Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blackice Overboard


  • Please log in to reply
5 replies to this topic

#1 thrillhouse

thrillhouse

  • Members
  • 1,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Va
  • Local time:08:33 PM

Posted 08 May 2007 - 09:56 PM

saw this today a few times
Posted Image
awesome, thanks for the warning? :thumbsup:

BC AdBot (Login to Remove)

 


#2 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:01:33 AM

Posted 09 May 2007 - 12:06 AM

Hey thrillhouse,

could you create an unistall list for us?

Please click here to download HijackThis.

In order to install and run it, please follow the instructions at the link provided above. Should you wish to make a shortcut to the programme, please do the following:
  • navigate to c:\program files\hijackthis
  • select hijackthis.exe so that it is highlighted
  • right-click it with your mouse pointer hovering over the hijackthis.exe file
  • and choose send to --> choose desktop (create shortcut)
Once you have done this please create an uninstall list:
  • Start HiJackThis
  • Press 'Config'
  • Press 'Misc Tools'
  • Press 'Open Uninstall Manager'
  • Press 'Save List'
  • Save the log to a convenient location
We could then see which one is installed that causes this warning :thumbsup:

Rogue- / Suspect-Antivirus list - this is the list to go by if you are looking for a rogue candidate.

Rgds.

Johannes

Edited by Yourhighness, 09 May 2007 - 12:08 AM.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#3 thrillhouse

thrillhouse
  • Topic Starter

  • Members
  • 1,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Va
  • Local time:08:33 PM

Posted 09 May 2007 - 12:33 AM

hey, thanks buddy!

I didn't think it was serious though because it was seeing firefox as the threat. I redid my baseline in BlackIce and it doesn't come up anymore but here is the list regardless (it all looks like stuff I use though):

Ad-Aware SE Professional
ADM Files For XP SP2
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0
AIM+ (remove only)
ALPS Touch Pad Driver
AOL Instant Messenger
Apple Software Update
Audacity 1.2.6
Audio Conversion Wizard 1.8
BitComet 0.62
BitComet Acceleration Patch 4.3.0.1
BlackICE
BootSkin
Broadcom Driver Installer
BT Helper 1.4
Capcom Arcade Hits Volume 1
CCleaner (remove only)
Conexant D480 MDC V.92 Modem
Cryptext (Remove Only)
Curitel PC Card Software
Dell Modem-On-Hold
Dell ResourceCD
Digital Line Detect
Easy CD Creator 5 Platinum
Flashants SWF2Video 1.1 Trial
Google Earth
HijackThis 1.99.1
Hotfix for Windows XP (KB926239)
hp instant support
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2100 series
hp psc 2100 series
InstallShield for Microsoft Visual C++ 6
Intel® PROSet
ISO Recorder
iTunes
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
K-Lite Codec Pack 2.76 Basic
LimeWire PRO 4.10.0
LinkScanner
McAfee Alert Manager
McAfee VirusScan Enterprise
MCE 2005 STB Controller
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Visual Studio 6.0 Professional Edition
Microsoft Web Publishing Wizard 1.53
Microsoft Windows Journal Viewer
mIRC
Modem Helper
Mozilla Firefox (2.0.0.3)
MP3 Repair Tool v1.5.2
MSXML 4.0 SP2 (KB927978)
Mulberry - Email and Calendaring from the Group Up
NewsBin Pro 4.2
NVIDIA Drivers
OpenSSL 0.9.6m
PCI 7510/4510 Cardbus Controller with SmartCard and Software
PeerGuardian 2.0
PuTTY version 0.59
QuickSet
QuickTime
QuickTime Alternative 1.78
RapidCheck v0.1
Riva FLV Encoder 2.0
Roxio CDEngine
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
SigmaTel AC97 Audio Drivers
Skype 2.5
SMSC IrCC V5.1.3600.3
SoulSeek 157 test 8
SphereXP 1.1.626
Spybot - Search & Destroy 1.4
SUPER Version 2007.bld.22 (Mar 14, 2007)
TMPGEnc 3.0 XPress
Tweak UI
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Venturi Client 3.1.4
VideoLAN VLC media player 0.8.5
VZAccess Manager
WebEx
Windows Installer Clean Up
Windows Media Format 11 runtime
Windows Media Lite 2.4.0
Windows Media Player Firefox Plugin
WinRAR archiver
WinTEC 3.4.1
XP Codec Pack
XP Smoker Pro 5.0

p.s. I was having the blue screen of death on restarts every few times, don't know if that is related, but here is a shameless link to my hijack this log: http://www.bleepingcomputer.com/forums/ind...=22&t=91374

#4 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:01:33 AM

Posted 09 May 2007 - 01:55 AM

I didn't think it was serious though because it was seeing firefox as the threat. I redid my baseline in BlackIce and it doesn't come up anymore but here is the list regardless (it all looks like stuff I use though):

It did not take Firefox as the thread, but rather the tool that used Firefox to "phone home" :thumbsup:

I am at work now so cannot really respond now.

Please do not attach your log. Can you make a fresh one and post it again there?
Please read and do the tasks mentioned here: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Steps you have already done can naturally be omitted. When posting a log, do not reply to yourself this is considered bumping and you will also fall through the "grid" we use to detect unanswered HJT logs...I will make a post at a subforum to see if someone can take a peak at your log later on.

I will also post a link to this thread, as what you described here, should ve been mentioned in your topic with the HJT log and not by itself.

Regards,

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#5 thrillhouse

thrillhouse
  • Topic Starter

  • Members
  • 1,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Va
  • Local time:08:33 PM

Posted 09 May 2007 - 03:26 AM

thanks for the help! didn't realize you are supposed to leave your hijack this thread alone untill someone reads it, makes sense though.

Edited by thrillhouse, 09 May 2007 - 03:44 AM.


#6 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:07:33 PM

Posted 09 May 2007 - 07:48 AM

Until the new log is reviewed, do not make any significant changes to your computer that might invalidate the data in the HJT log. Members should consider this thread temporarily closed until that process is completed.
Regards,
John
Global Moderator
Whereof one cannot speak, thereof one should be silent.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users