Results 1 to 5 of 5

Thread: myspywarecleaner.com

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Nov 2005
    Posts
    1

    Exclamation myspywarecleaner.com

    when I open internet explorer it opens (in the uppermost blue aert of IE) with

    http://www.google.com.au (my home page)very briefly then changes to
    http://www.httpwww.mspyc.hop.clickbank.net/rehop
    then
    http://www.myspywarecleaner.com/sc/?hop=httpwww
    which also loads into the address bar and redirects my home page to an ad for myspywarecleaner ( google was changed to http://www.google.com.au./.com in the home page address bar - I deleted the 2nd /.com and this seems to have got me back to google as my home page though I'm not convinced that alone is enough to have got rid of the problem!
    have run spybot but it doesn't seem to have got rid of it - tried to update spybot unsuccessfully a couple of times but get !!!badchecksum! is it likely that this hijacker could be blocking spybot? - Not sure where it came from - 3 teenagers also use this pc and despite antivirus (AVAST) windows firewall adaware still got this one - most likely with a download of some sort. Any Idea's on how to get rid of it and could it be specifically targetting spybot to prevent me from updating?
    Spybot reports nothing found I've just installed spybot 1.4 from a demo cd which updated ok but reports nothing found

    I'm running recently installed (week or 2 ago)Windows XP service pack 2 automatic updates activated (formatted and reinstalled OS after replacing MB and CPU needed to re -authenticate windows)- this only appeared a few days ago

    running bitdefender now as I'm typing this which has so far identified (and deleted)
    Tojan clicker
    exploit win 32 MS
    application browser hijacker Nav excel search toolbar
    then seemed to hang displaying "update failed"
    so will probably have to start it again ,then will try the other on - line scans suggested. I have an extremely slow dial up connection 28kbs - yes we are truly backwards out here in parts of Australia -and believe it or not we're only about 50 miles from the centre of Melbourne and this is the best we can get!
    Thought I'd be a bit cheeky and post this in the meanwhile -hope nobody minds - I may have died of old age before I manage to go through the rest of the scans! following is the hijack this logfile
    Cheers

    Logfile of HijackThis v1.99.1
    Scan saved at 9:54:13 PM, on 9/11/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Classic PhoneTools\CapFax.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\SMC\SMC2862W-G EZ Connect g 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\ASUS\Probe\ASUSPROB.EXE
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    E:\freeware\antispyware\hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [FusionTrayAgent] C:\Program Files\DVICO\FusionHDTV\FusionHdtvTray.exe
    O4 - HKLM\..\Run: [FusionRemote] C:\Program Files\DVICO\FusionHDTV\Remote\FusionRc.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
    O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2862W-G EZ Connect g 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMC2862W-G EZ Connect g 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
    O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm
    O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://www.lyricshosting.com
    O15 - Trusted Zone: http://cache.ysbweb.com
    O15 - Trusted Zone: http://www.ysbweb.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1131027131156
    O17 - HKLM\System\CCS\Services\Tcpip\..\{40D6E775-9427-41BA-82D6-9EDC0B973748}: NameServer = 203.194.56.150 203.194.27.57
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    Last edited by incijalu; 2005-11-09 at 15:00.

  2. #2
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hi incijalu

    Have hijackthis fix these items
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O15 - Trusted Zone: -http://www.lyricshosting.com
    O15 - Trusted Zone: -http://cache.ysbweb.com
    O15 - Trusted Zone: -http://www.ysbweb.com
    ========
    Other than that is liiks good

    Have the symtoms you mentioned returned ? any pother odd goings on ?

  3. #3
    Junior Member
    Join Date
    Nov 2005
    Posts
    1

    Thumbs up myspywarecleaner - gone

    Hi LonnyRJones
    Thanks for your help symptoms - don't seem to have returned and nothing else odd appears to be going on (so far any way!) I've had hijack this fix the items you suggested and will continue running a few other online virus scans -I missed the extra ./com that had added itself to http://wwwgoogle.com.au initially I think, so browser "hijacking" was not as persistant as I first thought
    Was concerned that some "nasty" was actually targetting spybot to prevent it from updating but if it was it doesn't seem to have worked with 1.4
    Thanks again

  4. #4
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Good

    The badchecksum problem is seen here quit a bit. when that happens simply choose another server http://www.safer-networking.org/en/faq/20.html


    Regards

  5. #5
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Im Glad we could help
    Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
    If you should need to post another log for the same PC send a message to someone on the Net-Integration staff with a link to this thread.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •