Jump to content


Photo

‘spylocked’ has messed my PC up!!!


  • Please log in to reply
2 replies to this topic

#1 LicensingOfficer

LicensingOfficer

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 31 May 2007 - 04:25 PM

My Norton Internet Security 2006 was asking to be updated, and as it happened my IS provider informed that their freebie product was available. So as am strapped for cash right now, I downloaded and used the ‘Virgin PCguard’ freebie.
The conscience of this was that my PC would, for no apparent reason, regularly show a blue screen with a dialog that informed me that there was an error.

As a result, I uninstalled this program and went on the hunt for another free substitute. That’s when my troubles really started.

I must have downloaded my problems with one or more of the various the products I looked at. My PC has become infected by some sort of a virus. I think it is called / adwear or malwear. It created a flashing icon in the taskbar and from this icon intermittently came a message informing me that my pc’s system was infected. If I clicked onto the icon it directed my browser to a web site. As I recall, the site was called ‘spylocked’. I know I should have made proper a note, but I did not think this virus would have caused me so much trouble.

I Google’ed the symptoms and looked around for a fix. I came across a site where it appeared that my situation had been noted. They explained and offered a remedy. I duly carried out their instructions and to my delight it got rid of the dam icon and stopped the consent interruptions.

What the remedy did not cure was two other faults that have occurred since the virus took hold.
1) I can not change the desktop background.
The desktop background had revered back to a plain blue screen and would not change.
I already have ‘Ad-aware’, that appeared to do nothing to help so I downloaded and ran ‘Spybot’. This did bring back the background picture that was showing before the virus hit. However, the background still cannot be changed.
2) The home page of my internet browser has changed form what it was set to show, and I cannot make any alteration to it.
I should say that the Windows IE 7 appears to look and work fine. I run, and prefer to use ‘Maxthon MyIE’. This did have the ‘bbc.co.uk’ home page and has now taken to showing ‘Maxthon Start Page’ I cannot make any alteration to this.

Can anybody help me please?

I have ran ‘AVG Anti-Spywear’ and here are the results:
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 22:17:14 31/05/2007
+ Scan result:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : Ignored.
I:\Documents and Settings\BECK\Cookies\beck@atdmt[1].txt -> TrackingCookie.Atdmt : Ignored.
I:\Documents and Settings\BECK\Cookies\beck@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored.
I:\Documents and Settings\User1\Cookies\user1@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Ignored.
I:\Documents and Settings\NICK\Cookies\nick@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Ignored.
I:\Documents and Settings\BECK\Cookies\beck@search.live[2].txt -> TrackingCookie.Live : Ignored.
I:\Documents and Settings\NICK\Cookies\nick@search.live[1].txt -> TrackingCookie.Live : Ignored.
I:\Documents and Settings\BECK\Cookies\beck@server.lon.liveperson[1].txt -> TrackingCookie.Liveperson : Ignored.
I:\Documents and Settings\User1\Cookies\user1@overture[1].txt -> TrackingCookie.Overture : Ignored.
I:\Documents and Settings\User1\Application Data\Sun\Java\Deployment\cache\6.0\48\580dbcb0-57ad3185/VaaaaaaaBaa.class -> Trojan.ClassLoader.f : Ignored.
I:\Documents and Settings\User1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4c22d8b9-325a0e49.zip/VaaaaaaaBaa.class -> Trojan.ClassLoader.f : Ignored.
I:\Documents and Settings\User1\Application Data\Sun\Java\Deployment\cache\6.0\48\580dbcb0-57ad3185/Dex.class -> Trojan.ClassLoader.g : Ignored.
I:\Documents and Settings\User1\Application Data\Sun\Java\Deployment\cache\6.0\48\580dbcb0-57ad3185/Dix.class -> Trojan.ClassLoader.g : Ignored.
I:\Documents and Settings\User1\Application Data\Sun\Java\Deployment\cache\6.0\48\580dbcb0-57ad3185/Dux.class -> Trojan.ClassLoader.g : Ignored.
I:\Documents and Settings\User1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4c22d8b9-325a0e49.zip/Dex.class -> Trojan.ClassLoader.g : Ignored.
I:\Documents and Settings\User1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4c22d8b9-325a0e49.zip/Dix.class -> Trojan.ClassLoader.g : Ignored.
I:\Documents and Settings\User1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4c22d8b9-325a0e49.zip/Dux.class -> Trojan.ClassLoader.g : Ignored.


::Report end

Please read our Forum FAQ in order to find out what info we need (HijackThislog) so we can help you.

Edited by miekiemoes, 31 May 2007 - 05:08 PM.


#2 LicensingOfficer

LicensingOfficer

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 01 June 2007 - 10:17 AM

As requested

Logfile of HijackThis v1.99.1
Scan saved at 16:07:58, on 01/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Windows Defender\MsMpEng.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
I:\Program Files\Analog Devices\SoundMAX\SMTray.exe
I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
I:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
I:\Program Files\Microsoft Office\Office10\WINWORD.EXE
I:\Program Files\Maxthon\Maxthon.exe
I:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
I:\Documents and Settings\User1\Desktop\HijackThis.exe\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgin.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - blank (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - blank (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] I:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] I:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RemoteControl] "I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "I:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Launch Microsoft Outlook.lnk = I:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://I:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZUxdm079YYGB
O8 - Extra context menu item: &Translate English Word - res://I:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://I:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://I:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://I:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://I:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1145301351609
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B352686-B05F-4473-8DA0-2FF1E54974A7}: NameServer = 194.168.4.100 194.168.8.100
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - I:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - I:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 03 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button