Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Lots Of Annoying Popups W/ Alerts, Random Soounds, And Shortcuts And More!

  • This topic is locked This topic is locked
2 replies to this topic

#1 Eseris


  • Members
  • 1 posts
  • Local time:04:02 AM

Posted 13 March 2008 - 04:25 PM

Hello. I wound up getting some sort of malware that has been really annoying (Isn't it always?). Here are the symptoms.

- I get a popup declaring "Windows has detected an Internet attack attempt. . . Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection." which has "ok" and "cancel" buttons.

- I get another popup with "Security Warning! Worm.Win32.NetSky detected on your machine." then it tells me how the virus works as if I have no clue how viruses work. It has at the bottom "Click yes to remove it from your PC immediately." with a "yes" and "no" button.

- I also get a big red flashing "X" in my system tray which comes up with a popup of its own saying "System Alert. System has detected virus activites. These may impact the performance of your computer. Please, use recommended antispyware software to protect your system from parasite programs."

- On top of those things I find 3 shortcuts keep being added to my desktop labeled "Error Cleaner", "Privacy Protector", and "Spyware&Malware Protection", plus at random times I hear weird sounds coming from my speakers, clear as day, which sounds like I'm watching television, though I have nothing running that would play the sounds. I had read online somewhere that there is a file that gets installed in the windows directory that is the cause of the sounds, but I was never able to find the ".dll" file.

- Oh, and I also find that the window focus keeps shifting from one window to another, and while I'm playing World Of Warcraft the game keeps minimizing. Which also brings me too. . .

When I first noticed I had a problem my Task Manager had been disabled and my W.o.W. directory's ownership had been taken away from me. I wound up going into my registry and getting my Task Manager re-enabled and gave myself ownership again.

I have run AVG, AdAware 2007 Pro, Spyware Doctor, and SuperAntiSpyware, but nothing seems to be working. Even after attempting to run all of them in Normal and Safe mode.

Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:28 PM, on 3/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
H:\Program Files\Winamp\winampa.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Eseris\Desktop\HiJackThis_v2.exe
C:\Documents and Settings\Eseris\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [WinampAgent] "H:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: bokpkov - {9DF7B6A3-B97A-4D17-9255-7C3A1210ACC4} - C:\WINDOWS\bokpkov.dll
O21 - SSODL: WinDrive - {78454db8-9ea1-4a8b-9c77-097c63c13130} - C:\WINDOWS\Installer\{78454db8-9ea1-4a8b-9c77-097c63c13130}\WinDrive.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

End of file - 3198 bytes

Any help would be greatly appreciated. Thank you for your time in reading this.

BC AdBot (Login to Remove)


#2 teacup61


    Bleepin' Texan!

  • Malware Response Team
  • 17,075 posts
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:02 AM

Posted 31 March 2008 - 12:08 PM

Hello Eseris,

Welcome to Bleeping Computer :thumbsup:

Sorry about the delay.:blink: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image

Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61


    Bleepin' Texan!

  • Malware Response Team
  • 17,075 posts
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:02 AM

Posted 11 April 2008 - 09:51 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image

Error reading poptart in Drive A: Delete kids y/n?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users