Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Virus?


  • This topic is locked This topic is locked
10 replies to this topic

#1 TayBoy

TayBoy

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 03 December 2006 - 01:36 AM

Hey Everyone, this is my first time posting on this forum. My apologies in advance if this isn't the right place to be posting this topic.

I'm posting regarding a couple of problems with my computer which I would be extremely greatful if anyone could help me out..

1. Protection Bar (Unwanted Protection Bar Below My Address Bar)

2. Recieving Tons Of Pop Ups Including Porn Ones (Please note that I have never been to such sites)

3. Security Alerts (Receiving warnings in my task bar stating that I am infected with spyware and to run its special anti-spyware tool.)

I am very particular about having my computer virus free. I own the following,
- Ad Aware SE Professional
- Spybot
- AVG Antivirus
- Pop-Up Stopper Professional

I have done scans for the following software, but they don't seem to be doing anything in resolving my problems

Thank You Very Much

Edited by TayBoy, 03 December 2006 - 02:13 AM.


BC AdBot (Login to Remove)

 


m

#2 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:07:48 PM

Posted 03 December 2006 - 02:17 AM

There are several kinds of malware that can cause what you describe.

What browser are you using?

Protection Bar (Unwanted Protection Bar Below My Address Bar

Is that what you are using to describe IE's toolbars?

Security Alerts (Receiving warnings in my task bar stating that I am infected with spyware and to run its special anti-spyware tool.)

That can be Messenger Service spam.
Messenger (not to be confused with MSN Messenger, AOL IM or any other internet messenger) was originally created for system administrators and users to communicate with other users on large networks.
Spammers have figured out how to send spam with it taking advantage of exploits on your computer.
What you describes sounds like
Windows Messenger Spam
To block the spam is to turn off Messenger Service.
To do that:
--In Windows XP, click Start>>Control Panel
--In Windows 2000, click Start>>Settings>>Control Panel
In both versions:
--Double click Administrative Tools
--Double click Services
--Double click Messenger
--Under Service Status, click Stop
--In the box next to Startup Type, select Disabled
--Click Apply>>OK

Alternatively, and a lot easier, you can download a small program that will disable Messenger Service called “Shoot The Messenger” which will disable Messenger Service and is available at"
http://www.grc.com/freepopular.htm
Download and run “Shoot The Messenger”


Have you updated Windows XP to SP2?
Have you run scans with Adaware and Spybot (after updating their definition files?)

If not, do so. Make sure you update each ap before you run it.
Set them to fix what they find.

Have you upgraded AVG to V7.5?
If not, do so, then update the definitions files and run a complete scan.
Post whatever it finds here.

After completing that do the next scans using Internet Explorer only as they need Active X to work:

Windows One Care Free Scan

Go to Windows Live Onecare Free Scan (using Windows Explorer only)
It will say "Get a free PC safety scan"
http://safety.live.com/site/en-us/default.htm

Make sure you click "Full Service Scan" in the middle of the page and
not the "Try It Now Free" on the right side.

Allow it to download the Active X components.
Choose "Complete Scan" in the window that opens
Click "Next"
Do not click on anything else that offers you a free trial or to sign up if you live in the US.

Allow it to scan - it may take quite, maybe two hours or so depending on how big your hard drive is and how fragmented your registry and drive are.

then run the following (with IE):
Trend Micro antivirus and malware scan:
http://housecall-beta.trendmicro.com/en/st...orp.asp?id=scan

Windows Security Trojanscan
http://windowsecurity.com/trojanscan
See instructions for it here:
http://www.windowsecurity.com/trojanscan/trojanscan.asp


Did any of the above find anything, and what exactly did they find?

Edited by Enthusiast, 03 December 2006 - 02:20 AM.


#3 DemonSui

DemonSui

  • Members
  • 325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hammond, IN
  • Local time:07:48 PM

Posted 03 December 2006 - 02:25 AM

SP2 Solves this problem, I had been updrading since a reformat (willingly, just because) and on SP1 I got alot of those. but I've moved onto SP2 and none have showed up
Let free your emotions so I can destroy them!

PSP M33 USER.

MY new PC is a laptop and I love it.

#4 TayBoy

TayBoy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 03 December 2006 - 02:29 AM

Thanks a lot for your quick response,
I am currently doing the 2 scans you suggested I should do. While doing them, I've been looking around when I came accross a program named 'HiJackThis'. If it helps, here is my logfile after scanning with 'HiJackThis'

Logfile of HijackThis v1.99.1
Scan saved at 4:12:14 PM, on 3/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Video ActiveX Object\pmsngr.exe
C:\Program Files\Video ActiveX Object\isamonitor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Video ActiveX Object\pmmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Donna Loo\My Documents\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Program Files\Video ActiveX Object\isaddon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OptusNet DSL Setup] D:\OptusNet.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Remote Dog Roam Drv] C:\Documents and Settings\All Users\Application Data\Inside Hole Remote Dog\magsace.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [liesthunk] C:\DOCUME~1\DONNAL~1\APPLIC~1\CLOCKA~1\regs bags.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\Documents and Settings\Donna Loo\Desktop\BackUp\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Documents and Settings\Donna Loo\Desktop\BackUp\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...tallMgr_v01.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162610480546
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - http://www.ilkr.com/update/ansim/ilkactx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#5 DemonSui

DemonSui

  • Members
  • 325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hammond, IN
  • Local time:07:48 PM

Posted 03 December 2006 - 02:37 AM

I think I see at least one thing that might be malware, you should post this log in the hijackthis logs section though


disclaimer?: I'm not a malware expert, I cannot diagnose, or treat a computer for malware. nor can I state these comments as official word of pc health, this is entirely my view. You should post in the logs section however, and not here.

to mod: if you split the topic and delete this post, no need to tell me

this is the link for that section: http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Edited by DemonSui, 03 December 2006 - 02:41 AM.

Let free your emotions so I can destroy them!

PSP M33 USER.

MY new PC is a laptop and I love it.

#6 TayBoy

TayBoy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 03 December 2006 - 02:54 AM

Cheers mate

#7 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:07:48 PM

Posted 03 December 2006 - 02:55 AM

SP2 Solves this problem, I had been updrading since a reformat (willingly, just because) and on SP1 I got alot of those. but I've moved onto SP2 and none have showed up


The system must be cleaned of malware before the attempt to install SP2 should be tried.
SP2 can react unpredictably when malware is present and not removed first.

#8 DemonSui

DemonSui

  • Members
  • 325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hammond, IN
  • Local time:07:48 PM

Posted 03 December 2006 - 02:59 AM

I had no malware and was getting those, It's a hack, not malware. SP2 covers that hole
how do I know this? I never went to any sites but the update one

Edited by DemonSui, 03 December 2006 - 03:00 AM.

Let free your emotions so I can destroy them!

PSP M33 USER.

MY new PC is a laptop and I love it.

#9 TayBoy

TayBoy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 03 December 2006 - 03:25 AM

Aaaannyyway....
I'm most concerned about porn pop ups. Any suggestions??

http://www.bleepingcomputer.com/forums/t/74127/help-infected/

Edited by TayBoy, 03 December 2006 - 03:27 AM.


#10 zbd

zbd

  • Members
  • 390 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 03 December 2006 - 11:45 AM

Follow some of these suggestions: http://computercleanup.blogspot.com/

#11 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:07:48 PM

Posted 03 December 2006 - 12:06 PM

Once a HJT jog is posted, and assuming you followed the Preparation Guide instructions, please refrain from making major changes to your computer because these could invalidate the data in the log upon which someone trying to help you is relying.
Thanks,
John
Whereof one cannot speak, thereof one should be silent.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users