Jump to content


Photo

OnlineSecurityWorld infecetion


  • This topic is locked This topic is locked
6 replies to this topic

#1 michadl

michadl

    Member

  • Full Member
  • Pip
  • 1 posts

Posted 03 June 2007 - 06:48 AM

Pest: ONLINESECURITYWORLD

I have read your DO THIS FIRST and have followed the instructions.
Thanks for your asistance.

Problems:
Three Shortcuts created on desktop:
- Privacy Protector (hxxttp://onlinesecurityworld.com/shandler.php?s=0)
- Error Cleaner (hxxttp://onlinesecurityworld.com/shandler.php?s=1)
- Spyware & Malware Protection (hxxttp://onlinesecurityworld.com/shandler.php?s=2)
Red Shield added in status bar.
Desktop Background was replaced with 'spacer.gif'



http addresses obfuscated

Popup Window displayed periodically and in runs of five or so, and whenever attempt to change Desktop Background (which fails)
Title: Windows Internet Explorer
Msg: Cannot find 'file:///C:/WINDOWS/privacy_danger/index.htm'. Make sure the path or Internet address is correct.

I searched other posts with similar symptoms, but the objects they indicated to look for were not found.

As per instructions i have already:
1. Run Lavasoft Adaware, it removed 38 critical entries

2. Run Spybot, it removed 6 entries.

3. Run AVG AntiSpyware 7.5
When run first time it got to a file "C:\My Work\2007_04_01_13_060.C00 and proceeded no further.
Could not cancel task and so had to shut down.
Restarted, deleted C:\My Work folder with three C00 files. AVG AntiSpy then ran through OK. (log below)

4. After reboot, shortcuts on desktop remain. but Background is now white (spacer.gif is gone).
Red Shield in status bar gone.
Still get the Windows Internet Explorer window about 'privacy_danger' on startup and if try to change display background.

5. Ran Panda Activescan. (log below)

6. Ran Kaspersky Online Scan. (log below)

7. Ran Hijackthis. No changed made. (log below)

Current Status:
- Popup Windows Internet Explorer window about 'privacy_danger' occurs on startup but is only seems to reoccur if try to change Desktop Background.
- Background white. Changes to Display settings have no effect.
- Red Shield gone from Status Bar



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:27:54 PM 3/06/2007

+ Scan result:



C:\WINDOWS\wow.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\Program Files\NewMediaCodec -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2724E072-19D0-486d-A819-9D914191AE92} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E99D4D0C-EB54-46AF-B62A-3AA1F31D53E5} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{E99D4D0C-EB54-46AF-B62A-3AA1F31D53E5} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\VideoExtension -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2724E072-19D0-486d-A819-9D914191AE92} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\vsmart -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960640836-1121682473-4113313429-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960640836-1121682473-4113313429-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2724E072-19D0-486D-A819-9D914191AE92} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960640836-1121682473-4113313429-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960640836-1121682473-4113313429-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E99D4D0C-EB54-46AF-B62A-3AA1F31D53E5} -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\msdn.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\WINDOWS\mssmart.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\WINDOWS\privacy_danger -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\WINDOWS\privacy_danger\images -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\WINDOWS\privacy_danger\images\capt.gif -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\WINDOWS\privacy_danger\images\danger.jpg -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\WINDOWS\privacy_danger\images\down.gif -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\WINDOWS\privacy_danger\images\spacer.gif -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\WINDOWS\privacy_danger\index.htm -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\WINDOWS\tlhelp.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\WINDOWS\vsmart.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\WINDOWS\wowsupport.dll -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\mssmart -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Documents and Settings\KILLIAN WEINSTOCK\Cookies\killian__weinstock@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\KILLIAN WEINSTOCK\Cookies\killian__weinstock@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\KILLIAN WEINSTOCK\Cookies\killian__weinstock@navrcholu[1].txt -> TrackingCookie.Navrcholu : Cleaned.
C:\Documents and Settings\KILLIAN WEINSTOCK\Cookies\killian__weinstock@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\KILLIAN WEINSTOCK\Cookies\killian__weinstock@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.


::Report end



PANDA ACTIVESCAN LOG
-------------------------------
Incident Status Location

Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15-3.inf
Dialer:dialer.su Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\Switch
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NIRCMD.EXE
Virus:Trj/Agent.FAY Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\My Documents\My Chat Logs\SetupImvu_full.exe[CallStack_release.dll]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Desktop\ComboFix.exe[ComboFixT\nircmd.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Desktop\SmitfraudFix.zip[SmitfraudFix/restart.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Desktop\SmitfraudFix\SmitfraudFix\RESTART.EXE
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Cookies\killian__weinstock@stats.drivecleaner[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Cookies\killian__weinstock@drivecleaner[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Cookies\killian__weinstock@www.drivecleaner[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Cookies\killian__weinstock@i.screensavers[2].txt
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\16\4e807890-4dc1179b[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\16\4e807890-4dc1179b[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\16\4e807890-4dc1179b[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\16\4e807890-4dc1179b[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\38\458ac9a6-425fc4c0[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\38\458ac9a6-425fc4c0[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\38\458ac9a6-425fc4c0[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\38\458ac9a6-425fc4c0[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\42\687af3ea-61db5bbc[Matrix.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\42\687af3ea-61db5bbc[Counter.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\42\687af3ea-61db5bbc[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\42\687af3ea-61db5bbc[Parser.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\60\3bd7e57c-48e04943[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\60\3bd7e57c-48e04943[Installer.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\60\3bd7e57c-48e04943[NewSecurityClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\CACHE\6.0\60\3bd7e57c-48e04943[NewURLClassLoader.class]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\# Installs\Security - FW, AV, malware\Combofix\ComboFix.exe[ComboFixT\nircmd.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\# Installs\Security - FW, AV, malware\EWIDO\smitRem 20051214.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\# Installs\Security - FW, AV, malware\Smitfraudfix\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Virus:Trj/Shutdown.Z Disinfected C:\# Installs\Security - FW, AV, malware\Smitfraudfix\SmitfraudFix.zip[SmitfraudFix/restart.exe]

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, June 03, 2007 2:26:13 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 3/06/2007
Kaspersky Anti-Virus database records: 336602
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 64611
Number of viruses found: 7
Number of infected objects: 20
Number of suspicious objects: 0
Duration of the scan process: 00:30:42

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\drivers\sptd4509.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Temp\ZLT03ae4.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT03ae7.TMP Object is locked skipped
C:\WINDOWS\Temp\CLML_AGENT_LOG1.txt Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_d4.dat Object is locked skipped
C:\WINDOWS\Temp\sqlite_XaVhEg8hyD2udah Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_b10.dat Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{126B34E0-E201-419D-9EE0-4E4F280F37F4}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\WARDELL-A7C1087.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Temp\Perflib_Perfdata_ce4.dat Object is locked skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Temp\Perflib_Perfdata_914.dat Object is locked skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Temp\Perflib_Perfdata_860.dat Object is locked skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Temp\Perflib_Perfdata_f50.dat Object is locked skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Temp\~DFF2AF.tmp Object is locked skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\History\History.IE5\MSHist012007060320070604\index.dat Object is locked skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Application Data\ApplicationHistory\Acer.Empowering.Framework.Launcher.exe.7c55249b.ini.inuse Object is locked skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Application Data\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse Object is locked skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Application Data\Acer Arcade\Log\Trace20070603.log Object is locked skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4dc1179b/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4dc1179b/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4dc1179b/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\16\4e807890-4dc1179b ZIP: infected - 3 skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-425fc4c0/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-425fc4c0/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-425fc4c0/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\38\458ac9a6-425fc4c0 ZIP: infected - 3 skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\42\687af3ea-61db5bbc/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\42\687af3ea-61db5bbc/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\42\687af3ea-61db5bbc/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\42\687af3ea-61db5bbc ZIP: infected - 3 skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\60\3bd7e57c-48e04943/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\60\3bd7e57c-48e04943/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\KILLIAN WEINSTOCK\Application Data\Sun\Java\Deployment\cache\6.0\60\3bd7e57c-48e04943 ZIP: infected - 2 skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\L0000005.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\storydb.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KILLIAN WEINSTOCK\Data\prs.idx Object is locked skipped
C:\# Installs\Security - FW, AV, malware\Smitfraudfix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\# Installs\Security - FW, AV, malware\Smitfraudfix\SmitfraudFix.zip ZIP: infected - 1 skipped

Scan process completed.


Logfile of HijackThis v1.99.1
Scan saved at 2:28:33 PM, on 3/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\avgamsvr.exe
C:\PROGRA~1\AVG\avgupsvc.exe
C:\PROGRA~1\AVG\avgemc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\avgcc.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\KILLIAN WEINSTOCK\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/hp/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVG\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: services.lnk = ?
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\KILLIAN WEINSTOCK\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by133fd.bay13...es/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoe...ggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A71D21E1-4EFD-495F-9275-943AF02C689A}: NameServer = 203.12.160.35,203.12.160.36
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe



Thanks for your assistance.

Edited by nasdaq, 09 June 2007 - 09:15 AM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 06 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 zemaria

zemaria

    Member

  • New Member
  • Pip
  • 1 posts

Posted 06 June 2007 - 03:42 PM

Go to the Windows register and erase the key that contains link below:

file:///C:/WINDOWS/privacy_danger/index.htm

After that restart the computer!!!

#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 09 June 2007 - 09:16 AM

Hello,

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Please change the location of HijackThis.exe.
Create a new folder in your C: Drive
Name it C:\HJT or HijackThis and move the HijackThis.exe file in it.
It's best for this tool NOT TO be located in your Desktop or in a TEMP folder.
This way you can undo any changes if something goes wrong and will prevent the tool placing shortcuts on your Desktop.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/hp/
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)


Click on Fix Checked when finished and exit HijackThis.

Restart the computer normally to reset the registry.

Download this file - combofix.exe

and save it to your desktop (Important). Also save the below command in Notepad as a text file so that you can copy/paste in safe mode.

"%userprofile%\desktop\combofix.exe"

Boot into safe mode by tapping the F8 key just before Windows starts to load.

go to start --> run and copy/paste in the following:

"%userprofile%\desktop\combofix.exe"

When finished, it shall produce a log for you. Save it and post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

In your next post, please include
  • new hijackthis log
  • combofix log
*use separate posts to ensure the logs don't get cut off!
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 GenericUser

GenericUser

    Member

  • New Member
  • Pip
  • 1 posts

Posted 19 June 2007 - 06:37 PM

I am having this exact same problem as we speak. I have been running AVG Anti-Spyware and Ad-Aware repeatedly all day in an attempt to remove all traces of this pest, but the file 'privacy_danger' keeps returning to my Windows folder.

I have replied to this topic because it did not appear to be very old, and I am in desperate need of help, just as the user above is.

#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 20 June 2007 - 07:40 AM

GenericUser

Please read this article and follow the protocol.
http://forums.spywar...showtopic=23382

Please START YOUR OWN TOPIC. DO NOT POST IN SOMEONE ELSE'S TOPIC!

Then submit a fresh HijackThis log. It's the only way we can give you sound advice.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 01 July 2007 - 08:08 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button