View Full Version : Keep getting Dialer-257 and SpywareStrike(logs)
wolfstench
2006-03-20, 09:02
The Dialer cannot be cleaned by my McAfee and the spywarestrike keeps getting cleaned but they both come back in message alerts. Thanks in advance.
Logfile of HijackThis v1.99.1
Scan saved at 2:52:33 AM, on 3/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\312\BITVAU~1\CONFIG~1.EXE
C:\Program Files\312\BitVault_Services\jre\bin\javaw.exe
C:\PROGRA~1\312\BITVAU~1\RENDEZ~1.EXE
C:\PROGRA~1\312\BITVAU~1\312WEB~1.EXE
C:\Program Files\312\BitVault_Services\jre\bin\javaw.exe
C:\Program Files\312\BitVault_Services\jre\bin\javaw.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\highjackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM (R) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: PRISMGNA.DLL - C:\WINDOWS\SYSTEM32\PRISMGNA.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitVault_ConfigFileServer (BVCFS) - ZeroG Software - C:\PROGRA~1\312\BITVAU~1\CONFIG~1.EXE
O23 - Service: BitVault_LM (BVLM) - ZeroG Software - C:\PROGRA~1\312\BITVAU~1\LICENS~1.EXE
O23 - Service: BitVault-Rdv (BVRDV) - ZeroG Software - C:\PROGRA~1\312\BITVAU~1\RENDEZ~1.EXE
O23 - Service: BitVault-WebServer (BVWS) - ZeroG Software - C:\PROGRA~1\312\BITVAU~1\312WEB~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
wolfstench
2006-03-20, 09:03
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 1:48:45 AM, 3/20/2006
+ Report-Checksum: 16CA707D
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{736b5468-bdad-41be-92d0-22ae2ddf7bcb} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-3404155837-1379011008-4285008422-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB} -> Adware.Generic : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Thomas\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Thomas\Cookies\thomas@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Thomas\Cookies\thomas@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Thomas\Cookies\thomas@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\Content.IE5\IJOLA5U7\gdnUS2296[1].exe -> Downloader.Small.ayl : Cleaned with backup
C:\quarantine\abdpfomd.exe.Vir -> Trojan.Dialer.ay : Cleaned with backup
C:\quarantine\aimmeond.exe.Vir -> Trojan.Dialer.ay : Cleaned with backup
C:\quarantine\baafaimd.exe.Vir -> Trojan.Dialer.ay : Cleaned with backup
C:\quarantine\bhnlojmd.exe.Vir -> Trojan.Dialer.ay : Cleaned with backup
C:\quarantine\ddmnpmnd.exe.Vir -> Trojan.Dialer.ay : Cleaned with backup
C:\quarantine\dgkkhlmd.exe.Vir -> Trojan.Dialer.ay : Cleaned with backup
C:\quarantine\dklckamd.exe.Vir -> Trojan.Dialer.ay : Cleaned with backup
C:\quarantine\eklpjjnd.exe.Vir -> Trojan.Dialer.ay : Cleaned with backup
C:\quarantine\fkmdnpnd.exe.Vir -> Trojan.Dialer.ay : Cleaned with backup
C:\quarantine\gidaidmd.exe.Vir -> Trojan.Dialer.ay : Cleaned with backup
C:\quarantine\hbfpemhc.exe.Vir -> Trojan.Dialer.ay : Cleaned with backup
C:\quarantine\hhioglnd.exe.Vir -> Trojan.Dialer.ay : Cleaned with backup
C:\quarantine\idngbfmd.exe.Vir -> Trojan.Dialer.ay : Cleaned with backup
C:\quarantine\jklpgjhc.exe.Vir -> Trojan.Dialer.ay : Cleaned with backup
C:\quarantine\kahjaind.exe.Vir -> Trojan.Dialer.ay : Cleaned with backup
C:\quarantine\kmlfogmd.exe.Vir -> Trojan.Dialer.ay : Cleaned with backup
C:\quarantine\ldmncpmd.exe.Vir -> Trojan.Dialer.ay : Cleaned with backup
C:\quarantine\mssearchnet.exe.Vir -> Downloader.Zlob.is : Cleaned with backup
C:\quarantine\nginkohc.exe.Vir -> Trojan.Dialer.ay : Cleaned with backup
C:\quarantine\nkhbdcmd.exe.Vir -> Trojan.Dialer.ay : Cleaned with backup
C:\quarantine\nvctrl.exe.Vir -> Downloader.Zlob.ir : Cleaned with backup
C:\quarantine\onajpkhc.exe.Vir -> Trojan.Dialer.ay : Cleaned with backup
C:\quarantine\pooljhhc.exe.Vir -> Trojan.Dialer.ay : Cleaned with backup
C:\quarantine\ppjnnnhc.exe.Vir -> Trojan.Dialer.ay : Cleaned with backup
C:\quarantine\ppmimmmd.exe.Vir -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gdnUS2296.exe -> Downloader.Small.ayl : Cleaned with backup
::Report End
wolfstench
2006-03-20, 09:05
Panda ActiveScan
Incident Status Location
Adware:adware/emediacodec Not disinfected C:\WINDOWS\SYSTEM32\ncompat.tlb
Adware:adware/securityerror Not disinfected C:\WINDOWS\SYSTEM32\ot.ico
Adware:adware/securitytoolbar Not disinfected C:\PROGRAM FILES\Security Toolbar
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Thomas\Cookies\thomas@atwola[1].txt
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-23722627-685c059b.zip[BlackBox.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-23722627-685c059b.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-23722627-685c059b.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-23722627-685c059b.zip[Beyond.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33c55694-5a3ca186.zip[BlackBox.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33c55694-5a3ca186.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33c55694-5a3ca186.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-33c55694-5a3ca186.zip[Beyond.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4ef836e7-52b209b3.zip[BlackBox.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4ef836e7-52b209b3.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4ef836e7-52b209b3.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4ef836e7-52b209b3.zip[Beyond.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-70001cc9-1578be3a.zip[GetAccess.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-70001cc9-1578be3a.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-70001cc9-1578be3a.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-70001cc9-1578be3a.zip[Installer.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-928db51-5e08038f.zip[BlackBox.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-928db51-5e08038f.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-928db51-5e08038f.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-928db51-5e08038f.zip[Beyond.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dialarch.jar-56e86951-63d5668e.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dialarch.jar-56e86951-63d5668e.zip[GetAccess.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dialarch.jar-56e86951-63d5668e.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dialarch.jar-56e86951-63d5668e.zip[Installer.class]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Thomas\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-2ec4ae0c.zip[InstallerApplet.class]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Thomas\Cookies\thomas@atwola[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Thomas\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Thomas\Desktop\smitRem.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Thomas\Local Settings\Application Data\Mozilla\Firefox\Profiles\vowdtjet.default\Cache\3EFBEAA3d01[Process.exe]
Dialer: Dialer.NO Not disinfected C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\Content.IE5\6TCFAPSX\gdnUS2296[1].exe
Dialer: Dialer.FGG Not disinfected C:\quarantine\balgnpmd.exe.Vir
Dialer: Dialer.FGG Not disinfected C:\quarantine\ipnfeomd.exe.Vir
CalamityJane
2006-03-23, 22:05
Hi, and thanks for being so patient.
Could you please go to this link and run the SmitRem tool, then post the log from it? (That's for SpywareStrike)
http://forums.spybot.info/showthread.php?t=1958
Also, could you please post a fresh HijackThis log after that so I can see where you are at this point and then make some recommendations based upon all of these steps so far.
wolfstench
2006-03-25, 20:23
I might have fixed the problem myself because I havent been getting the antivirus messages, but just to be sure here is smitrem and hijackthis logs.
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Thu 03/23/2006
The current time is: 15:42:14.28
Running from
C:\WINDOWS\system32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
Security Toolbar
~~~ Shortcuts ~~~
Online Security Guide.url
Security Troubleshooting.url
~~~ Favorites ~~~
Antivirus Test Online.url
~~~ system32 folder ~~~
1024 dir
ld****.tmp
ncompat.tlb
~~~ Icons in System32 ~~~
ot.ico
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 816 'explorer.exe'
Killing PID 816 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN! :)
Logfile of HijackThis v1.99.1
Scan saved at 2:20:31 PM, on 3/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\highjackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM (R) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: PRISMGNA.DLL - C:\WINDOWS\SYSTEM32\PRISMGNA.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
CalamityJane
2006-03-25, 21:27
SmitRem did remove the remainder of the SpywareStrike files
Did you remove SpywareDoctor?
Missing component from Spyware Doctor
So not harmful, but is a leftover. Use HijackThis to scan, checkmark this item and press fix checked:
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
If you are still using Spyware Doctor then that BHO is missing so you would need to uninstall/reinstall to get it working right again.
Delete this folder (if found)
C:\PROGRAM FILES\Security Toolbar
You need to clear the infected files from your Java cache:
Virus found in the Java™ Runtime Environment, Standard Edition (JRE) cache directory
http://java.com/en/download/help/cache_virus.jsp
Here are the instructions on how to manually remove these malicious applets from the JRE cache directory:
1. From the Start button, click Settings > Control Panel
2. In the Control Panel, open the "Java Plug-in Control Panel"
3. Select the Cache Tab
4. Click the Clear button inside the Cache Tab, which will clear your JRE cache directory
...............
Later versions of Java
In the Control Panel, select the Java icon.
Under the General tab at the bottom your will see a section: "Temporary Internet files"
choose *delete files* and then *ok*.
Might as well run the disk cleanup utility too. Go to start > run and type in the box: cleanmgr
Wait while windows scans your system for unnecessary files to delete. Make sure these 3 are checkmarked:
Temporary Internet Files
Temporary Files
Recycle bin
Then press *ok* to delete them.
If you're not seeing any more problems and think you've got the issues resolved, then you'll also need to reset your system restore points to clear out any infected files in the backups.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore.
Go to Start > Run, click on *My Computer*.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
Go to Start > Run, click on *My Computer*.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310405
Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help :).
"So, how did I get infected in the first place?" (by Tony Klein)
http://forums.spybot.info/showthread.php?t=279
I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE
Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!
Windows Update
http://v4.windowsupdate.microsoft.com/en/default.asp
And see this link for instructions on how to configure the enhanced security features in SP2:
http://www.microsoft.com/technet/security/smallbusiness/prodtech/windowsxp/iesecxp.mspx
I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.
MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.
wolfstench
2006-03-29, 20:46
Thank you very much. I appreciate the analysis and the removal advice. I will look into the suggested precautions to keep my computer safe. Thanks again.
CalamityJane
2006-03-30, 18:23
You're welcome. Glad we could help :)
Since the original issues appear to be resolved, this topic will now be archived. If you need it reopened again, please send a private message to one of the Moderators with a link to this thread.