, on 2/23/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SYSTEM32\acs.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    C:\Programs\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    C:\WINDOWS\system32\qttask.exe
    C:\Programs\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Programs\DAEMON Tools\daemon.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Programs\AIM\aim.exe
    C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
    C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
    C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
    C:\Program Files\Common Files\AOL\1133135402\ee\AOLHostManager.exe
    C:\Compaq\EAKDRV\EAUSBKBD.EXE
    C:\Program Files\Common Files\AOL\1133135402\ee\AOLServiceHost.exe
    C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
    C:\Program Files\Common Files\AOL\1133135402\ee\AOLServiceHost.exe
    C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
    C:\temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\system32\qttask.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programs\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programs\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133135402\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKCU\..\Run: [AIM] C:\Programs\AIM\aim.exe -cnetwait.odl
    O4 - Startup: WinMySQLadmin.lnk = C:\Programs\mysql\bin\winmysqladmin.exe
    O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
    O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
    O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programs\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - file://D:\Installers\QuickTime\qtplugin.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\SYSTEM32\acs.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Programs\ewido anti-malware\ewidoctrl.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    O23 - Service: MySql - Unknown owner - C:/Programs/mysql/bin/mysqld-nt.exe (file missing)
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

  9. #9
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Looks good
    Update suns java manualy
    Sun Java V1.5.0_06 is Available: http://java.com/en/index.jsp
    Afterwards Turn off it's auto-updater,(Its buggy) , in control panel java >
    update tab uncheck its option to update automatically.
    After you install the newer version its important to uninstall the old versions, via addremove programs.
    http://forums.spybot.info/showthread.php?t=2559

    Check to ensure you have the latest version or any media and chat programs, such as quicktime and AIM, i usualy recommend uninstalling any Viewpoint programs, but thats optional..

    Prevention:
    Put in place a good hosts file
    http://www.mvps.org/winhelp2002/hosts.htm
    How To Download and Extract the HOSTS file:
    http://www.mvps.org/winhelp2002/hosts2.htm
    Replace it about once monthly to keep it updated

    To help avoid reinfection see "So how did I get infected in the first place?"
    http://forums.spybot.info/showthread.php?t=279

  10. #10
    Junior Member
    Join Date
    Feb 2006
    Posts
    6

    Default

    Thank you very much for your time. I was close to reformatting and starting over.

    Jeff

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •