Results 1 to 4 of 4

Thread: Spyaxe and Razewire

  1. #1
    Junior Member
    Join Date
    Nov 2005
    Posts
    1

    Red face Spyaxe and Razewire

    Hi,

    Am using my Computer at University, and the other day 2 boxes started popping up in the botto left corner of my desktop page. One of them, which relates to Spyaxe states that it has detected spyware infection. It automatically downloads Spyaxe onto my comp. I then proceed to uninstall it using the uninstall part of the program. It keeps comin back everytime i turn my laptop back on again.
    I also have the same problem with Razewire. Again, it just keeps telling me that spware infection is present on my comp. Have run Spybot many times aswell as Norton, but they are not picking up anything. Any help would be greatly appreciated.
    Many thanks,
    Job Beacham

    Hijackthis Notepad below

    Logfile of HijackThis v1.99.1
    Scan saved at 21:09:23, on 27/11/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\nvctrl.exe
    C:\WINDOWS\System32\mssearchnet.exe
    C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\l?gonui.exe
    C:\Program Files\iISystem Wiper\SystemWiper.exe
    C:\Program Files\oedr\ndcs.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Messenger Blocker\MessengerBlocker.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\RazeSpyware\app.exe
    C:\Program Files\Kazaa Lite K++\Kazaa.kpp
    C:\Documents and Settings\Jonathon Beachum\Desktop\computer programs\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O2 - BHO: HomepageBHO - {7caf96a2-c556-460a-988e-76fc7895d284} - C:\WINDOWS\System32\hpF60E.tmp
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [adiras] adiras.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [erfmonp] C:\WINDOWS\System32\erfmonp.exe
    O4 - HKLM\..\Run: [mutilc] C:\WINDOWS\System32\mutilc.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [gaSrv] C:\WINDOWS\gaSrv.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Pno] C:\WINDOWS\System32\l?gonui.exe
    O4 - HKCU\..\Run: [HD] C:\Program Files\Historywasherpro.com\Hd.cmd
    O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
    O4 - HKCU\..\Run: [Lrts] "C:\Program Files\oedr\ndcs.exe" -vt ndrv
    O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.dll,Install
    O4 - Startup: Messenger Blocker Real-time Protector.lnk = C:\Program Files\Messenger Blocker\MessengerBlocker.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-12.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/Cl.../OCI/setup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.co...s/MsnPUpld.cab
    O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} - http://installs.hotbar.com/installs/...ams/Hotbar.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129465932693
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9E8D892C-83D9-4882-9C19-1C7F896BBE3A}: NameServer = 80.225.248.50 80.225.248.58
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

  2. #2
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hello
    In addremove programs uninstall any new items that you didnt install
    especialy RazeSpyware, reboot if prompted.

    Please uninstall any flavor of Kazaa !!

    Download smitRem.exe and save the file to your desktop.
    Double click on the file to extract it to it's own folder on the desktop.
    Place a shortcut to Computer Associates eTrust AV Web Scanner: on your desktop.
    http://www3.ca.com/virusinfo/virusscan.aspx

    Please download the trial version of Ewido Security Suite here:
    install then from within the program check for updates BUT dont scan yet
    ewido security suite: http://www.ewido.net/en/download/
    When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK.
    We will fix this in a moment.
    From the main ewido screen, click on update in the left menu, then click the Start update button.
    After the update finishes (the status bar at the bottom will display "Update successful"), Now close the program.
    Do NOT run a scan yet.

    If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates: Ad-Aware SE Setup
    Don't run it yet!
    Next, please reboot your computer in SafeMode by doing the following:
    1. Restart your computer
    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3. Instead of Windows loading as normal, a menu should appear
    4. Select the first option, to run Windows in Safe Mode.
    Now scan with HJT and place a checkmark next to each of the following items if there, then click FIX CHECKED:
    O2 - BHO: HomepageBHO - {7caf96a2-c556-460a-988e-76fc7895d284} - C:\WINDOWS\System32\hpF60E.tmp
    O4 - HKLM\..\Run: [erfmonp] C:\WINDOWS\System32\erfmonp.exe
    O4 - HKLM\..\Run: [mutilc] C:\WINDOWS\System32\mutilc.exe
    O4 - HKLM\..\Run: [gaSrv] C:\WINDOWS\gaSrv.exe
    O4 - HKCU\..\Run: [Pno] C:\WINDOWS\System32\l?gonui.exe
    O4 - HKCU\..\Run: [Lrts] "C:\Program Files\oedr\ndcs.exe" -vt ndrv
    O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.dll,Install
    O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} - http://installs.hotbar.com/installs/...ams/Hotbar.cab

    Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
    Wait for the tool to complete and disk cleanup to finish.
    The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

    Open Ad-aware and do a full scan. Remove all it finds.

    Run Ewido:
    • Click on scanner
    • Click on Complete System Scan and the scan will begin.
    • NOTE: During some scans with ewido it is finding cases of false positives.
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
    • When the scan is finished, click the Save report button at the bottom of the screen.
    • Save the report to your desktop
    Close Ewido
    Restart back to a normal windows session
    Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.
    Use the free Computer Associates eTrust AV Web Scanner
    select all drives, scan, Try to cure/repair, if it cannot choose delete! If it cannot delete tell us the files names and locations.
    Post a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
    Let us know if any problems persist

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    JonBeacham are you still requiring assistance?
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Due to lack of a response this topic will be archived.
    If you need the thread reopened please pm me.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •