Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Video Activex Access Removal


  • Please log in to reply
4 replies to this topic

#1 savalloyd

savalloyd

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 08 July 2007 - 03:47 PM

Uninstalled it but the files just wont delete, flashing icons, pop ups and a crappy new homepage
I have read quite a few topics that have already been started on this, but I still cant get my head round it.
Tried downloading smitfraud but it just comes up as a virus and wont run.
I just want the files off my computer its annoying the hell outta me =( would be very grateful if someone cold help.

BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:42 PM

Posted 08 July 2007 - 04:44 PM

Hi savalloyd
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Have you tried switching off your anti virus and then running the program?

BBPP6nz.png


#3 savalloyd

savalloyd
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 08 July 2007 - 05:05 PM

hahaha nope, man im blonde!

'tis running now and i got this after i pressed search(1) installed avg aswell.
SmitFraudFix v2.201

Scan done at 23:03:29.31, 08/07/2007
Run from C:\Program Files\DC++\Downloads\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Video ActiveX Access\iesmn.exe
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Lloyd Smissen


C:\Documents and Settings\Lloyd Smissen\Application Data


Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

C:\DOCUME~1\LLOYDS~1\FAVORI~1


Desktop


C:\Program Files

C:\Program Files\Video ActiveX Access\ FOUND !

Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{98ca7898-6029-41ab-8f67-ea4f5e1afc22}"="biocomputing"

[HKEY_CLASSES_ROOT\CLSID\{98ca7898-6029-41ab-8f67-ea4f5e1afc22}\InProcServer32]
@="C:\WINDOWS\system32\myqlejy.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{98ca7898-6029-41ab-8f67-ea4f5e1afc22}\InProcServer32]
@="C:\WINDOWS\system32\myqlejy.dll"



AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Rustock



DNS

Description: Broadcom 802.11b/g WLAN - Packet Scheduler Miniport
DNS Server Search Order: 10.0.0.2

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F70865D4-EDF0-482B-9CCB-3CAEDCE2A997}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F70865D4-EDF0-482B-9CCB-3CAEDCE2A997}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F70865D4-EDF0-482B-9CCB-3CAEDCE2A997}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F70865D4-EDF0-482B-9CCB-3CAEDCE2A997}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2


Scanning for wininet.dll infection


End

Edited by savalloyd, 08 July 2007 - 05:57 PM.


#4 savalloyd

savalloyd
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 08 July 2007 - 09:13 PM

i went through a tutorial and it all seems to be deleted.
my desktop background has gone bk to default, is that an indicator that im not infected anymore?

Edited by savalloyd, 08 July 2007 - 09:14 PM.


#5 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:09:42 AM

Posted 08 July 2007 - 09:21 PM

You may not be completely clean yet. There are two more things that I would recommend that you do:

download Rogue Remover Free install, update and scan. remove anything that it finds.

download SuperAntiSpyware Free, install, update, run a complete scan. Let SAS remove anything that it finds. SAS may need to restart your machine. Let it. Post back with your results.

Thanks OF
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users