Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo account spamming contacts


  • Please log in to reply
30 replies to this topic

#16 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:03 PM

Posted 11 February 2013 - 09:33 AM

Also, I'm pretty sure I do not need the  HLV Compatibility Software - but I do not see anything related in Add/Remove Programs. There is something called hlVista and the publisher is Hexalok.

 
Some sort of CD copy protection software.
===
 
 
 
 
If you no longer use this tvunetwork then add this line
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
 
After the FF - Ext: Firefox Synchronisation Extension:.... in the Firefox section above
 
Open notepad and copy/paste the text in the quote box below into it:
 
DDS::
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
 
Firefox::
FF - ProfilePath - c:\users\foreverrogue\appdata\roaming\mozilla\firefox\profiles\n1xc1hju.default\
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension
 
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
 
ClearJavaCache::
 
 
Save this as CFScript.txt on your desktop.
 
 
Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
 
 
p.s.
If you no longer use this tvunetwork then add this line
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
 
After  FF - Ext: Firefox Synchronisation Extension:.... in the Firefox section above
 
===
 
Please download SystemLook from one of the links below and save it to your Desktop.
 
If your operating system is 64 bit download this tool:

  •  


  • Double-click SystemLook.exe to run it.


  • Copy and paste the content of the following bold text into the main textfield:

 
 
:regfind
runner1
updateMgr
 
 

  • Click the Look button to start the scan.


  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
 
 
Please post the logs and let me know if the problem persists.


BC AdBot (Login to Remove)

 


#17 ForeverRogue

ForeverRogue
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 11 February 2013 - 11:24 PM

The issue continues....

 

Attached File  log.txt   17.13KB   1 downloads

Attached File  SystemLook.txt   518bytes   1 downloads

 

Thakns again nasdaq - looking forward to further ideas.

 

 



#18 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:03 PM

Posted 12 February 2013 - 10:28 AM

I can only suggest you install a firewall
You can possibly update your version of Avast to include a firewall
 
Or install this free version from Comodo
 
===


#19 ForeverRogue

ForeverRogue
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 12 February 2013 - 08:28 PM

Thanks nasdaq - I have to opt for the free comodo for now.  I have had the Widows Defender runnning at times, but I think SuperAntiSpyware replaced it.  Your opinions about those two software will be appreciated. In the meantime I will DL and use Comodo.

 

There is at least one other post in the Forums about Yahoo spamming - I may review that as well.

 

I will also start using my Yahoo mail account from this computer again and see if the login gets hijacked again.

 

Thanks for all your help and time - I do understand that this is a tricky one.  I will monitor and let you guys know.

 

Thanks for a great service and site!!  See ya soon!!



#20 ForeverRogue

ForeverRogue
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 13 February 2013 - 09:49 AM

Hi nasdaq,

 

Just an update, FYI, I have Comodo Firewall installed now (thank-you for that reccomendation!), however, the issue continues.... :(

 

As an example, I am seeing numbers such as 5.084MB received and 569.7kB sent, within about 10-20 minutes.

 

I will continue to monitor and research - hoping to avoid a format

 

Thanks again for your time.



#21 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:03 PM

Posted 13 February 2013 - 11:12 AM

What is Comodo reporting?

http://help.comodo.com/topic-155-1-282-2898-how-to-view-a-report.html

 

You may also be interested in this.

http://help.comodo.com/topic-155-1-282-2884-How-To...-Tutorials.html



#22 ForeverRogue

ForeverRogue
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 16 February 2013 - 01:07 PM

Thank-you for the information!!  I will check it out and let you know what I find :)



#23 ForeverRogue

ForeverRogue
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 17 February 2013 - 09:49 PM

Hi nasdaq, I am wondering which one you would you reccommend  - Comodo or Avast?  I am going to pay for one of them, just not sure which one I should go with.

 

Your opinion/suggestion will be greatly appreciated.

 

Thanks again!  :)



#24 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:03 PM

Posted 18 February 2013 - 08:18 AM

I have always kept it in the same family.

 

You have Avast then go with it.

 

If you go with Comodo get the Virus and Firewall software.

 

You will have to remove Avast if you go with Comodo.



#25 ForeverRogue

ForeverRogue
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 18 February 2013 - 12:34 PM

Hi nasdaq - and thank-you for you for your reply.  I need to be more specific - I really like the links you've provided in regards to getting a report from Comodo.  I do not see that option with Avast.  I can get the full Avast with the firewall, but I don't see a way that Avast actually reports what Comodo will report.  This makes me want to go with Comodo instead.  Perhaps I missed it on the Avast site, but I just do not see Avast as being as comprehensive, and specifically to this issue I'm having, which as you know has been very difficult to track.  Again, going by the llinks you have provided, it 'seems' to me that I would be able to get more information from Comodo.  I guess I am asking if this is a correct assumption.

 

Thank-you again for your time. 



#26 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:03 PM

Posted 18 February 2013 - 01:39 PM

Go with your feeling. Get Comodo.



#27 ForeverRogue

ForeverRogue
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 18 February 2013 - 04:06 PM

Thanks nasdaq - I will get the Comodo and will let you know what it reports.  I figure if things do not go as well as expected, I can always go back to Avast next year.

 

Thanks again - I'll be reporting what I find



#28 ForeverRogue

ForeverRogue
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 20 February 2013 - 09:46 AM

Hi nasdaq, 

 

First, I'd like to say thank-you for turning me on to Comodo. I am very happy with the entire software suite :)  Perhaps I didn't know how to use Avast properly, but Comodo seems to have a 'ton' more features and services.

Second, the link you provided in regards to the reports was for an older version of Comodo running on a MAC!  Lol. No worries, I searched the site and found the correct information for my setup :)  

That being said, I am still not finding anything specific - I have seen extremely high Defense+ events (99.6%) but I am unable to see exactly what's causing that. I'm still new with the software and will keep looking.  Also, I am unable to 'refresh' the security events.

Last of all, I wanted to ask if you can recommend a software to monitor in more detail the internet activity. I 'think' one was suggested to me from this Forum on a previous issue, but I can't remember what it was. It may have been some sort of process monitor, but again, I'm not sure.

I know this has been a long thread and it's coming close to closing the topic... Thanks for your time, nasdaq. Thanks for Comodo. And thanks for any further suggestions!



#29 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:03 PM

Posted 20 February 2013 - 11:00 AM

The only process monitor tool I suggest is to monitor the processes in your computer.

It's this one.

 

Download this Process Explorer tool.

RUN IT AND TRY to find the Process / file that is draining your CPU.
Instructions on the help file.
 
Normally the CPU will use more of the time while a process is active.
Hope it helps.


#30 ForeverRogue

ForeverRogue
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 22 February 2013 - 09:38 AM

Hi nasdaq, 

 

Thanks for the Process Explorer. I will check it out and let you know if it turns-up anything.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users