Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Annoying Live Messenger Pop-up


  • Please log in to reply
6 replies to this topic

#1 bmbleep

bmbleep

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 05 September 2008 - 12:21 AM

Live Messenger Version 2008 (Build 8.5.1302 1018)

There is pop-up asking you to add some unknown email adddress as contacts. It happened now and then when the Live Messenger is running. I believe this is some kind of virus or malware. Pretty annoying. Anyone has a solution for this?

Thanks!
BMBLEEP

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:05:58 PM

Posted 05 September 2008 - 09:11 AM

Hi bmbleep,

Let's start with a malware scan to see what is lurking out there.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 bmbleep

bmbleep
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 06 September 2008 - 11:36 PM

Here is the log

Malwarebytes' Anti-Malware 1.26
Database version: 1120
Windows 5.1.2600 Service Pack 2

9/7/2008 12:22:42 PM
mbam-log-2008-09-07 (12-22-42).txt

Scan type: Quick Scan
Objects scanned: 71622
Time elapsed: 20 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Tencent\SSPlus\SAddr1.dll (Adware.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\tctrl.tweb (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b1a7c2cf-bf40-4597-8142-7615d74d0cc3} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3084bc3d-c0d6-4a28-a8a4-5857165886ee} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{90b1ecb2-fc3b-49ae-a6bd-f5f11bf5c4ad} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0c7c23ef-a848-485b-873c-0ed954731014} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c7c23ef-a848-485b-873c-0ed954731014} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a57e074f-56d8-4a33-8112-aac9693aa909} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8b2393-7a6c-4c76-88ce-6b1f6ff6ffe9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\TBH (Adware.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0c7c23ef-a848-485b-873c-0ed954731014} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{a57e074f-56d8-4a33-8112-aac9693aa909} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{db8b2393-7a6c-4c76-88ce-6b1f6ff6ffe9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{db8b2393-7a6c-4c76-88ce-6b1f6ff6ffe9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\stup.exe (Adware.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\Scrax.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Tencent\SSPlus\SAddr1.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Tencent\SSPlus\SPlus1.dll (Adware.Agent) -> Delete on reboot.
C:\WINDOWS\system32\SSup.dll (Adware.Agent) -> Quarantined and deleted successfully.

#4 bmbleep

bmbleep
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 07 September 2008 - 07:39 AM

After the malware are removed. The Live Messenger still have the unwanted pop-up. How can I attached the screen capture here in order to better illustrate

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:58 PM

Posted 07 September 2008 - 07:51 AM

http://www.bleepingcomputer.com/forums/ind...st&p=935171

I would suggest running atf cleaner and SAS from safe mode next, one pass with one program hardly ever works with these newer more complicated infections.
Chewy

No. Try not. Do... or do not. There is no try.

#6 bmbleep

bmbleep
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 08 September 2008 - 12:23 PM

follow all the tasks. reported no infected items. no logs were generated

#7 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:58 PM

Posted 08 September 2008 - 01:15 PM

no SAS log would be a bad sign

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.


Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users