Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Keep Getting Popups Saying I Have Malware And Spyware


  • This topic is locked This topic is locked
5 replies to this topic

#1 FallenLegacy

FallenLegacy

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 03 April 2008 - 11:45 AM

I keep getting popups saying I have malware and spyware on my computer telling me to download Pc cleaner and Pc anti-spyware I have run spy-search and destory, my anti viruses system and I have found a few things and deleted them but the problems still countines.

I have the same problem as this person http://www.bleepingcomputer.com/forums/t/139117/spyware-please-help/
I am going to full the same process and post the results back here.

OS: Windows XP

SmitFraudFix v2.309

Scan done at 17:20:15.07, 03/04/2008
Run from C:\Documents and Settings\Home\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\ubepenet\sbiverer.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\qfidmjwp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\RegCure\RegCure.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\.protected FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Home


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Home\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\Home\STARTM~1\Programs\Startup\.protected FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\.protected FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Home\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/100 VE Network Connection #2 - Packet Scheduler Miniport
DNS Server Search Order: 62.30.112.39
DNS Server Search Order: 194.117.134.19
DNS Server Search Order: 62.30.0.39

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DBB836F4-6D19-4C7D-9AAF-DFD3235C8C11}: DhcpNameServer=62.30.112.39 194.117.134.19 62.30.0.39
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DBB836F4-6D19-4C7D-9AAF-DFD3235C8C11}: DhcpNameServer=62.30.112.39 194.117.134.19 62.30.0.39
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DBB836F4-6D19-4C7D-9AAF-DFD3235C8C11}: DhcpNameServer=62.30.112.39 194.117.134.19 62.30.0.39
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=62.30.112.39 194.117.134.19 62.30.0.39
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=62.30.112.39 194.117.134.19 62.30.0.39
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=62.30.112.39 194.117.134.19 62.30.0.39


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Edited by FallenLegacy, 03 April 2008 - 12:33 PM.


BC AdBot (Login to Remove)

 


#2 FallenLegacy

FallenLegacy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 03 April 2008 - 12:15 PM

I have tryed the method in the forum that had the same problem, I have attached the log beacause it doesn't fit in one post.

I stopped just before using combo fix because I have not been advised to use it.

The Software I'm using is ESET - Anti-Virus/Spyware and malware - 30 day trail
here is the website www.eset.co.uk

Attached Files


Edited by FallenLegacy, 03 April 2008 - 12:40 PM.


#3 FallenLegacy

FallenLegacy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 03 April 2008 - 12:32 PM

I still have the same problem a box comes up Secruity system - Protection Control Panel
! Possible spyware infection detected

You need to update Pc-Antispyware protection to remove decteded spyware from your computer
THREAT NAME RISK LEVEL
TrojanDownloader.XS HIGH


^ that is what comes up can you help me please !

#4 FallenLegacy

FallenLegacy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 10 April 2008 - 10:25 AM

I've been waiting for more than 1 week now?
Can't I get any help?

#5 little eagle

little eagle

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:05 PM

Posted 12 April 2008 - 08:14 AM

Can I see a log from hijackthis.

Run the installer.
When the program launches, hit the "Scan and save log" button
Press that, and save the log anywhere you like.

Now if you doubleclick the log file.Go to Edit > Select all, then to Edit > copy.
Now you've copied the entire text to the Windows Clipboard

Next, go back to this forum thread, and click "Add Reply".
In an empty area click your RIGHT mouse button, and choose 'Paste' from the context menu.
There's your Hijack This log.
Posted Image

MS-MVP Windows Security 2006, 2007, & 2008
ASAP member since 2004

#6 little eagle

little eagle

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:05 PM

Posted 22 April 2008 - 10:37 PM

Because no reply was made. This topic is now closed.
Posted Image

MS-MVP Windows Security 2006, 2007, & 2008
ASAP member since 2004




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users