View Full Version : Popups with their own Will.
HeavyShadow
2006-08-24, 20:36
Hello!
about two weeks ago I found out my computer's infected with something, causing IE windows to pop out of nowhere with advertisments... I ran ad-aware but it gets stuck when deleting. also ran SPYBOT S&D, but that didn't help either.
those popups open up at any time, even after the computer finished loading, without me even touching anything.
here's my Hijack This log.
If you need anything else so you can help me, just say so.
Logfile of HijackThis v1.99.1
Scan saved at 21:26:27, on 24/08/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BTTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BTSTACKSERVER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.walla.co.il/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O3 - Toolbar: &רדיו - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [BlstApp] C:\WINDOWS\SYSTEM\BLSTAPP.EXE
O4 - HKLM\..\Run: [Colorific Control Panel] C:\PROGRA~1\CREATIVE\COLORIF\PROGRAM\HGCCTL95.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTRAY.EXE
O4 - HKLM\..\Run: [BtStart] C:\Program Files\WIDCOMM\Bluetooth Software\bin\btstart.exe
O4 - HKLM\..\RunServices: [BCDetect] C:\WINDOWS\SYSTEM\BCDetect.exe defer
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\DEFWATCH.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\RTVSCN95.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {7A162288-DE78-473C-A6BA-23FF17F768E9} (AxWebInstaller Control) - http://ubifone.interwise.com/ubifone/Application/EventEntry/AxWebInstaller.cab
Hello,
If you have not resolved the problem, we have this sticky topic:
If you have waited four days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)
hi
download the trial version of trojan hunter from http://www.misec.net/products/TrojanHunterSetup.exe
( right click the link, select "save as")
save it to your desktop
then doubleclick TrojanHunterSetup.exe to begin the installation
launch trojan hunter, do the initial update and close it
next :
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
once in safe mode
launch trojan huntere scanner from the start menu
once opened, click the icon that says "Full Scan"
after the scan is finished ( it'll take a while )
there will be a wizard to clean infected files, allow trojan hunter to clean them. if it asks for a reboot, wait a second and save the report of trojan hunter by clicking file > save report. save it to your desktop or to some convenient location, i will want to see it
then reboot to complete the cleaning process
boot back to normal mode, post the trojan hunter report here, along with a fresh hijackthis log
HeavyShadow
2006-09-04, 14:31
here's the TrojanHunter log:
Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
Error: Unable to perform port check: PortChecker not initialized
Memory scan
No trojans found in memory
File scan
Error: Directory not found: C:\Program Files\Common Files\___
Error: Directory not found: E:\
No trojan files found
and here's the new hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 15:30:31, on 04/09/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\BLSTAPP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\CREATIVE\COLORIF\PROGRAM\HGCCTL95.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.5\THGUARD.EXE
C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BTTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\SCHEDM.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAMS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.walla.co.il/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O3 - Toolbar: &רדיו - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [BlstApp] C:\WINDOWS\SYSTEM\BLSTAPP.EXE
O4 - HKLM\..\Run: [Colorific Control Panel] C:\PROGRA~1\CREATIVE\COLORIF\PROGRAM\HGCCTL95.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTRAY.EXE
O4 - HKLM\..\Run: [BtStart] C:\Program Files\WIDCOMM\Bluetooth Software\bin\btstart.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.5\THGUARD.EXE"
O4 - HKLM\..\Run: [avgctrl] "C:\Program Files\AntiVir PersonalEdition Classic\avgctrl.exe" /min
O4 - HKLM\..\RunServices: [BCDetect] C:\WINDOWS\SYSTEM\BCDetect.exe defer
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\DEFWATCH.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\RTVSCN95.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [schedm] "C:\Program Files\AntiVir PersonalEdition Classic\schedm.exe"
O4 - Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {7A162288-DE78-473C-A6BA-23FF17F768E9} (AxWebInstaller Control) - http://ubifone.interwise.com/ubifone/Application/EventEntry/AxWebInstaller.cab
HeavyShadow
2006-09-04, 15:03
I have Ad-Aware installed, and though it gets stuck when I try to fix with it, it still finds some results which other programs haven't found...
Here's the scan log:
Ad-Aware SE Build 1.06r1
Logfile Created on:יום שני 04 ספטמבר 2006 15:41:34
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R121 28.08.2006
References detected during the scan:
Adware.Look2Me(TAC index:7):37 total references
MRU List(TAC index:0):13 total references
Tracking Cookie(TAC index:3):6 total references
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
04-09-06 15:41:34 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\WINDOWS\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : .DEFAULT\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
Listing running processes
#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291801379
Threads : 4
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : מערכת ההפעלה Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : רכיב מרכזי של ליבת Win32
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294952391
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : מערכת ההפעלה Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294963799
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE
#:4 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294843359
Threads : 13
Priority : Normal
FileVersion : 4.72.3632.100
ProductVersion : 4.72.3632.100
ProductName : מערכת ההפעלה Microsoft(R) Windows NT(R)
CompanyName : Microsoft Corporation
FileDescription : סייר Windows
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE
Adware.Look2Me Object Recognized!
Type : Process
Data : WAVCORE.DLL
TAC Rating : 7
Category : Adware
Comment : Muxdm.dll.dmp
Object : C:\WINDOWS\SYSTEM\
Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\SYSTEM\WAVCORE.DLL)
#:5 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294886679
Threads : 2
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
New critical objects: 0
Objects found so far: 14
Started registry scan
Registry Scan result:
New critical objects: 0
Objects found so far: 14
Started deep registry scan
Deep registry scan result:
New critical objects: 0
Objects found so far: 14
Started Tracking Cookie scan
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dagan@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:dagan@atdmt.com/
Expires : 03/09/11 2:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dagan@zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:dagan@zedo.com/
Expires : 04/09/07 12:51:30
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dagan@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:dagan@tradedoubler.com/
Expires : 30/08/26 11:47:56
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking cookie scan result:
New critical objects: 3
Objects found so far: 17
Deep scanning and examining files (c:)
Adware.Look2Me Object Recognized!
Type : File
Data : MOMBG.DLL
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : DQNIM.DLL
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : djdiagn.dll
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : DCACTFRM.DLL
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : MOPI.DLL
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : cWbinet.dll
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : BMTNT.DLL
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : OZE32.DLL
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : dymstor.dll
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : wdv3is.dll
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : mrpmsp.dll
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : iaetcfg.dll
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : wbdmlog.dll
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : MVNET32.DLL
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : NNMKCERT.DLL
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : MGCTRL.DLL
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : MODMO.DLL
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : mdc40.dll
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : BWMON.DLL
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : LKMF.DLL
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : גRונגל.dll
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : WC2_32.DLL
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : RYOCURS.DLL
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : RICLTS3.DLL
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : RPCHED.DLL
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : SDELL.DLL
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : MDEXCH40.DLL
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : GKU32.DLL
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : RKVPSP.DLL
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : wcdmps.dll
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : NZCMPS.DLL
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : bibigbmp.dll
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : wpsdmod.dll
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : AXVIEW32.DLL
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : MHMBG.DLL
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Adware.Look2Me Object Recognized!
Type : File
Data : dmus10.dll
TAC Rating : 7
Category : Adware
Comment :
Object : c:\WINDOWS\SYSTEM\
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dagan@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\dagan@tradedoubler[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dagan@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\dagan@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dagan@zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\dagan@zedo[1].txt
Disk Scan Result for c:\
New critical objects: 0
Objects found so far: 56
Deep scanning and examining files (d:)
Disk Scan Result for d:\
New critical objects: 0
Objects found so far: 56
Hosts file scan result:
0 entries scanned.
New critical objects:0
Objects found so far: 56
Performing conditional scans...
Conditional scan result:
New critical objects: 0
Objects found so far: 56
15:52:41 Scan Complete
Summary Of This Scan
Total scanning time:00:11:07.70
Objects scanned:70014
Objects identified:42
Objects ignored:0
New critical objects:42
hi
thx for the info.
the adaware log tells me we're dealing with a real nasty bugger here :sick:
lets try to remove the #%#
Please download L2m9xfix here:
http://swandog46.geekstogo.com/l2m9xfix.exe
Save it to the desktop and run it. Extract the files, and then open the l2m9xfix folder you just created and run RunThis.bat.
A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.
Then please restart your computer, and post a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat.
HeavyShadow
2006-09-06, 12:45
i did what you asked me to,
and here's the new HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 13:42:20, on 06/09/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BTTRAY.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.walla.co.il/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O3 - Toolbar: &רדיו - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [BlstApp] C:\WINDOWS\SYSTEM\BLSTAPP.EXE
O4 - HKLM\..\Run: [Colorific Control Panel] C:\PROGRA~1\CREATIVE\COLORIF\PROGRAM\HGCCTL95.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTRAY.EXE
O4 - HKLM\..\Run: [BtStart] C:\Program Files\WIDCOMM\Bluetooth Software\bin\btstart.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\RunServices: [BCDetect] C:\WINDOWS\SYSTEM\BCDetect.exe defer
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\DEFWATCH.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\RTVSCN95.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {7A162288-DE78-473C-A6BA-23FF17F768E9} (AxWebInstaller Control) - http://ubifone.interwise.com/ubifone/Application/EventEntry/AxWebInstaller.cab
and here's the log file you requested:
Log of L2M9XFix v1.01a
************
Running from directory:
C:\WINDOWS\Π\l2m9xfix
************
Files found:
C:\WINDOWS\system\DQSPDIB.DLL
C:\WINDOWS\system\IRLOADER.DLL
C:\WINDOWS\system\mfxml3a.dll
C:\WINDOWS\system\srnscfg.dll
C:\WINDOWS\system\WAVCORE.DLL
************
Registry entries found:
[HKEY_CLASSES_ROOT\CLSID\{019B1F4A-656C-44EC-B714-5ADEEF751C76}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\WAVCORE.DLL"
************
Killing Explorer
Done!
Killing Rundll32
Done!
Removing malicious CLSID(s)
Done!
Restarting Explorer
Done!
Deleting malicious files
Done!
Finished!
am I clean?
hi
lets do an online virus scan to make sure:
Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.
HeavyShadow
2006-09-09, 03:49
hello!
here's the scan results from kaspersky online scanner. it found some stuff, though i'm not sure about it.
Saturday, September 09, 2006 4:46:43 AM
Operating System: Microsoft Windows 98 SE
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 8/09/2006
Kaspersky Anti-Virus database records: 221913
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
a:\
b:\
c:\
d:\
e:\
f:\
Scan Statistics
Total number of scanned objects 21737
Number of viruses found 5
Number of infected objects 18 / 0
Number of suspicious objects 2
Duration of the scan process 01:46:20
Infected Object Name Virus Name Last Action
c:\WINDOWS\WIN386.SWP Object is locked skipped
c:\WINDOWS\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
c:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/MTE3NDI6ODoxNg.exe Suspicious: Password-protected-EXE skipped
c:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip ZIP: suspicious - 1 skipped
c:\WINDOWS\שולחן עבודה\l2m9xfix\backups\DQSPDIB.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap skipped
c:\WINDOWS\שולחן עבודה\l2m9xfix\backups\IRLOADER.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap skipped
c:\WINDOWS\שולחן עבודה\l2m9xfix\backups\mfxml3a.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ap skipped
c:\WINDOWS\שולחן עבודה\l2m9xfix\backups\srnscfg.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ap skipped
c:\WINDOWS\שולחן עבודה\l2m9xfix\backups\WAVCORE.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap skipped
c:\WINDOWS\קובצי אינטרנט זמניים\Content.IE5\index.dat Object is locked skipped
c:\WINDOWS\Cookies\index.dat Object is locked skipped
c:\WINDOWS\History\History.IE5\index.dat Object is locked skipped
c:\WINDOWS\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
c:\Program Files\Symantec AntiVirus\Quarantine\6DB50000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
c:\Program Files\Symantec AntiVirus\Quarantine\6DB50000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
c:\Program Files\Symantec AntiVirus\Quarantine\6DB50000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
c:\Program Files\Symantec AntiVirus\Quarantine\6DB50000.VBN ZIP: infected - 3 skipped
c:\Program Files\Symantec AntiVirus\Quarantine\6DB50000.VBN CryptZ: infected - 3 skipped
c:\Program Files\Symantec AntiVirus\Quarantine\05070000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
c:\Program Files\Symantec AntiVirus\Quarantine\05070000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
c:\Program Files\Symantec AntiVirus\Quarantine\05070000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
c:\Program Files\Symantec AntiVirus\Quarantine\05070000.VBN ZIP: infected - 3 skipped
c:\Program Files\Symantec AntiVirus\Quarantine\05070000.VBN CryptZ: infected - 3 skipped
c:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
c:\programs\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
c:\programs\mirc616.exe mIRC: infected - 1 skipped
Scan process completed.
hi
no problems there
delete the l2m9xfix\ folder
also empty your symantec anti viruses quarantine
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and reenable system restore here:
Managing Windows Millenium System Restore (http://www.bleepingcomputer.com/forums/tutorial63.html)
or
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Reenable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources (http://www.bleepingcomputer.com/forums/topict405.html)
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls (http://www.bleepingcomputer.com/forums/tutorial60.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
A tutorial on installing & using this product can be found here:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers (http://www.bleepingcomputer.com/forums/tutorial43.html)
Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer (http://www.bleepingcomputer.com/forums/tutorial48.html)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
here are some additional utilities that will enhance your safety
IE/Spyad (https://netfiles.uiuc.edu/ehowes/www/resource.htm) <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar (http://toolbar.google.com/) <= Get the free google toolbar to help stop pop up windows.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
also remember to keep your java updated, see this topic for instructions
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Thank you illukka.
HeavyShadow as the problem appears to be resolved this topic has been archived.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.