Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop Up's Keep Coming Back


  • Please log in to reply
1 reply to this topic

#1 Mhenry

Mhenry

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 22 March 2006 - 02:49 PM

I uses Vundofix, ad-aware, spybot, xoft, avg, House call, Microtrend,

Don't know what to do next?

here is my info

Logfile of HijackThis v1.99.1
Scan saved at 1:48:37 PM, on 3/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.Begin2Search.com/search.html
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ginewwellness.ca
O17 - HKLM\Software\..\Telephony: DomainName = ginewwellness.ca
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ginewwellness.ca
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\o8roli9318.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE

BC AdBot (Login to Remove)

 


m

#2 Cloutz

Cloutz

    The Malware Killa


  • Members
  • 150 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec
  • Local time:06:10 AM

Posted 22 March 2006 - 08:53 PM

Hello Mhenry,

Welcome to BleepingComputer!

My name is Nick and I will be checking over your log.

Let's get started.

You will want to print or save these instructions.

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of Look2Me-Destroyer.txt (it can be found wherever you saved Look2Me-Destroyer.exe) and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

I highly suggest you get rid of BearShare. It is a P2P program which is usually the cause for malware.
Read here for more information on clean and infected File Sharing Programs.

Click Start> Control Panel > Add/Remove Programs and remove:

BearShare

Please note any other programs that you dont recognize in that list in your next response

Reboot your computer once more.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Please include the following in your next reply:
Fresh HijackThis Log
Panda ActiveScan Report
Contents of Look2Me-Destroyer.txt

Thanks,
Nick
Posted Image Did I help? Please consider a small donation via paypal. Thank You.

Ad-Aware SE|CWShredder|Spybot S&D|Ewido Security Suite|HijackThis 1.99.1

Please don't PM me asking for help. The forums are there for a reason.

Cloutz 2006




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users