View Full Version : popup probs
DELBOY001
2007-04-12, 00:41
hi having massive pop up probs
any advice???
delboy001
DELBOY001 :scratch: :D:
http://forums.spybot.info/showthread.php?p=79458
Hi DELBOY,
Also, we should take a look at the System, you may have an infected machine.
Please follow the procedure in this link: "BEFORE you POST" -Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)
<snip>
Please follow the instructions in that link to produce the HJT log and copy/paste it into this topic. :p:
DELBOY001
2007-04-12, 17:23
I believe I have Vundo, I ran AVG it found nothing, DL Vundofix, it finds files I delete them, it finds more on the next run and the problem is ongoing
I would appreciate advice in getting rid once and for all, I know you people are well busy
DELBOY001
DELBOY001
2007-04-12, 17:30
Oops forgot this
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 17:26:00 11/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\gqugddol.dll
C:\WINDOWS\system32\hvcbgxgl.dll
C:\WINDOWS\system32\ttutv.bak1
C:\WINDOWS\system32\ttutv.bak2
C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ttutv.ini2
C:\WINDOWS\system32\vtutt.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\gqugddol.dll
C:\WINDOWS\system32\gqugddol.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hvcbgxgl.dll
C:\WINDOWS\system32\hvcbgxgl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttutv.bak1
C:\WINDOWS\system32\ttutv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttutv.bak2
C:\WINDOWS\system32\ttutv.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ttutv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ttutv.ini2
C:\WINDOWS\system32\ttutv.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\vtutt.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 17:47:42 11/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\ghhkj.bak1
C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\lubwsijb.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ghhkj.bak1
C:\WINDOWS\system32\ghhkj.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\ghhkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\jkhhg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lubwsijb.dll
C:\WINDOWS\system32\lubwsijb.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 18:02:04 11/04/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 14:58:01 12/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\adeeg.bak1
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\geeda.dll
C:\WINDOWS\system32\jgplqlwx.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\adeeg.bak1
C:\WINDOWS\system32\adeeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\adeeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\geeda.dll
C:\WINDOWS\system32\geeda.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jgplqlwx.dll
C:\WINDOWS\system32\jgplqlwx.dll Has been deleted!
Performing Repairs to the registry.
Done!
DELBOY001
2007-04-13, 11:05
oK COULDNT START COMP IN NORMAL MODE THIS MORNING just hung....
ran spybot got this
--- Search result list ---
Smitfraud-C.Toolbar888: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Araf15
Cassava: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
MediaPlex: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
FastClick: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
DoubleClick: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
ReliableStats: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
Zedo: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
Cassava: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
Advertising.com: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
Avenue A, Inc.: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
Smitfraud-C.Toolbar888: Tracking cookie (Internet Explorer: Steve) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-04-09 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-04-04 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-04-04 Includes\DialerC.sbi (*)
2007-04-04 Includes\Hijackers.sbi (*)
2007-04-04 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-04-04 Includes\KeyloggersC.sbi (*)
2007-03-21 Includes\Malware.sbi (*)
2007-04-04 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-04-04 Includes\PUPSC.sbi (*)
2007-04-04 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-04-04 Includes\SecurityC.sbi (*)
2007-03-21 Includes\Spybots.sbi (*)
2007-04-04 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-04-04 Includes\Trojans.sbi (*)
2007-04-04 Includes\TrojansC.sbi (*)
Ran Vundo fix got this now
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 08:07:15 13/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\ghkmp.bak1
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\oaswsgkh.dll
C:\WINDOWS\system32\pmkhg.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ghkmp.bak1
C:\WINDOWS\system32\ghkmp.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\ghkmp.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\oaswsgkh.dll
C:\WINDOWS\system32\oaswsgkh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhg.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhg.dll Has been deleted!
Performing Repairs to the registry.
Done!
I thought i had removed those old java versions in add remove program...... any ideas how to completely remove them
DELBOY001
2007-04-13, 11:30
ok have done tashi
http://forums.spybot.info/showthread.php?t=12852
Hi DELBOY001.
I have merged all your topics and split off the HJT log to here: http://forums.spybot.info/showthread.php?t=12892
Post all replies to that one and provide only what is asked for, no vundo log, no Spybot-S&D log. "BEFORE you POST" (http://forums.spybot.info/showthread.php?t=288)
I will close this thread or helpers will think by the post count that you are already being assisted. :)
Cheers.