 Target Saver Popups Keep Coming Back, no scans have detected it |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.
To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.
  |
 Jan 27 2008, 03:26 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 2 Joined: 27-January 08 Member No.: 186,513  |
|
 |
 
|
|
Jan 27 2008, 04:00 PM
Post
#2
|
|
 Forum Addict Group: HJT Junior Classmen Posts: 4,104 Joined: 7-January 07 From: UK Member No.: 105,123 |
Hello,
What does the pop up say? also have you tried another browser such as firefox or opera? -------------------- Regards
Alan |
|
|
|
|
Jan 27 2008, 04:00 PM
Post
#3
|
|
 To INSANITY and BEYOND !! Group: Moderator Posts: 10,943 Joined: 10-September 04 From: NJ USA Member No.: 2,608 |
Hello and welcome have you run the Vundo fix from safe mode.
Use of advanced tools such as ComboFix and HiJackThis without guidance can be a veryy risky practice. This is a link to our Tutorial How To Remove Vundo/Winfixer Infection Now Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop .. DO NOT run yet. Open SUPER from icon and install and Update it Under Scanner Options make sure the following are checked (leave all others unchecked): Close browsers before scanning. Scan for tracking cookies. Terminate memory threats before quarantining. Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet. Now reboot into Safe Mode: How to start Windows in Safe Mode Double-click ATF-Cleaner.exe to run the program. Under Main "Select Files to Delete" choose: Select All. Click the Empty Selected button. If you use Firefox or Opera browser click that browser at the top and choose: Select All Click the Empty Selected button. If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. NOW Scan with SUPER Open from the desktop icon or the program Files list On the left, make sure you check C:\Fixed Drive. Perform a Complete scan. After scan,Verify they are all checked. Click OK on the summary screen to quarantine all found items. If asked if you want to reboot, click "Yes" and reboot normally. To retrieve the removal information after reboot, launch SUPERAntispyware again. Click Preferences, then click the Statistics/Logs tab. Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. Please copy and paste the Scan Log results in your next reply. Click Close to exit the program. Please ask any needed questions,post logs and Let us know how the PC is running. -------------------- Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates. For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear.... |
|
|
|
|
Feb 2 2008, 06:43 PM
Post
#4
|
|
|
New Member Group: Members Posts: 2 Joined: 27-January 08 Member No.: 186,513 |
SUPERAntiSpyware Scan Log
http://www.superantispyware.com Generated 02/02/2008 at 03:33 PM Application Version : 3.9.1008 Core Rules Database Version : 3394 Trace Rules Database Version: 1386 Scan type : Complete Scan Total Scan Time : 01:34:45 Memory items scanned : 167 Memory threats detected : 0 Registry items scanned : 5812 Registry threats detected : 106 File items scanned : 34214 File threats detected : 30 Trojan.Unknown Origin [qifq] C:\PROGRA~1\COMMON~1\QIFQ\QIFQM.EXE C:\PROGRA~1\COMMON~1\QIFQ\QIFQM.EXE C:\PROGRAM FILES\COMMON FILES\QIFQ\QIFQA.EXE C:\PROGRAM FILES\COMMON FILES\QIFQ\QIFQL.EXE C:\PROGRAM FILES\COMMON FILES\QIFQ\QIFQM.EXE C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WNSCPTR.EXE.VIR C:\WINDOWS\TWLJAGVSBGU\NQ53U3PPV3O.VBS Adware.AdSponsor/ISM HKLM\Software\Classes\CLSID\{12DA1BC4-5384-42fd-A119-3C99D2D146A2} HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2} HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2} HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}#AppID HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\Implemented Categories HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\Implemented Categories\{00021493-0000-0000-C000-000000000046} HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\InprocServer32 HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\InprocServer32#ThreadingModel HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\ProgID HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\TypeLib HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\VersionIndependentProgID C:\PROGRAM FILES\ISM\BNDDRIVE3.DLL HKLM\Software\Classes\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17} HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17} HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17} HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}#AppID HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}\Implemented Categories HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}\Implemented Categories\{00021493-0000-0000-C000-000000000046} HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}\InprocServer32 HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}\InprocServer32#ThreadingModel HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}\ProgID HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}\TypeLib HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}\VersionIndependentProgID C:\PROGRAM FILES\ISM\BNDDRIVE6.DLL HKLM\Software\Classes\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B} HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B} HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B} HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}#AppID HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\Implemented Categories HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\Implemented Categories\{00021493-0000-0000-C000-000000000046} HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\InprocServer32 HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\InprocServer32#ThreadingModel HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\ProgID HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\TypeLib HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\VersionIndependentProgID C:\PROGRAM FILES\ISM\BNDDRIVE.DLL HKLM\Software\Classes\CLSID\{8B27CC68-110C-46a9-80D3-F3107DE6EB98} HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98} HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98} HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}#AppID HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}\InprocServer32 HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}\InprocServer32#ThreadingModel HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}\ProgID HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}\TypeLib HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}\VersionIndependentProgID HKLM\Software\Classes\CLSID\{8C6D5A56-791E-4fe8-9D64-81781FA15D68} HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68} HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68} HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}#AppID HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}\InprocServer32 HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}\InprocServer32#ThreadingModel HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}\ProgID HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}\TypeLib HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}\VersionIndependentProgID HKLM\Software\Classes\CLSID\{9815DA81-2E0C-478c-90E4-06E474E704D0} HKCR\CLSID\{9815DA81-2E0C-478C-90E4-06E474E704D0} HKCR\CLSID\{9815DA81-2E0C-478C-90E4-06E474E704D0} HKCR\CLSID\{9815DA81-2E0C-478C-90E4-06E474E704D0}#AppID HKCR\CLSID\{9815DA81-2E0C-478C-90E4-06E474E704D0}\InprocServer32 HKCR\CLSID\{9815DA81-2E0C-478C-90E4-06E474E704D0}\InprocServer32#ThreadingModel HKCR\CLSID\{9815DA81-2E0C-478C-90E4-06E474E704D0}\ProgID HKCR\CLSID\{9815DA81-2E0C-478C-90E4-06E474E704D0}\TypeLib HKCR\CLSID\{9815DA81-2E0C-478C-90E4-06E474E704D0}\VersionIndependentProgID HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B27CC68-110C-46a9-80D3-F3107DE6EB98} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C6D5A56-791E-4fe8-9D64-81781FA15D68} HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{12DA1BC4-5384-42fd-A119-3C99D2D146A2} HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{1B2588F5-45CE-4322-B755-D79944AD1B17} HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B} HKU\S-1-5-21-1413838321-225335308-3390577993-1005\Software\Microsoft\Internet Explorer\Explorer Bars\{12DA1BC4-5384-42FD-A119-3C99D2D146A2} HKCR\BndDrive.Band HKCR\BndDrive.Band\CLSID HKCR\BndDrive.Band\CurVer HKCR\BndDrive.Band.1 HKCR\BndDrive.Band.1\CLSID HKCR\BndDrive.BHO HKCR\BndDrive.BHO\CLSID HKCR\BndDrive.BHO\CurVer HKCR\BndDrive.BHO.1 HKCR\BndDrive.BHO.1\CLSID HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363} HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363}\1.0 HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363}\1.0\0 HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363}\1.0\0\win32 HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363}\1.0\FLAGS HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363}\1.0\HELPDIR HKCR\AppId\{1F5E0EA2-ABEA-44c3-95EC-2D1E721FE95E} HKU\S-1-5-21-1413838321-225335308-3390577993-1005\Software\antica HKU\.DEFAULT\Software\BndDrive HKU\S-1-5-21-1413838321-225335308-3390577993-1005\Software\BndDrive HKU\S-1-5-18\Software\BndDrive HKU\S-1-5-21-1413838321-225335308-3390577993-1005\Software\Microsoft\Windows\CurrentVersion\Run#ISMPack6 [ "C:\Program Files\ISM2\ISMPack6.exe" ] C:\Documents and Settings\Michelle\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk C:\Documents and Settings\Michelle\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk C:\Documents and Settings\Michelle\Start Menu\Programs\Internet Speed Monitor C:\PROGRAM FILES\ISM\ISM.EXE C:\PROGRAM FILES\ISM\BNDDRIVE2.DLL Adware.ClickSpring HKLM\Software\Classes\CLSID\{CF220C1C-BFAD-CC59-DADF-E6ABAD0050C5} HKCR\CLSID\{CF220C1C-BFAD-CC59-DADF-E6ABAD0050C5} HKCR\CLSID\{CF220C1C-BFAD-CC59-DADF-E6ABAD0050C5}\InprocServer32 HKCR\CLSID\{CF220C1C-BFAD-CC59-DADF-E6ABAD0050C5}\InprocServer32#ThreadingModel HKCR\CLSID\{CF220C1C-BFAD-CC59-DADF-E6ABAD0050C5}\Programmable HKCR\CLSID\{CF220C1C-BFAD-CC59-DADF-E6ABAD0050C5}\TypeLib C:\WINDOWS\SYSTEM32\TBGCEMKR.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF220C1C-BFAD-CC59-DADF-E6ABAD0050C5} C:\QOOBOX\QUARANTINE\C\DOCUME~1\MICHELLE\APPLIC~1\APPATC~1\WINSPOOL.EXE.VIR C:\QOOBOX\QUARANTINE\C\DOCUME~1\MICHELLE\APPLIC~1\CROSOF~1\NOTEPAD.EXE.VIR C:\QooBox\Quarantine\C\WINDOWS\ASKS~1\MCONFI~1.VIR Trojan.Net-MSV/VPS-H HKCR\BndDrive2.Band HKCR\BndDrive2.Band\CLSID HKCR\BndDrive2.Band\CurVer HKCR\BndDrive2.Band.1 HKCR\BndDrive2.Band.1\CLSID HKCR\BndDrive2.BHO HKCR\BndDrive2.BHO\CLSID HKCR\BndDrive2.BHO\CurVer HKCR\BndDrive2.BHO.1 HKCR\BndDrive2.BHO.1\CLSID Trojan.SpySheriff C:\DOCUMENTS AND SETTINGS\MICHELLE\US14INFO.EXE Unclassified.Unknown Origin/System C:\PROGRAM FILES\COMMON FILES\QIFQ\QIFQD\QIFQC.DLL Trojan.Downloader-Gen C:\PROGRAM FILES\COMMON FILES\QIFQ\QIFQP.EXE Adware.ClickSpring/Yazzle C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINADMIN.EXE.VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.EXE.VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1552OINADMIN.EXE.VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1552OINUNINSTALLER.EXE.VIR Adware.IPWins C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\IPWINDOWS\IPWINS.EXE.VIR TargetSaver, Inc. Process C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TSUNINST.EXE.VIR Trojan.Downloader-Gen/Installer C:\WINDOWS\B104.EXE Adware.Adservs C:\WINDOWS\TWLJAGVSBGU\ASAPPSRV.DLL Unclassified.Unknown Origin C:\WINDOWS\TWLJAGVSBGU\COMMAND.EXE i think it should be gone. that was the first time it was ever specifically detected. thanks guys. |
|
|
|
|
Feb 2 2008, 08:21 PM
Post
#5
|
|
|
To INSANITY and BEYOND !! Group: Moderator Posts: 10,943 Joined: 10-September 04 From: NJ USA Member No.: 2,608 |
To prevent restoing your computer to the infected state,create a New Restore Point.
Create a new Restore Point: Go to Start > All Programs > Accessories > System Tools > System Restore Then when Restore opens, select Create a new restore point and click Next Give the the restore point a name like New and clean >Click Create Then use Disk Cleanup to remove all but the most recently created Restore Point. Go to Start > Run and type: Cleanmgr Click "OK". Click the "More Options" Tab. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one -------------------- Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates. For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear.... |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th January 2009 - 04:04 AM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.