Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 360 ad popup


  • This topic is locked This topic is locked
5 replies to this topic

#1 Ceecee7

Ceecee7

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 14 March 2009 - 02:44 PM

The Antivirus 360 infected my computer last night, while I was trying to download my IPS' security program. Now it pops up constantly - when I try to download programs to get rid of it, and even when I try to access this page. All screens lead to the one where I have to purchase the program (I haven't). I've been able to back-arrow to go back to previous pages, sometimes. I've removed the Antivirus 360 icon from my desktop, but the program itself isn't listed. I'm running Vista O/S. The instructions provided in your Preparatio guide told me to save and attach an attach.txt file. I've made the file but there's no attachment section of this post.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Cindy at 15:27:51.32 on 14/03/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.1014.307 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Cindy\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
mURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: : {d263fa6d-84cc-48a8-9af6-c664362b7a5b} - c:\windows\system32\winconfig.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [B6C3CCFED5A566C7D92FD492DB68BDF7] c:\program files\a360\av360.exe
uRun: [MalwareRemovalBot] c:\program files\malwareremovalbot\MalwareRemovalBot.exe -boot
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [<NO NAME>]
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
dRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
StartupFolder: c:\users\cindy\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm860YYCA
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/CursorManiaInitialSetup1.0.1.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2008-11-3 28762]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2008-8-3 36224]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-2-20 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]

=============== Created Last 30 ================

2009-03-14 14:14 <DIR> --d----- c:\users\cindy\appdata\roaming\MalwareRemovalBot
2009-03-12 21:06 299,520 a------- c:\windows\system32\winconfig.dll
2009-03-12 21:04 <DIR> --d----- c:\program files\A360
2009-03-07 09:01 0 a------- c:\windows\QuickInstall.INI
2009-03-05 07:57 <DIR> --d----- c:\program files\Sympatico
2009-03-05 07:57 <DIR> --d----- c:\program files\common files\Motive
2009-03-05 07:57 <DIR> --d----- c:\programdata\Motive
2009-02-22 11:28 <DIR> --d----- c:\programdata\ZangoSA
2009-02-22 11:28 <DIR> --d----- c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2009-02-22 11:28 <DIR> --d----- c:\progra~2\ZangoSA
2009-02-22 11:28 <DIR> --d----- c:\progra~2\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2009-02-22 11:28 <DIR> --d----- c:\users\cindy\appdata\roaming\WeatherDPA
2009-02-22 11:27 <DIR> --d----- c:\users\cindy\appdata\roaming\Zango
2009-02-22 11:27 <DIR> --d----- c:\program files\ShoppingReport
2009-02-20 19:00 55,280 a------- c:\windows\system32\drivers\fssfltr.sys
2009-02-20 18:54 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-02-20 18:53 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-02-17 14:45 <DIR> --dsh--- C:\found.001
2009-02-13 20:29 73 a------- c:\windows\EurekaLog.ini

==================== Find3M ====================

2009-02-06 20:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll
2008-12-25 11:37 86,016 a------- c:\windows\inf\infstrng.dat
2008-12-25 11:37 86,016 a------- c:\windows\inf\infstor.dat
2008-12-25 11:37 51,200 a------- c:\windows\inf\infpub.dat
2008-12-20 12:28 410,984 a------- c:\windows\system32\deploytk.dll
2008-06-14 03:07 665,600 a------- c:\windows\inf\drvindex.dat
2008-05-19 23:51 174 a--sh--- c:\program files\desktop.ini
2008-05-19 19:41 56 a---h--- c:\programdata\ezsidmv.dat
2008-05-19 19:41 56 a---h--- c:\progra~2\ezsidmv.dat
2008-03-31 18:13 76 a------- c:\users\cindy\appdata\roaming\wklnhst.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-07-15 20:08 2,048 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\lastalive0.dat
2008-07-15 20:08 2,048 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\lastalive1.dat
2008-11-25 18:16 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-11-25 18:16 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-11-25 18:16 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 15:28:17.69 ===============

BC AdBot (Login to Remove)

 


#2 Ceecee7

Ceecee7
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 14 March 2009 - 02:46 PM

It says not to post the attachment file unless I'm asked to, so I'll wait?

Edited by Ceecee7, 14 March 2009 - 02:50 PM.


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:04 PM

Posted 25 March 2009 - 02:40 PM

Hi Ceecee7,

My name is Syler and I will be helping you to clean your computer, please give me some time
to look over your logs and I will get back to you as soon as possible.

Thanks

unite.jpg


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:04 PM

Posted 27 March 2009 - 06:43 PM

Hello Ceecee7,

I don't see an Anti Virus Program running on your machine
  • Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Two good antivirus programs free for non-commercial home use are Avast! and Antivir
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Next

Please download Malwarebytes' Anti-Malware from Here
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Please post back with the MBAM report and both Rsit logs.

Thanks

unite.jpg


#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:04 PM

Posted 31 March 2009 - 11:49 AM

Can you let me no if you still require my assistance? If you do please follow the instructions in my last post.

Thanks

unite.jpg


#6 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:04 PM

Posted 04 April 2009 - 11:23 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users