Malware: anykuy.com

I'm running Windows XP home edition
I have Norton Internet Security version 16.2.0.7 running

A red cross appears in the bottom right hand corner with the message "Warning! you have a security problem". This happens at about 30 second intervals.
Eventually a message box appears "Alert! you have a security problem. Do you want to scan your computer for viruses?"

If "yes" is entered, or not, this tries to open an internet screen "http://anykuy.com/". Norton blocks this with the message "a recent attempt to attack you computer was blocked"

I have run Norton antivirus and there are none.
I have downloaded Spybot and run it but to no avail.


DDS (Ver_09-02-01.01) - NTFSx86
Run by admin at 12:22:46.85 on 05/02/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1524 [GMT 0:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\NkView4\NkVwMon.exe
C:\Program Files\Ulead Systems\Ulead PhotoImpact SE\ABMTSR.EXE
C:\Program Files\ShortKeys2\shortkey.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell.co.uk/myway
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html?p=DK
uSearchMigratedDefaultURL =

hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe

=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: N/A: {4d25f926-b9fe-4682-bf72-8ab8210d6d75} - c:\program

files\mywaysa\srchasde\1.bin\deSrcAs.dll
uURLSearchHooks: H - No File
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program

files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program

files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program

files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: : {4d25f921-b9fe-4682-bf72-8ab8210d6d75} - c:\program

files\mywaysa\srchasde\1.bin\deSrcAs.dll
BHO: XML Class: {500bca15-57a7-4eaf-8143-8c619470b13d} - c:\windows\system32\msxml71.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} -

c:\windows\system32\dla\tfswshx.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton

internet security\engine\16.2.0.7\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program

files\norton internet security\engine\16.2.0.7\IPSBHO.DLL
BHO: Hotbar: {90b8b761-df2b-48ac-bbe0-bcc03a819b3b} - c:\program

files\hotbar\bin\10.2.219.0\HostIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program

files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program

files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program

files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton

internet security\engine\16.2.0.7\coIEPlg.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program

files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: Hotbar: {90b8b761-df2b-48ac-bbe0-bcc03a819b3b} - c:\program

files\hotbar\bin\10.2.219.0\HostIE.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google

toolbar\GoogleToolbar.dll
EB: Hotbar Information Window: {2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} - c:\program

files\hotbar\bin\10.2.219.0\HostIE.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [<NO NAME>] c:\program files\internet explorer\iexplore.exe

http://www.symantec.com/techsupp/servlet/P...uage=en&pro

duct=SymNRT&version=2009.0.0.41&build=Symantec&a=00000082.00000010.0000002f&b=00000082.00000

010.00000030&c=00000082.00000096.000001da
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround

mixer\CTSysVol.exe /r
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe"

/m=0
mRun: [HotbarOE] c:\program files\hotbar\bin\10.2.219.0\OEAddOn.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [iLike] c:\program files\ilike\1.2.11\ilikesidebar.exe /checkforupdate
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\wkcalrem.lnk - c:\program

files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program

files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkvwmo~1.lnk - c:\program

files\nikon\nkview4\NkVwMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicka~1.lnk - c:\program

files\ulead systems\ulead photoimpact se\ABMTSR.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortk~1.lnk - c:\program

files\shortkeys2\shortkey.exe
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZZ
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} -

c:\windows\system32\Shdocvw.dll
Trusted Zone: amaena.com
Trusted Zone: avsystemcare.com
Trusted Zone: gomyhit.com
Trusted Zone: imageservr.com
Trusted Zone: imagesrvr.com
Trusted Zone: onerateld.com
Trusted Zone: safetydownload.com
Trusted Zone: storageguardsoft.com
Trusted Zone: trustedantivirus.com
Trusted Zone: virusschlacht.com
Trusted Zone: amaena.com
Trusted Zone: avsystemcare.com
Trusted Zone: gomyhit.com
Trusted Zone: imageservr.com
Trusted Zone: imagesrvr.com
Trusted Zone: onerateld.com
Trusted Zone: safetydownload.com
Trusted Zone: storageguardsoft.com
Trusted Zone: trustedantivirus.com
Trusted Zone: virusschlacht.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -

hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} -

hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -

hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/ZwinkyInitialSetup1.0.1.0.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} -

hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.ca

b
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} -

hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125312

691378
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} -

hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?11286

30749722
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -

hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -

hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
TCP: {990D677E-9A57-4274-B46C-60451BFFD6E1} = 82.138.229.70,82.138.229.72
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet

security\engine\16.2.0.7\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File

Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS -->

\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS [?]
R1 BHDrvx86;Symantec Heuristics

Driver;c:\windows\system32\drivers\nis\1002000.007\BHDrvx86.sys [2008-12-19 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1002000.007\cchpx86.sys

[2008-12-19 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application

data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090129.005\I

DSxpx86.sys [2009-1-29 276344]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet

security\engine\16.2.0.7\ccSvcHst.exe [2008-12-19 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec

shared\eengine\EraserUtilRebootDrv.sys [2008-12-20 99376]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application

data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090204.035

\NAVENG.SYS [2009-2-5 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application

data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090204.035

\NAVEX15.SYS [2009-2-5 876112]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe

[2008-5-10 28739]

=============== Created Last 30 ================

2009-02-05 11:47 <DIR> --d--r-- c:\program files\Norton Support
2009-02-05 09:19 <DIR> --d----- c:\program files\Security Scanner Full
2009-02-05 09:19 <DIR> --d----- c:\docume~1\admin\applic~1\AntiSpywareDAT
2009-02-05 00:49 <DIR> --d----- c:\docume~1\admin\applic~1\iLike
2009-02-05 00:49 <DIR> --d----- c:\program files\iLike
2009-01-08 10:03 28,040 a------- c:\windows\system32\mdimon.dll
2009-01-08 10:02 <DIR> --d----- c:\program files\common files\L&H
2009-01-08 10:01 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-01-08 10:00 <DIR> --d----- c:\windows\SHELLNEW
2009-01-07 17:47 170,496 a------- c:\windows\upi41004.exe
2009-01-07 17:47 34,816 a------- c:\windows\upi41003.dll
2009-01-07 17:47 17,408 a------- c:\windows\PI4UN.dll
2009-01-07 17:47 16,896 a------- c:\windows\upi41004.dll
2009-01-07 17:47 13,678 a------- c:\windows\upi41004.ubm
2009-01-07 17:47 10,694 a------- c:\windows\upi41004.inf
2009-01-07 17:47 4,272 a------- c:\windows\ULEAD32.INI

==================== Find3M ====================

2009-02-05 03:13 46,080 a------- c:\windows\system32\userinit.exe
2008-12-18 21:31 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-18 21:31 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2008-12-18 21:31 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-18 21:31 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-12-13 06:40 3,593,216 a-------

c:\windows\system32\dllcache\mshtml.dll
2008-12-12 03:28 36,272 a----r-- c:\windows\system32\drivers\SymIM.sys
2008-12-11 10:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2007-11-25 12:07 443 a------- c:\program files\Shortcut to My

Documents.lnk
2006-12-14 12:35 2,249,760 a------- c:\program files\skeylite.exe
2008-10-20 16:39 32,768 a--sh---

c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008102020081021\index.dat

============= FINISH: 12:23:26.34 ===============

Further to last log; Norton appeared to fix the problem by itself 24 hours later; The problem now is that it gets as far as the Welcome screen and when I log on it logs me off immediately. I have tried hard reboot and starting in safe mode to no avail.

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.com
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explaination about the tool. No input is needed, the scan is running.
• Notepad will open with the results, click no to the Optional_Scan
• Follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K