Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! A Trojan!


  • This topic is locked This topic is locked
9 replies to this topic

#1 !XyloFone!

!XyloFone!

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 21 July 2005 - 12:27 AM

This is my first posting. I'm hoping someone could instruct me to remove this trojan. My computer (system 2k) was infected last night with AntivirusGold 2.0. I currently don't have a firewall, and only use AdAware for spyware. I'm not that intuitive with computers, so I had to research, for hours! (went to bed at 7am - got to work at lunch time)

I seemed to get most of the AntivirusGold files removed with a trial version of Spy Sweeper. Though, I still have a hoax warning message on my infected desktop, and my Google page defaults to something different, with some pop-ups. Also, every minute or so, Spy Sweeper detects a "javatq.exe" doing something, then I slect remove. I downloaded HJT, CCleaner, KillBox, and even Ewido files, but I'm too afraid to "fix" anything.

I'll post my HJT log (safe mode) from this morning, then I'll paste my current HJT log (regular restart) below it. Thank you in advance to the person(s) willing to help! I need sleeeeeeeeep.

1st HJT log (safe mode):

Logfile of HijackThis v1.99.1
Scan saved at 6:43:51 AM, on 7/20/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\My Stuff\Computer\Virus Protection\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {7B4B32E0-C19D-AA24-1C59-C9368F44B5BF} - C:\WINNT\mfcnr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe"
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINNT\system32\apiat.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVSync Manager (AvSynMgr) - Networks Associates Technologies, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTSvcCDA.EXE
O23 - Service: Digimation Protection Server (DigiPSrv) - Unknown owner - C:\3DSMAX~1\Digipsrv.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE


2nd HJT log, regular restart:

Logfile of HijackThis v1.99.1
Scan saved at 1:29:57 AM, on 7/21/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\system32\CTSvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\qttask.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\javatq.exe
C:\WINNT\system32\javanf32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\My Stuff\Computer\Virus Protection\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {C6B1F227-CBDB-97D9-477E-1F0E088F3264} - C:\WINNT\system32\javanf32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe"
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [javatq.exe] C:\WINNT\javatq.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{51F15E65-686F-4CC9-8F95-E48CE35D4784}: NameServer = 151.203.0.84 151.203.0.85
O23 - Service: Network Security Service ( 11F#`I) - Unknown owner - C:\WINNT\system32\apiat.exe (file missing)
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVSync Manager (AvSynMgr) - Networks Associates Technologies, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTSvcCDA.EXE
O23 - Service: Digimation Protection Server (DigiPSrv) - Unknown owner - C:\3DSMAX~1\Digipsrv.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 23 July 2005 - 06:53 AM

Hi !XyloFone! and Welcome to the Bleeping Compter!

Please Download these utilities but dont run them until I ask you to!

CWShredder
http://cwshredder.net/bin/CWShredder.exe

Double Click CWShredder.exe to run it>>Click Check Check For Update
Close it out once updated,We will run it in Safe Mode!


ABout Buster
http://www.besttechie.net/forums/index.php?showtopic=1488

Follow the Instructions inside the link to Update it,We will run it it Safe Mode!

Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop

Make sure Ewido is Updated with the latest Definitions!

Click Start-> Click Run-> Type in Services.msc and click OK!

Scroll that list and locate this entry

Network Security Service

Right Click that entry and Select Properties-> Click Stop-> Go up and change the Startup Type to Disabled!

Exit the Services Page!


Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam


Once in Safe Mode-> Run CWShredder

Click "Fix ->" and click "OK" at the prompt.
CWShredder will scan and clean your system of CWS files.
Click "Next->" and then "Exit"

Run ABout Buster just as described in the link!

Please run it until you get these Results:

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!


Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

Open and run Ewido Security Suite-> Click the "Complete System Scan" tab to begin the Scan!

Clean everything it finds and Be sure to Click the Button to Save a Report!


Restart in Normal Mode and Have the PC scanned here:
http://www.pandasoftware.com/products/acti...n_principal.htm

You will need to be using Internet Explorer for the Scan to work!

Post back with a fresh HijackThis log and the reports from Ewido and Panda!

#3 !XyloFone!

!XyloFone!
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 27 July 2005 - 03:17 PM

Hi, thanks for helping me Cretemonster!
Sorry for my late reply, been working crunch hours.

I'm having a problem with SmitRem. It was suppose to take a while but, it seems to have frozen during it's calculation of space on my c drive. The process bar looks like it was about 90% done. A second window came up for cleaning unnecessary files but was not started. It has been like that for about 16 hours or so. The cpu usage is at 100%. About Buster took out about 10 files I think. A second run of ABuster removed one more pif:njjjrp file. All of the files were from my c drive, winnt. I assume I should repeat the process?

#4 !XyloFone!

!XyloFone!
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 28 July 2005 - 04:27 AM

Ok, I repeated the process (a few times) and finally made it thru. Man, ewido took out 91 files! Here are the 3 log files:

Logfile of HijackThis v1.99.1
Scan saved at 5:28:34 AM, on 7/28/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\system32\CTSvcCDA.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\qttask.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\My Stuff\Computer\Virus Protection\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {BEDCADD5-BBF7-0BEA-A3D0-9C16FCC42661} - C:\WINNT\iplh32.dll (file missing)
O2 - BHO: Class - {C7B33BC9-A212-BF69-1EB4-C5B6ED062659} - C:\WINNT\apiwl32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe"
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51F15E65-686F-4CC9-8F95-E48CE35D4784}: NameServer = 151.203.0.84 151.203.0.85
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINNT\system32\javanf32.exe (file missing)
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVSync Manager (AvSynMgr) - Networks Associates Technologies, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTSvcCDA.EXE
O23 - Service: Digimation Protection Server (DigiPSrv) - Unknown owner - C:\3DSMAX~1\Digipsrv.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE

---------------------------------------------------------
ewido security suite - Scan report---------------------------------------------------------

+ Created on: 2:16:12 AM, 7/28/2005
+ Report-Checksum: 7D16FAF7

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
:mozilla.6:C:\Documents and Settings\toolbox\Application Data\Mozilla\Firefox\Profiles\ddpyyp0w.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.18:C:\Documents and Settings\toolbox\Application Data\Mozilla\Firefox\Profiles\ddpyyp0w.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.19:C:\Documents and Settings\toolbox\Application Data\Mozilla\Firefox\Profiles\ddpyyp0w.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\toolbox\Cookies\toolbox@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\WINNT\16026504.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\16030140.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\229132835.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\23410011.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\23413576.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\30853945.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\30857640.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\38259193.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\38262829.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\3D Studio MAX R3 EReg.ini:hnpnox -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\45721383.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\45725199.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\53142805.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\53146470.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\601363014.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\601367110.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\60749172.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\60752837.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\608436245.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\608439990.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\615605273.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\615610310.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\622634861.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\68299008.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\68302654.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\684840288.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\691567551.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\698626451.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\705307889.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\712432563.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\719119389.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\7359201.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\796730087.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\82490705.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\8622828.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\89192812.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\89194334.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\anicd.txt:nebtq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\apiig.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\apiwl32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\bnaht.txt:jgpfcf -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\Cookies\toolbox@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\WINNT\d3nk.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\ieyw.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\iplh32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\javaaa.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\javakk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\MDI.INI:hasycu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\mfckq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\msgk.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\neter.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\netjt32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\sdkfj.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\sdkum32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\sysek32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\system32\addce.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\system32\addzu.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\system32\apiso.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\system32\appym32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\system32\crwj.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\d3wn.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\system32\fo.exe -> TrojanProxy.Mitglieder.cj : Cleaned with backup
C:\WINNT\system32\fwjtp.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINNT\system32\gklzm.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINNT\system32\ieiw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\system32\ierh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\system32\norat.exe -> TrojanProxy.Mitglieder.cj : Cleaned with backup
C:\WINNT\system32\ntde.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\system32\syssk32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\system32\wingo.exeopenopen -> Worm.Bagle.at : Cleaned with backup
C:\WINNT\system32\winsystems.exe -> TrojanProxy.Mitglieder.ck : Cleaned with backup
C:\WINNT\system32\winyk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\UNWISE.INI:cochnx -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\wintq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\_default.pif:aahqdq -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\_default.pif:chtcp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\_default.pif:djhidv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\_default.pif:dyukj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\_default.pif:giakih -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\_default.pif:idskc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\_default.pif:lqodbs -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\_default.pif:rbges -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINNT\_default.pif:rgdgyh -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\_default.pif:rkddec -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\_default.pif:vjzwxf -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\_default.pif:winxs -> TrojanDownloader.Agent.bq : Cleaned with backup


::Report End


Panda

Incident Status Location

Adware:adware/mywebsearch No disinfected HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Virus:Trj/Mitglieder.CU Disinfected C:\WINNT\igfseaexjuf.exe
Virus:Trj/Mitglieder.CU Disinfected C:\WINNT\igfseanbidp.exe
Virus:Trj/Mitglieder.CU Disinfected C:\WINNT\igfseatfvlu.exe
Virus:Trj/Mitglieder.CU Disinfected C:\WINNT\system32\for.exe
Virus:Trj/Mitglieder.CU Disinfected C:\WINNT\system32\noat.exe
Virus:Trj/Mitglieder.CU Disinfected C:\WINNT\system32\wintems.exe

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:18 AM

Posted 29 July 2005 - 01:42 PM

Hello, because Cretemonster is in hospital unfortunately I'm going to take over here.
Seems like your problem is fixed. Still some leftovers to deal with.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {BEDCADD5-BBF7-0BEA-A3D0-9C16FCC42661} - C:\WINNT\iplh32.dll (file missing)
O2 - BHO: Class - {C7B33BC9-A212-BF69-1EB4-C5B6ED062659} - C:\WINNT\apiwl32.dll (file missing)
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" -l
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINNT\system32\javanf32.exe (file missing)


* Click on Fix Checked when finished and exit HijackThis.

*Go to start >run and type: services.msc and click OK
Scroll down in that list until you find the service Remote Procedure Call (RPC) Helper (Please make sure you choose the one with Helper in it!!)
Doubleclick on it. In the window that will appear, click on "Stop" (if not greyed out) and change the Startup Type to disabled.
Click apply and OK and close all open windows.

* Download: Hoster
Unzip hoster to an own folder.
Start Hoster.exe.
It could be possible that hoster will tell you that your Hosts file doesn't exist and if you want to create one. Click yes/ok.
If you don't get that prompt/question, click 'Restore Original Hosts' and click OK.

It could be possible that this hijacker deleted some files, so check if the following are still present:

Control.exe: Is in your C:\WINNT\system32. Download here when missing.

Shell.dll: C:\WINNT\SYSTEM32 Download here when missing

SDHelper.dll:
If you are using Spybot Search & Destroy, this hijacker can also delete SDHelper.dll.
Download SDHelper.dll.
Place the file in the Spybot Search & Destroy-folder. Most probably, this ist C:\Program Files\Spybot - Search & Destroy

Perform a full scan with an updated adaware Se and/or spybot S&d to get rid of the leftovers.

Post a fresh hijackthislog as a final checkup. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 !XyloFone!

!XyloFone!
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 01 August 2005 - 01:11 AM

Awesome! Thanks Miekiemoes! Nice puppidog!
Didn't have to stop RPC Helper, but had to Disable it.
Control.exe, and Shell.dll were in their proper places.
Ran SpySweeper and old AdAware. Restarted and ran AdAware SE. The new AdAware found 46 files! I uninstalled the remains of an unused MacAfee and will install a SpySweeper Firewall. Thank you so much for your help. My computer feels baby-fresh! Am I virus free yet?
I hope CreteMonster gets well soon!

Logfile of HijackThis v1.99.1
Scan saved at 2:04:07 AM, on 8/1/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\system32\CTSvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\qttask.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\My Stuff\Computer\Virus Protection\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe"
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51F15E65-686F-4CC9-8F95-E48CE35D4784}: NameServer = 151.203.0.84 151.203.0.85
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTSvcCDA.EXE
O23 - Service: Digimation Protection Server (DigiPSrv) - Unknown owner - C:\3DSMAX~1\Digipsrv.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE

[B]

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:18 AM

Posted 01 August 2005 - 04:43 AM

Hello,

I see a clean log. :thumbsup:

About the antivirus... You say you are going to use Spysweeper firewall??, well, spysweeper is a great antispywarescanner, but is no firewall and is no antivirus. It only catches spyware. It's not free either.... so after the trial of 30 days, you need to pay for it, otherwise it wont update anymore.. and it's really important you update!
Look in my signature for free antispwywarescanners.

So, because spysweeper is no antivirus and a firewall, I strongly suggest you install an antivirus and firewall:

AVG, Bitdefender OR Avast are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decreases the reliability of it seriously!
Zonealarm, Kerio OR Sygate are FREE firewalls.

Understanding and using firewalls:
http://www.bleepingcomputer.com/forums/ind...showtutorial=60

Happy surfing again!!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 !XyloFone!

!XyloFone!
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 01 August 2005 - 01:18 PM

WOOHOO! Thanks Miekiemoes!
Yeah, I'm using a trial version of Spysweeper, but recently I bought SpySweeper "Firewall" in addition to the spyware protection (two boxes wrapped together). I haven't opened the package yet. I may return it and just use on of the free ones you mentioned. Thank you for your advice and your time!

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:18 AM

Posted 01 August 2005 - 01:26 PM

If you bought it I'll use it then, because spysweeper is great! :thumbsup:

Glad I could help you. :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:18 PM

Posted 07 August 2005 - 02:19 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users