Jump to content


Photo

Internet Explorer opens up AUTOMATICALLY


  • Please log in to reply
2 replies to this topic

#1 puskas1978

puskas1978

    Member

  • New Member
  • Pip
  • 1 posts

Posted 16 June 2007 - 12:37 PM

Hello,

As soon as this PC boots up, Internet Explorer opens up 4 screens and tries to go to a website called http://prx.freecj.com/dcc2/stats.html. If I'm connected to the internet when this occurrs, then the site opens up (4 times). If I am not connected to the network, then the browser just comes up 4 times with the "This page cannot be displayed" message.

I have already run Ad-aware and Spy-Bot Search and Destroy. They cleaned up a lot of garbage on the PC, but I still have the browser problem.

I have read this FAQ and followed the directions:

***

Scanning Report
Saturday, June 16, 2007 15:56:55 - 17:10:16
Computer name: ANDRAS
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ F:\ G:\
________________________________________
Result: 14 malware found
Backdoor.Win32.Delf.avh (virus)
• C:\WINDOWS\EXCEL1205.EXE (Renamed & Submitted)
Packed.Win32.Morphine.a (virus)
• C:\WINDOWS\UPDATE.EXE (Submitted)
• C:\WINDOWS\SYSTEM32\IPV6MONR.DLL (Submitted)
• C:\WINDOWS\SYSTEM32\IPV6MONS.DLL (Submitted)
Tracking Cookie (spyware)
• System (Disinfected)
• System
• System
• System
• System
• System
• System
• System
Trojan-Downloader.Win32.Tiny.bm (virus)
• C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\NORTON ANTIVIRUS\QUARANTINE\73A049AE.EXE (Renamed & Submitted)
W32/Dialer.BGUK (virus)
• C:\WINDOWS\WM180GLOBAL.EXE (Submitted)
________________________________________
Statistics
Scanned:
• Files: 28562
• System: 4861
• Not scanned: 2
Actions:
• Disinfected: 1
• Renamed: 2
• Deleted: 0
• None: 11
• Submitted: 6
Files not scanned:
• C:\PAGEFILE.SYS
• C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
________________________________________
Options
Scanning engines:
• F-Secure Libra: 2.4.2, 2007-06-15
• F-Secure AVP: 7.0.171, 2007-06-16
• F-Secure Orion: 1.2.37, 2007-06-15
• F-Secure Blacklight: 1.0.64
• F-Secure Draco: 1.0.35, 0260-23-12
• F-Secure Pegasus: 1.19.0, 2007-05-15
Scanning options:
• Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
• Use Advanced heuristics
________________________________________
Copyright ฉ 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.


***

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Cr้้ เ: 19:33:05 16/06/2007

+ R้sultat de l'analyse:



C:\Program Files\Fichiers communs\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Ignor้.
C:\System Volume Information\_restore{D3905165-9860-4A5E-86B1-AD14A226F470}\RP214\A0061682.exe -> Heuristic.Win32.Dialer : Ignor้.
C:\WINDOWS\wm180global.exe -> Heuristic.Win32.Dialer : Ignor้.


Fin du rapport

***

Logfile of HijackThis v1.99.1
Scan saved at 19:34:46, on 16/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\iemon.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\mLAN Tools\YAMAHA\mLANmanager.exe
C:\Program Files\Secretmaker\secretmaker.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\babi\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O2 - BHO: Web Class - {D03B6018-E880-4A89-99A2-7354FE52DDAE} - C:\PROGRA~1\NLIA\Nlia.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [chkdrv] C:\WINDOWS\iemon.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [NliaClient] C:\Program Files\NLIA\Netpia.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: mLAN Manager.lnk = C:\Program Files\mLAN Tools\YAMAHA\mLANmanager.exe
O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\Secretmaker\secretmaker.exe
O4 - Global Startup: Utilitaire r้seau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'smnsp.dll' missing
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.ka...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1003E71B-93D7-4D89-9D46-5C0DE82EBDA4}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

***

HELP!



___________________________________

Greetz

Andras BABI

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 19 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 thexfiles

thexfiles

    Member

  • New Member
  • Pip
  • 1 posts

Posted 19 June 2007 - 05:37 PM

Same thing happen to me, I dont know where it came from, the only thing i can think of that i did different was downloaded a new browser called Safari 3 from apple, then a apple update, I removed the browser and the update from my add and remove programs, rebooted and BINGO it was gone, so did you by any chance download the same thing?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button