Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sudden Onslaught Of Popups


  • Please log in to reply
1 reply to this topic

#1 justlearning

justlearning

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 20 October 2005 - 08:40 AM

I recently installed 2 new hardrives through a USB 2 connection. after starting the computer backup... im suddenly attacked by all this spyware. I have adwatch running and ran aware and spybot scan and found a ton of stuff there. i ran a scan a week earlier and nothing was there. It seems to significantly slow my internet connection and while surfing it takes hold of my surf window(FIREFOX) and redirects it. when the comp starts it says, "problem finding file, "oqex132.dll" DllGetVersion" - and than a cmd.exe window is open as well as SiteBar!. a few of the different sites that popup are 'spotresults' 'shopathomeselect' 'searc-h' and 'free-songs' to name a few. here's my HIJACK THIS LOG... someoneplease help.

Logfile of HijackThis v1.99.1
Scan saved at 8:47:14 AM, on 10/20/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\System32\devldr32.exe
C:\HijackThis.exe

O2 - BHO: (no name) -{00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
C:\WINDOWS\System32\ddcyw.dll
O3 - Toolbar: &Radio -{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXEC:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/...b?1121296679250
O20 - Winlogon Notify: ddcyw - C:\WINDOWS\SYSTEM32\ddcyw.dll
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\i2nm0c51ef.dll
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "C:\Program
Files\Alias\Maya6.0\docs/Wrapper.conf (file missing)
O23 - Service: Fipreds - Unknown owner - (no file)
O23 - Service: iPod Service (iPodService) - Apple
Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD -
Unknown owner - C:\Program Files\Common Files\element5
Shared\Service\Licence Manager ESD.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\SNDSrvc.exe

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:09 AM

Posted 26 October 2005 - 09:08 AM

Download this tool and save it to your desktop. Then double click the tool and follow the instructions.

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

When its done, reboot and post the log that is created on your desktop called VBG.TXT. You can also now try deleting the following files:

C:\WINDOWS\SYSTEM32\ddcyw.dll
:\WINDOWS\system32\i2nm0c51ef.dl

Then start hijackthis and fix the following entries:


O2 - BHO: (no name) -{00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
C:\WINDOWS\System32\ddcyw.dll
O20 - Winlogon Notify: ddcyw - C:\WINDOWS\SYSTEM32\ddcyw.dll
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\i2nm0c51ef.dll
O23 - Service: Fipreds - Unknown owner - (no file)

Reboot and post a new log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users