Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Think I've Got Adware.intcodec, Adware.180solutions, Zlob.mpvideocodec


  • Please log in to reply
1 reply to this topic

#1 Tyson_k

Tyson_k

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 22 October 2006 - 07:18 AM

I accidently clicked a link in my email and all of a sudden it said - do you want your homepage changed - I quickly went to ctrl alt delete to end the process - as it wouldn't let me close the internet window. I did a spybot scan and adware. I haven't encountered any problems yet but - coming from past experiences - the moment I shut down the computer and reboot - I think the programs will execute - so I haven't turned off the computer yet (this only happened a couple of hours ago). I haven't used ewido in safe mode yet as I don't want to shut down the computer yet.

I've done a panda active scan and also panda's spyware scan. I also have a hijack this log, ewido scan and I'll even include spybot's and adaware scan. I uninstalled my antivirus as it was due to expire and haven't gotten a new one. I was thinking along the lines that I really didn't need it. I was also wondering - having spent so many hours trying to fix previous spyware damage - is it worth actually buying spyware software - is it better than the freeware stuff like spybot or adaware?? Cause everytime I do get spyware - SPybot and adaware is useless - even ewido. Is there a spyware program that I can pay for that will just do the trick? What is the best anti virus to use?? Is there any really good ones?
Any help at all is much appreciated.


ewido anti-spyware - Scan Report---------------------------------------------------------

+ Created at: 8:59:05 PM 22/10/2006

+ Scan result:


Spybot report

C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\8XMN8L6Z\Setup[1].exe -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-3982270054-456278397-699396109-1004\Software\Internet Security -> Adware.IntCodec : Cleaned with backup (quarantined).
C:\Documents and Settings\User\Cookies\user@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\User\Cookies\user@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\User\Cookies\user@newsinteractive.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\User\Cookies\user@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\User\Cookies\user@viamtvcom.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\User\Cookies\user@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\User\Cookies\user@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\User\Cookies\user@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).


::Report end

--- Report generated: 2006-10-22 18:15 ---

Vcodec.eMedia: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VSEnchancer.Chl

Zlob.MPVideoCodec: Program directory (Directory, fixed)
C:\Program Files\MPVIDEOCODEC\

Zlob.MPVideoCodec: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\EMediaCodek.Chl

Zlob.MPVideoCodec: Uninstall settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPVIDEOCODEC

HitBox: Tracking cookie (Internet Explorer: User) (Cookie, fixed)


MediaPlex: Tracking cookie (Internet Explorer: User) (Cookie, fixed)


HitBox: Tracking cookie (Internet Explorer: User) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-02-28 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-10-20 Includes\Cookies.sbi (*)
2006-10-13 Includes\Dialer.sbi (*)
2006-10-20 Includes\DialerC.sbi (*)
2006-10-13 Includes\Hijackers.sbi (*)
2006-10-20 Includes\HijackersC.sbi (*)
2006-10-20 Includes\Keyloggers.sbi (*)
2006-10-20 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-10-13 Includes\Malware.sbi (*)
2006-10-20 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-10-20 Includes\PUPSC.sbi (*)
2006-10-20 Includes\Revision.sbi (*)
2006-10-13 Includes\Security.sbi (*)
2006-10-20 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-10-20 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-10-13 Includes\Trojans.sbi (*)
2006-10-20 Includes\TrojansC.sbi (*)


Activescan


Incident Status Location

Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\new user\Cookies\new user@ccbill[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\new user\Cookies\new user@drivecleaner[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\new user\Cookies\new user@stats.drivecleaner[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\new user\Cookies\new user@www.drivecleaner[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\User\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\User\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\User\Desktop\Spyware Control\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\User\Desktop\Spyware Control\smitRem\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Roguescanfix\Process.exe

Incident Status Location
spyXposer - panda

Spyware:Cookie/Ccbill Reported C:\Documents and Settings\new user\Cookies\new user@ccbill[1].txt
Spyware:Cookie/DriveCleaner Reported C:\Documents and Settings\new user\Cookies\new user@drivecleaner[1].txt
Spyware:Cookie/DriveCleaner Reported C:\Documents and Settings\new user\Cookies\new user@stats.drivecleaner[2].txt
Spyware:Cookie/DriveCleaner Reported C:\Documents and Settings\new user\Cookies\new user@www.drivecleaner[1].txt
Spyware:Cookie/2o7 Reported C:\Documents and Settings\User\Cookies\user@112.2o7[2].txt
Spyware:Cookie/BurstNet Reported C:\Documents and Settings\User\Cookies\user@burstnet[2].txt
Virus:Application/Processor Reported C:\Documents and Settings\User\Desktop\SmitfraudFix\Process.exe
Virus:Application/Processor Reported C:\Documents and Settings\User\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Virus:Application/Processor Reported C:\Documents and Settings\User\Desktop\Spyware Control\smitRem\Process.exe
Virus:Application/Processor Reported C:\Documents and Settings\User\Desktop\Spyware Control\smitRem\smitRem.exe[smitRem/Process.exe]
Virus:Application/Zango Reported C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\8XMN8L6Z\Setup[1].exe
Virus:Application/Processor Reported C:\Program Files\Roguescanfix\Process.exe

HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 10:13:53 PM, on 22/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl.optusnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140956131500
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37670.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...576/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - igfxsrvc.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edited by Tyson_k, 22 October 2006 - 04:49 PM.


BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:59 PM

Posted 30 October 2006 - 05:03 PM

Hello Tyson_k and welcome to the BC HijackThis forum. I see no signs of viruses or malware in the log. It is clean.

Most of the reports only show cookies so no problems there. Spybot appears to have fixed a couple of registry entries related to a codecs file so it was doing what it was supposed to do.

As far as an anti-virus, I wouldn't recommend not having one if you ever connect to the internet. That would be like putting on a blindfold and playing in the middle of a highway. Sooner or later you are probably going to get hit by a car. Using a commercial anti-virus versus a free one is personal preference. Avast and AVG are excellent free versions and perform as well as any of the commercial applications out there. There is no 1 anti-virus application that can catch everything. Infections just change too quickly. But not having anything is living on the edge.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users