Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MyDomainAdvisor Visicom_AntiPhishing.exe, and something else


  • Please log in to reply
No replies to this topic

#1 p0p

p0p

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 14 August 2012 - 09:13 AM

I was about to deal with this myself, but the more investigated the more I seemed to be out of my depth.

System information:
Windows 7 Professional 32-bit SP1
Core2Duo E8400 3Ghz

HiJackThis this reports that:
"For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HiJackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click Start, Run, and type:

notepad C:\Windows\System32\drivers\etc\hosts

and press Enter. Find the line(s) HiJackThis reports and delete them. Save the file as 'hosts.' (with quotes), and reboot.'

After that comes a pop-up with "Cannot find the C:\Program Files\Trend Micro\HiJackThis.log file. Do you want to create a new file?"

In the log that appears, there are some entries of interest:

"R3 - URLSearchHook: (noname) - {default} - {no file}"
"O2 - BHO: (noname) - {default} - (no file)"
"O3 - Toolbar: (noname) - {default} - (no file)"
"O4 - HKLM\..\Run: [Anti-Phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

Everything else looks fine.

I tried ticking them and fixing them, to no avail.


In RegEdit, in HKEY_LOCAL_MACHINE/SOFTWARE/Conduit/AppPaths/ there are some residual REG_SZ files from "Free Sound Recorder", that won't go away.
There's also a Tarma Installer folder with some REG_SZ files in it that may be associated with that.


I would appreciate some help - not just to fix the problem, but to understand what's happening in the system.

Thanks in advance.

Edited by hamluis, 14 August 2012 - 04:38 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users