Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winantivirus2006 And Errorsafe Popups


  • Please log in to reply
7 replies to this topic

#1 fatherom

fatherom

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 30 June 2006 - 09:21 PM

Hi,

I've tried Norton Antivirus 2006 and Ad-Aware. No joy. Here's my HijackThis log...

Logfile of HijackThis v1.99.1
Scan saved at 10:17:57 PM, on 6/30/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\System32\r_server.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\System32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\IP Monitor\IPMonitor.exe
C:\Program Files\girder32\Girder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5fb069dc-8b2f-493e-83f0-eea3fac58c60} - C:\WINDOWS\system32\fhlgX7.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - Startup: IPMonitor.lnk = C:\Program Files\IP Monitor\IPMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Druid: Download All Files - C:\Program Files\XemiComputers\Download Druid\Druid.html
O8 - Extra context menu item: Druid: Download Highlighted Files - C:\Program Files\XemiComputers\Download Druid\DruidHighLighted.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Download - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\XemiComputers\Download Druid\Druid.exe
O9 - Extra 'Tools' menuitem: Druid: Download All Files - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\XemiComputers\Download Druid\Druid.exe
O9 - Extra button: Druid Bar - {A6B25D86-CB76-44C1-8E35-328EE8F4BEF0} - C:\Program Files\XemiComputers\Download Druid\DruidBar.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB
O20 - Winlogon Notify: fhlgX7 - C:\WINDOWS\SYSTEM32\fhlgX7.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.EXE (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\System32\r_server.exe" /service (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:24 PM

Posted 01 July 2006 - 05:31 AM

Hey fatherom, welcome to BleepingComputer.

It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. It is important that you complete the following instructions in the correct order, and also that you don't miss anything out!

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens,Click Scan for Vundo button.
  • Once the scan is complete,Right Click inside the listbox (white box) and click add more files
  • Copy&Paste the 2 entries below into the top 2 boxes
    • C:\WINDOWS\SYSTEM32\fhlgX7.dll
    • C:\WINDOWS\system32\7Xglhf.*
  • Click Add Files and Click Close Window
  • Click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
David

#3 fatherom

fatherom
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 01 July 2006 - 07:55 AM

Hi there,

Thanks for the assistance so far. I wasn't able to run VundoFix as a task (the window would go away and never return)...so I just ran it without checking the checkbox...hope that's OK!

Also (not sure if this matters), I didn't seem to have any files that matched C:\WINDOWS\system32\7Xglhf.*

Here are the logs:

========================================

VundoFix V4.2.84

Checking Java version...

Scan started at 8:51:00 AM 7/1/2006

Listing files found while scanning....


No infected files were found.

Attempting to delete C:\WINDOWS\SYSTEM32\fhlgX7.dll
C:\WINDOWS\SYSTEM32\fhlgX7.dll Has been deleted!

Performing Repairs to the registry.
Done!

========================================

Logfile of HijackThis v1.99.1
Scan saved at 8:54:42 AM, on 7/1/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\System32\r_server.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\System32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\IP Monitor\IPMonitor.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5fb069dc-8b2f-493e-83f0-eea3fac58c60} - C:\WINDOWS\system32\fhlgX7.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - Startup: IPMonitor.lnk = C:\Program Files\IP Monitor\IPMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Druid: Download All Files - C:\Program Files\XemiComputers\Download Druid\Druid.html
O8 - Extra context menu item: Druid: Download Highlighted Files - C:\Program Files\XemiComputers\Download Druid\DruidHighLighted.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Download - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\XemiComputers\Download Druid\Druid.exe
O9 - Extra 'Tools' menuitem: Druid: Download All Files - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\XemiComputers\Download Druid\Druid.exe
O9 - Extra button: Druid Bar - {A6B25D86-CB76-44C1-8E35-328EE8F4BEF0} - C:\Program Files\XemiComputers\Download Druid\DruidBar.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.EXE (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\System32\r_server.exe" /service (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

========================================

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:24 PM

Posted 01 July 2006 - 07:58 AM

Hey fatherom,
Vundo fix ran well and did what its job, so don't worry about any complications there.

*Now start a new scan with HJT and place a checkmark next to each of the following items (if present):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O2 - BHO: (no name) - {5fb069dc-8b2f-493e-83f0-eea3fac58c60} - C:\WINDOWS\system32\fhlgX7.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB


* Make sure your Internet Explorer is closed and click on "Fix Checked" and exit HijackThis when finished.

As with all malware like this, it never comes alone and there are probably infected files left on your computer. Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report in your next reply by using Add Reply.
David

p.s. Also let me know how the computer is running. Anymore popups etc....

#5 fatherom

fatherom
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 01 July 2006 - 09:10 AM

Thanks again so much for all your help so far...

I haven't seen any popups since I ran VundoFix. Although, I haven't done too much on my PC either. :thumbsup:

I ran the PandaScan. The first time, it found 6 viruses, which it disinfected, and 46 spyware items. When I went to save the scan log, IE crashed. I re-ran the scan. It found 45 spyware items. Here's the log:


Incident Status Location

Adware:adware/tvmedia Not disinfected C:\Documents and Settings\Chris OMalley\Application Data\tvmcwrd.dll
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@adopt.hbmediapro[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@advertising[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@as-us.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@belnk[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@burstnet[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@cdfreaks[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@club.cdfreaks[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@com[1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@data.coremetrics[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@doubleclick[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@entrepreneur[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@errorsafe[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@fe.lea.lycos[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@fe.lea.lycos[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@go[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@mediaplex[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@microsofteup.112.2o7[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@questionmarket[1].txt
Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@research-int[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@searchportal.information[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@stats1.reliablestats[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@statse.webtrendslive[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@target[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@toplist[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@tribalfusion[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@www.burstbeacon[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@www.myaffiliateprogram[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Chris OMalley\Cookies\chris omalley@yadro[1].txt
Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\Chris OMalley\Local Settings\Temp\Belt.ini
Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Chris OMalley\Local Settings\Temp\Cookies\chris omalley@abetterinternet[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Chris OMalley\Local Settings\Temp\Cookies\chris omalley@atwola[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Chris OMalley\Local Settings\Temp\Cookies\chris omalley@offeroptimizer[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Chris OMalley\Local Settings\Temp\Cookies\chris omalley@rightmedia[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Chris OMalley\Local Settings\Temp\Cookies\chris omalley@www.burstbeacon[2].txt

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:24 PM

Posted 01 July 2006 - 01:02 PM

Hi there fatherom,

Please delete the following file:
C:\Documents and Settings\Chris OMalley\Application Data\tvmcwrd.dll

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
I now see a clean computer! Let me know if the popups have stopped.
David

#7 fatherom

fatherom
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 01 July 2006 - 09:30 PM

Thanks for all your help...everything looks good so far!

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:24 PM

Posted 02 July 2006 - 03:53 AM

Glad I could help! :thumbsup:
The latest log is looking clean!
Follow this list and your potential for being infected again will reduce dramatically.

Use an Anti Virus Software -
* It is very important that your computer has an anti-virus software running on your machine.
* This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
* Click here for more information on -> * Computer Safety On line - Anti-Virus[
* I would recommend Grisoft's AVG or AVAST.
* These are the more secure and better ones.

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall -
* I can not stress how important it is that you use a Firewall on your computer.
* Without a firewall your computer is susceptible to being hacked and taken over.
* Simply using a Firewall in its default configuration can lower your risk greatly.
* For an article on Firewalls and a listing of some available ones see the link below:
* Click here for more information on -> Computer Safety On line - Software Firewalls
* I would recommend ZoneAlarm as a firewall as it's easy to use.

Visit Microsoft's Windows Update Site Frequently -
* It is important that you visit http://www.windowsupdate.com regularly.
* This will ensure your computer has always the latest security updates available installed on your computer.
* If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly

Install Spybot© - Search and Destroy- Install and download Spybot - Search and Destroy with its TeaTimer option.
* This will provide real-time spyware & hijacker protection on your computer alongside your virus protection.
* You should also scan your computer with program on a regular basis just as you would an anti virus software.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Lavasofts© Ad-Aware - Install and download Ad-Aware.
* You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Javacools© SpywareBlaster -
* SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
* A article on anti-malware products with links for this program and others can be found here:
* Click here for more info -->Computer Safety on line - Anti-Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

If you have any addition questions just ask...
David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users