PDA

View Full Version : Random Popup Every Min. or So, says from Message Service


mrhayzie
2006-10-28, 00:44
Hi, I'm getting a popup every minute or so from message service telling me to STOP! there are ** critical system errors on my computer and listing how to remove them. I'm not sure if this is malware or some other sort, but if anyone can help me find the root of the source and possible disenfect it, I would most appreciate it. Here are the hijackthis and online virus scan logs. Thank you,
mrhayzie
2006-10-28, 00:46
Sorry about that, here are the logs copied.


Incident Status Location

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jp8b5r31.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jp8b5r31.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jp8b5r31.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jp8b5r31.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jp8b5r31.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jp8b5r31.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jp8b5r31.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jp8b5r31.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jp8b5r31.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\jp8b5r31.default\cookies.txt[.zedo.com/]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Matt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-47c4de35.zip[javainstaller/InstallerApplet.class]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Matt\Cookies\matt@atwola[1].txt
Virus:W32/Gaobot.OBX.worm Disinfected C:\WINDOWS\system32\FrameWork.exe
Virus:W32/Poebot.JW.worm Disinfected C:\WINDOWS\system32\nnsa.exe





Logfile of HijackThis v1.99.1
Scan saved at 3:25:04 PM, on 10/27/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Documents and Settings\Matt\Desktop\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunServices: [FrameWork 2.5] FrameWork.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05534AC8-EC0C-4492-BEFF-EB2F5B825553}: NameServer = 207.69.188.186 207.69.188.185
O17 - HKLM\System\CS1\Services\Tcpip\..\{05534AC8-EC0C-4492-BEFF-EB2F5B825553}: NameServer = 207.69.188.186 207.69.188.185
O17 - HKLM\System\CS2\Services\Tcpip\..\{05534AC8-EC0C-4492-BEFF-EB2F5B825553}: NameServer = 207.69.188.186 207.69.188.185
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
LonnyRJones
2006-11-02, 01:05
Welcome mrhayzie

It appears you don't have an antivirus program, why is that ?
Install one asap update and do a full system scan, if it has problems with a file do a scan while the PC in in safe mode

Several free antivirus programs are mention in this thread
http://forums.spybot.info/showthread.php?t=279
Only install one
tashi
2006-11-07, 20:11
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.