View Full Version : serving.betarget.net
Dear,
Since a few days I'm getting suddenly an empty pop up window, indicating an address as the following:
http://serving.betarget.net/serving/links_net.php?nid=1031&chad=1&cs=&adtype=&sid=18&pid=14&uid=24323328388177&adu=1&image=0&c1=&c2=&c3=&c4=&ref=na&memkey=dd3a350305815911b27675fbce1fe5f4&bdurl=&qp=`^%!,û,+{û}.~$&pcc=0.0000&pcv=0.0000&pcm=0.0000&durl=
Or this:
http://serving.betarget.net/serving/links_net.php?nid=1031&chad=1&cs=&adtype=&sid=18&pid=14&uid=24323336695082&adu=1&image=0&c1=&c2=&c3=&c4=&ref=na&memkey=dd3a350305815911b27675fbce1fe5f4&bdurl=&qp=`^%!,û,+{û}.~$&pcc=0.0000&pcv=0.0000&pcm=0.0000&durl=
Or most probably others... in the same style.
The window closes itself automatically, so I almost don't notice it. But everytime it comes back while I'm working in other programmes. Just a second. I don't think it comes when I colse the internet.
By force I decided once to open one of these pop ups, this means I added the address in the internet addressbar. It opens a blank window indicating my IP.
Can anybody help me with this? Am I infected with some adware?
I suspect maybe 2 programmes which I lately installed on my pc: the Agloco viewbar and Aarons Autobrowse.
Hoverer I installed these programmes already some time ago and it did not seem to happen immediatly in the beginning.
I searched google also on the subject of betarget.net, but could find nothing more than that it seems to be a bad site???
Spybot Search and destroy does not find anything on my pc.
Please help.
Thanks,
Ducje
pskelley
2007-07-28, 03:26
Welcome to Safer Networking, if you still need help and are not receiving it elsewhere, it appears you have missed some important instructions our administrator has posted at the top of the forum, especially this: "BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please read and follow all instructions and post all required logs or reports, anything less will slow your process.
Use "Post Reply" to post the information in the instructions and stay in the same topic.
I don't know if I can help or not, but pinned to the top of the forum and posted at the top of this post are the instructions you will need to follow if you wish to find out.
Thanks
Herewith the Hijack This log file:
Logfile of HijackThis v1.99.1
Scan saved at 15:50:05, on 31/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tazjtiubo0blattlq9.usercash.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Owner Owner
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Owner.lnk = ?
O4 - Startup: Launch Internet Explorer Browser.lnk = C:\Program Files\Internet Explorer\iexplore.exe
O4 - Startup: Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Startup: Shortcut to Contact_List.lnk = D:\Owner\Consulate\Information\Contact_List.xls
O4 - Startup: Shortcut to Informationdoc.lnk = D:\Owner\Consulate\Information\Informationdoc.doc
O4 - Startup: Shortcut to Notes01-04-2007.lnk = D:\Owner\Consulate\Information\Notes01-04-2007.txt
O4 - Startup: Shortcut to Tel_Record.lnk = D:\Owner\Consulate\Information\Tel_Record.xls
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Owner.lk
O17 - HKLM\Software\..\Telephony: DomainName = Owner.lk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Owner.lk
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
pskelley
2007-07-31, 13:52
Not a lot showing in the HJT log, let clean some of the junk and see what happens.
1) Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP, Update for Windows XP and Windows XP Hotfix to shorten the list)
2) Turn off TeaTimer until we finish, it blocks our tools:
http://russelltexas.com/malware/teatimer.htm
3) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.
4) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
5) We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
Open Windows Defender, Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.
6) AVG Anti-Spyware: Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.
7) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tazjtiubo0blattlq9.usercash.com/
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
Close all programs but HJT and all browser windows, then click on "Fix Checked"
8) RIGHT Click on Start then click on Explore. Locate and delete these items:
C:\Program Files\AGLOCO Viewbar\ <<< delete that folder
9) Follow the directions in this link to run AVG Anti-Spyware, make sure you delete or quarantine anything it finds and save the scan report to post.
http://forums.security-central.us/showthread.php?t=3165
10) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart the computer and post the Uninstall list, the AVG Anti-Spyware scan report and a new HJT log. Add any comments you think will help.
Thanks
I followed all steps as described by you.
Except fornumber 8.
I did not delete the C:\Program Files\AGLOCO Viewbar\
In stead I uninstalled and checked whether it was deleted. It was gone.
Find here the uninstall list before I did anything as requested by you under point 1:
Aarons Autobrowse Version 3.2
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Photoshop 6.0
AGLOCO Viewbar 1.03
AVG Anti-Spyware 7.5
EDB Trade Statistics
Google Talk (remove only)
HijackThis 1.99.1
Intel Application Accelerator
Kompass
LiveUpdate 3.0 (Symantec Corporation)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
SoundMAX
Spybot - Search & Destroy 1.4
Spyware Doctor 5.0
Symantec Client Security
Windows Defender
Windows Installer 3.1 (KB893803)
Windows XP Service Pack 2
Xabre
The uninstalllist after the entire process:
Aarons Autobrowse Version 3.2
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Photoshop 6.0
AVG Anti-Spyware 7.5
EDB Trade Statistics
Google Talk (remove only)
HijackThis 1.99.1
Intel Application Accelerator
Kompass
LiveUpdate 3.0 (Symantec Corporation)
Microsoft Office Professional Edition 2003
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
SoundMAX
Spybot - Search & Destroy 1.4
Spyware Doctor 5.0
Symantec Client Security
Windows Defender
Windows Installer 3.1 (KB893803)
Windows XP Service Pack 2
Xabre
The AVG scan report:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:07:39 06/08/2007
+ Scan result:
C:\Documents and Settings\Owner\Cookies\Owner@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
::Report end
As last the new Hijack log after the proces:
Logfile of HijackThis v1.99.1
Scan saved at 10:18:53, on 06/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Owner Owner
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - Startup: Owner.lnk = ?
O4 - Startup: Launch Internet Explorer Browser.lnk = C:\Program Files\Internet Explorer\iexplore.exe
O4 - Startup: Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Startup: Shortcut to Contact_List.lnk = D:\Owner\Consulate\Information\Contact_List.xls
O4 - Startup: Shortcut to Informationdoc.lnk = D:\Owner\Consulate\Information\Informationdoc.doc
O4 - Startup: Shortcut to Notes01-04-2007.lnk = D:\Owner\Consulate\Information\Notes01-04-2007.txt
O4 - Startup: Shortcut to Tel_Record.lnk = D:\Owner\Consulate\Information\Tel_Record.xls
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Owner.lk
O17 - HKLM\Software\..\Telephony: DomainName = Owner.lk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Owner.lk
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
Thanks for further advise.
How does it all look?
Best regards
pskelley
2007-08-06, 12:44
Thanks for retruning your information and the feedback, fir the uninstall list:
The uninstall list after the entire process:
no problem
AVG Anti-Spyware - Scan Report
clean
Logfile of HijackThis v1.99.1
Scan saved at 10:18:53, on 06/08/2007
HJT looks clean of malware, just this one question:
I am wondering why you have these two progams set to launch at Startup like that, is there a reason?
O4 - Startup: Launch Internet Explorer Browser.lnk = C:\Program Files\Internet Explorer\iexplore.exe G
O4 - Startup: Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
How is the computer running, any problems now? If not then do this:
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
I cleaned the system restore as generally my pc is working fine.
Only this pop up as in the initial post actually on and off remains.
However I think I found out that this pop up comes when the browser is open on the website www.imagefap.com.
I added serving.betarget.net now in the restricted list of the internet zone. Now the pop up still comes, however anoying thing is, it doesn't close himself anymore. It stays open. So when another comes it is a new window, and again and again. Earlier when it was not in the restricted list it came up, but before I actually really could see the thing it was already closed.
Now it remains open, but the window does not display my IP anymore, in stead it dispays: 'no system default ad'
If I do not go to Imagefap it doesn't come.
Is it related to that website?
Sorry I forgot to answer this.
I just have put it there since I anyway need them as soon as I put on the pc.
And thanks for the very useful links you gave.
pskelley
2007-08-07, 12:54
Let's see what we can find out.
1) Are you running a popup blocker?
2) Is Spybot S&D finding any items it can not remove?
(be sure it is up to date and fully immunized before you run it)
3) Likely that toolbar did install the junk, one reason to avoid free toolbars unless you are sure they are reputable.
4) Have you tried to block the item in your IE browser?
IE > Tools > Internet Options > Privacy Tab > Sites > add that address to the white box and click on "Block"
5) Let's run another good scan to see if it will pick up anything for us:
Run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner
Next Click on Launch Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.
Then post it here.
Thanks
Maybe additional problem to start with.
Yesterday while doing something and searching in google, I was directed to abcash.biz.
When I went there my virus system Symantec suddenly discovered a downloader adjs[1].php.
It was detected several times as folows:
adjs[1].php
adjs[2].php
adjs[4].php
When I tried to delete it permanently in Symantec it showed as if it was already deleted, however the risk history tells the following:
Action: Partial
Status: Infected
Primary action: clean security risk
Secondary action: Quarantine
Action description: Risk was partially removed
The location according to Symantec is in the Temporary internet files\content.ie5\ in these folders there.
I ran the ATF cleaner and after that I checked in these temp internet files, it is nowhere.
Also the symantec Quarantine, Backup and Repaired items are empty. It only shows in the risk history.
I also redid the what you asked me to do yesterday to clean the back ups. I did this after I was sure that I could not find it anywhere.
Also a manual deep scan with symantec could not discover anything. Is it gone?
Then an answer to your questions. Only after the above story and a full reboot and so on I started what you asked:
1. Only the pop up blocker in the internet options
2. I updated spybot, clicked immunize and did a new scan:
No items were found
I also run another manual scan of Symantec: nothing
3. :-(
4. I did that no change. I'm actually even not sure whether it remains in the block list. I think I can't find it.
5. The online scan: nothing detected, the log:
Wednesday, August 08, 2007 2:12:32 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 8/08/2007
Kaspersky Anti-Virus database records: 353665
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 29801
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 00:38:52
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03282007-094843.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Client Firewall\System.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Outlook\Outlook.NK2 Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\Archive.pst Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\Outlookpop.Owner.lk-00000002.pst Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\Outlookpop.Owner.lk-00000004.pst Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{CD65D923-08C5-4F3C-94E7-8361DF49FB2C} Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\History\History.IE5\MSHist012007080820070809\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_39c.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3W5GKOCQ\vdbestvdbestpedomompthczi5[1].flv Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\9G2CPNOM\clicksorTextLink[1].swf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT\0415NAV~.TMP Object is locked skipped
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT\0764NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\profile.dat Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
And another thing is that I find that I get relatively a lot of Spam mails.
Im using Microsoft Office Outlook 2003.
pskelley
2007-08-08, 12:05
Review that information from experts I posted, that may help you most. I will tell you I personally run SpywareBlaster, SpywareGuard and a Hosts file: IE-Spyad.(all freeware programs) You will read about these programs in the links. These programs are not active realtime protection like Windows Defender, they block by knowing the malware and not allowing it to uninstall.
I use Google Toolbar as my popup blocker of choice, if you want to give it a try you can download it here:
http://toolbar.google.com/T4/index_pack.html
They try to get you to download a lot of unneccessary eye-candy, I suggest the BASIC toolbar/popup blocker and none of the other resource using junk.
Yesterday while doing something and searching in google, I was directed to abcash.biz.Read these links, the only way to totally avoid issues like that is not to surf the internet.
http://www.theregister.com/2007/05/11/google_malware_map/
http://redtape.msnbc.com/2007/05/the_next_net_th.html
If your AV, Symantec, is stopping and deleting or quarantining the junk, it is doing it's job. I personally go only to sites I know are safe and even some of them are infected. The hackers are everywhere anymore, organized crime has moved in and until ways to stop this are found, it is only going to get worse.
And another thing is that I find that I get relatively a lot of Spam mails.
Im using Microsoft Office Outlook 2003.We all get it, there is stuff you can do to control it and slow it down. Use your spam filters in Outlook to filter the junk to spam boxes and have it delete automatically on a regular basis. When you type your name and email address for "reputable" businesses and they turn around and sell their lists to spammers and that is compounded by hugh ammounts of zombie computers which sending out spam without even knowing they are doing it...see the problem?
I asked Google "how to stop spam" and it has 55,600,000 websites dealing with the problem.
http://www.google.com/search?hl=en&q=how+to+stop+spam&btnG=Search
Thanks
I installed all these programmes. Thanks for the support.
The sad issue is that this pop up is still there. Only when I go to imagefap it come. Now even I get 2 pop ups there: serving.betarget.net and ilead.itrack.it
I dded them both to the restricted sites, but ilead.itrack.it loads as an empty page and the other one says no system default ad (what I told you before).
I could not try this out on another pc?
What do you think, could it be related to the site imagefap or is it in my pc?
Fact is that earlier it did not come (1 month ago).
When I close Imagefap it does not come anymore.
I did a search on google for ilead.itrack.it and found some solutions in doing something with the Javascript. I actually did not understand anything of that. I just post here the link where I found that: http://forums.spywareinfo.com/lofiversion/index.php/t56812.html
There were some more items in google on this.
What is your feeling about this?
Many thanks
pskelley
2007-08-08, 16:14
What is your feeling about this?
I may be the wrong one to ask, being a Floridian who is licensed to carry, I feel the same way about my computer as I do my castle. I believe folks who break into your castle should be shot on the spot, or dragged quickly to a wall for this to be done.
What do you think, could it be related to the site imagefap or is it in my pc?Disconect from the internet, if the popups stop it not your computer.
It does not appear we have looked for a rootkit infection yet, let's try BlackLight:
Please download F-Secure BlackLight Beta:
https://europe.f-secure.com/exclude/blacklight/index.shtml
Save it to its own folder in the Desktop
Double-click blbeta.exe to run the program
Click : Scan
A list of all items found is created
The list is in the BlackLight folder on the Desktop, and named fsbl.xxxxxxx.log (xxxxxxx are numbers).
Please provide the log created by BlackLight in your next reply.
(do not delete anything, most if not all files will be valid)
Thanks
I will try it tomorrow.
Just a quick question inbetween.
You told me to disconnect from the internet.
What you mean exactly? close the browser? Or also close the network connection?
If that particular site is not open, the pop ups don't come. Thus for example if my browser is just idling on a page as www.google.com for example, no pop ups will come.
What is your idea about the java story in the link I posted earlier?
Thanks again and speak to you tomorrow.
One additional question:
I downloaded: IE-Spyad
What are the numbers (functions) which I should select?
Are there updates for this programme regularry? Because it has no update function?
Thanks again
pskelley
2007-08-08, 19:14
You told me to disconnect from the internet.
What you mean exactly? close the browser? Or also close the network connection?To be sure you need to be totally closed from the internet, turn off your DSL modem or disconnect your cable. Seems you have done it and know the popups are occuring when you visit the site. Your popup blocker should block those, I still get one once in a while, but I quickly learn to avoid those sites. It's hard to avoid them all, but the freeware tools I use stop 99% of them. Some sites like Orbitz, still manage to force one in when I click their link somehow.
Here is a good tutorial for using IE-Spyad:
http://www.bleepingcomputer.com/forums/tutorial53.html
Updates do not occur that often, I watch this website for them:
http://www.spywarewarrior.com/uiuc/resource.htm#IESPYAD
Thanks
Results of the root kit scan with:
08/09/07 09:00:16 [Info]: BlackLight Engine 1.0.64 initialized
08/09/07 09:00:16 [Info]: OS: 5.1 build 2600 (Service Pack 2)
08/09/07 09:00:16 [Note]: 7019 4
08/09/07 09:00:16 [Note]: 7005 0
08/09/07 09:00:51 [Note]: 7006 0
08/09/07 09:00:51 [Note]: 7011 1728
08/09/07 09:00:52 [Note]: 7026 0
08/09/07 09:00:52 [Note]: 7026 0
08/09/07 09:00:56 [Note]: FSRAW library version 1.7.1022
08/09/07 09:05:20 [Note]: 7007 0
I searched google for root kit infections and found some other scans. I did them:
1. The Microsoft Malicious sofware remover
Nothing found
2. Then I did Root Kit Hook analyzer
That one came up with a long list of things which I did not understand at all. I triedto export the list, but it did not work it gave me some address violation error.
So I made a screenshot of the hooks only (6 marked in red) and attached it herewith. Screenshots of the full report exceed the file size of this forum (800KB).
3. Then I also did Rootkit Revealer. This gave a very long report which doesn't tell me much either. I'll post it in the next reply as it is too long.
It seems to be too many lines to post it. So I'll attach it.
Apart from all the above, I seem to have a problem with SpywareGuard.
Yesterday I installed it and it launched and everything went wel. Also a small icon appeared in the right bottom of my sreen (near the clock), I don't know how that bar is called.
Now that is not there anymore. If I click to launch it manually from the shortcut in the programme menu, it does not launch. If I click the exe file directly (sgmain.exe), it doesn't launch either? If I look in the task manager however this process is there.
Maybe this is normall, maybe there is no interface and it just does its work in the background?
You can tell me anything more on that?
Thanks a lot and I hope we reach the end of me bothering you, sorry, but very much appreciated.
Regards,
I uninstalled it and reinstalled it.
Did a reboot and then it launched?
Let's hope tomorrow it still works.
pskelley
2007-08-09, 12:10
I am sorry, I have a personal policy of not opening attached files, as well as it is also Safer Networking policy to attach file only when the helper requests it.
I am personally satisfied that you do not have a rootkit or any malwere for that matter.
I did violate my own rule and open the zip files, the results are this:
0 bytes Hidden from Windows API.
Apart from all the above, I seem to have a problem with SpywareGuardA small SG will be in the "System Tray" near the clock, here is a tutorial for using that program:
http://www.bleepingcomputer.com/forums/tutorial50.html
If you need other tutorials, look here: http://www.bleepingcomputer.com/tutorials/
Up to 115 tutorials now and they are among
the best available.
You can tell me anything more on that?The tutorial should answer all of your questions.
I hope we reach the end of me bothering youIt is certainly not a bother, since I am a volunteer, I would not be here if it were:)
Thanks
OK, great! No rootkit infection.
Thanks for breaking your rule and checking my attachments. Sorry I now indeed realise that this always could be a risk for you.
So I presume that my original problem, which is still there, is related to the site imagefap.com
Only solution is then not to go there anymore.
If my browser Internet explorer is closed, these pop ups do not come.
If my browser is just open on a page as for example www.google.com, the pop up do not come.
If I'm browsing around, except for going to imagefap these pop ups do not come.
If I close the network connection, the pop ups do not come.
The pop only comes when I go to imagefap
pskelley
2007-08-09, 13:15
http://XXX.imagefap.com/ <<< why would anyone want to go there? You are asking for trouble. If you are taking your computer to sites like that, then we are both wasting our time trying to clean it.
Thanks
I tried to surf imagefap.com on another pc and the seem pop ups came. So I presume it is all related to that site and not to my pc.
Thank God!
Thanks for all the assistance I got from you and all the thing I learned. Was really great!
Thanks a lot and maybe see you again another time.
Best regards,
Thanks a lot for your support and advise.
pskelley
2007-08-18, 02:40
As the problem appears to be resolved this topic has been closed.
If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Anyone else with similar problems please start a new topic.