Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware And Possible Virus Infection


  • Please log in to reply
2 replies to this topic

#1 pat666

pat666

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 26 December 2007 - 05:36 PM

Hello everyone:

I've come to beg help from the experts again. I've got a computer running Windows XP home and Internet Explorer that started acting up yesterday. While on the internet playing World of Warcraft my son started having the game minimize every 5 minutes or so and pop ups would appear.
Today I changed Windows start up to diagnostic and ran Adaware and then SuperAntiSpyware. I then let Panda run it's online virus and spyware scan and it found a bunch of stuff - some of it I recognize as being okay but some, like Vundo, I thought were not supposed to be there. Here is a copy of the report:


Incident Status Location

Adware:adware/sbsoft Not disinfected c:\windows\downloaded program files\webdlg32.inf
Adware:adware/tvmedia Not disinfected C:\Documents and Settings\WayneM\Application Data\tvmcwrd.dll
Adware:adware/clickalchemy Not disinfected c:\windows\alchem.ini
Adware:adware/commad Not disinfected c:\windows\uninstall_nmon.vbs
Adware:adware/wintools Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Adware:adware/cws Not disinfected Windows Registry
Adware:adware/delta Not disinfected Windows Registry
Possible Virus. Not disinfected C:\cpqs\scom\srmclean.exe
Possible Virus. Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\AolCoach.cab[.\Data\Player\AolNySEV.exe]
Possible Virus. Not disinfected C:\Documents and Settings\Default User\Local Settings\Temp\AolCoach.cab[.\Data\Player\AolNySEV.exe]
Possible Virus. Not disinfected C:\Documents and Settings\Guest\Local Settings\Temp\AolCoach.cab[.\Data\Player\AolNySEV.exe]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\WayneM\Cookies\waynem@web.tickle[2].txt
Virus:Trj/Downloader.PLF Not disinfected C:\Documents and Settings\WayneM\Local Settings\Temp\k11u88.exe[ardCo021099.exe]
Adware:Adware/VirusAlarma Not disinfected C:\Documents and Settings\WayneM\Local Settings\Temp\winshow.exe
Spyware:Spyware/Vundo Not disinfected C:\Documents and Settings\WayneM\Local Settings\Temp\wr-1-77.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\WayneM\Local Settings\Temp\YazzleBundle-1549.exe
Adware:Adware/PurityScan Not disinfected C:\Program Files\Common Files\Yazzle1549OinAdmin.exe
Adware:Adware/DnsInsider Not disinfected C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
Possible Virus. Not disinfected C:\Program Files\Logitech\ImageStudio\ISStart.exe
Possible Virus. Not disinfected C:\Program Files\Logitech\ImageStudio\LogiTray.exe
Possible Virus. Not disinfected C:\Program Files\Microsoft Works\WksSb.exe
Possible Virus. Not disinfected C:\Program Files\QuickTime\bak\qttask.exe
Possible Virus. Not disinfected C:\Program Files\Razer\Copperhead\razerhid.exe
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\17PHolmes1000106.exe
Virus:Trj/Downloader.PLF Disinfected C:\WINDOWS\system32\ardCo02\ardCo021099.exe
Possible Virus. Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\AolCoach.cab[.\Data\Player\AolNySEV.exe]
Possible Virus. Not disinfected C:\WINDOWS\system32\mp43.exe
Possible Virus. Not disinfected C:\WINDOWS\system32\PSDrvCheck.exe
Possible Virus. Not disinfected C:\WINDOWS\yahooo.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\Ym9i\sA62.vbs
I'm hoping someone can take a look at this list and help me get started on cleaning out my system - especially those annoying pop ups!

Thanks in advance.

BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:53 PM

Posted 26 December 2007 - 10:19 PM

Have you run the scans from safe mode?

Please run this BC Tutorial
How To Remove Vundo/Winfixer Infection

Also can you post the SUPERAnitispyware log,please,after a Safe mode scan if possible.

To retrieve the removal information, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

How to enter safe mode(XP)
Using the F8 Method

Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

Edited by boopme, 26 December 2007 - 10:22 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 pat666

pat666
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 27 December 2007 - 01:23 PM

Thanks a lot for the help. I always feel like I get quality responses from BleepingComputer.com.

Initially, yesterday, I ran the scans after going into msconfig and choosing Diagnostic start up. I thought that would be similar to safe mode. Today I did run the scans from safe mode and it feels like I'm making some progress! Here is the scan result from SuperAntiSpyware:

SUPERAntiSpyware Scan Log
Generated 12/27/2007 at 11:50 AM

Application Version : 3.4.1000

Core Rules Database Version : 0
Trace Rules Database Version: 0

Scan type : Complete Scan
Total Scan Time : 01:04:24

Memory items scanned : 155
Memory threats detected : 0
Registry items scanned : 6698
Registry threats detected : 0
File items scanned : 46414
File threats detected : 7

Adware.ClickSpring/Yazzle
C:\PROGRAM FILES\COMMON FILES\YAZZLE1549OINADMIN.EXE
C:\PROGRAM FILES\COMMON FILES\YAZZLE1549OINUNINSTALLER.EXE
C:\WINDOWS\PREFETCH\YAZZLE1549OINADMIN.EXE-280163BA.PF
C:\WINDOWS\PREFETCH\YAZZLEBUNDLE-1549.EXE-1067F6E9.PF

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\WNSTSICOMSV32.EXE
C:\WINDOWS\UNINSTALL_NMON.VBS
C:\WINDOWS\YM9I\SA62.VBS

So that you know yesterday while I was waiting for a reply to my post I checked into mp43.exe online, did a file search on my pc and deleted everything that came up referencing yahooo.exe and mp43.exe. I did not go into the registry so I don't know if that really got rid of those or not. Also I ran VundoFix. It didn't find anything.

What's the next step?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users