Jump to content


Photo

Infamous downloader problem


  • Please log in to reply
3 replies to this topic

#1 raymonds

raymonds

    Member

  • New Member
  • Pip
  • 3 posts

Posted 30 June 2004 - 09:24 PM

Could on eof the pros plese read my log? Computer seems to be getting worse. Not even using it, and it just keeps going.
Thanks!!


Help! :eek:
I have read the FAQ and tried and done all of the suggestions. New items keep appearing on the desktop. Infamous downloader seems to be the big issue. But I don't know what to remove from the log to fix it. It all seemed to start from a daily horoscope program that started this afternoon. Thanks!




Logfile of HijackThis v1.98.0
Scan saved at 8:42:00 PM, on 06/30/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\GWMDMMSG.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TEMP\FSG_TMP\GINST_001_1234_4201.EXE
C:\WINDOWS\TEMP\1UQ.EXE
C:\ACCESS\ACCESS COMMUNICATIONS MANAGER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\ACCESS\DASHBOARD\AFMDDBRD.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\HELP\UTILURL.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R3 - Default URLSearchHook is missing
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [upkb] C:\WINDOWS\upkb.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [1uq] C:\WINDOWS\TEMP\1UQ.EXE
O4 - HKLM\..\Run: [mswspl] C:\WINDOWS\DESKTOP\INFAMOUS_DOWNLOADER.EXE
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE
O4 - HKLM\..\Run: [UTILURL] C:\WINDOWS\HELP\UTILURL.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" "+b1"
O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
O4 - Startup: access communications manager startup.lnk = C:\access\Access Communications Manager Startup.exe
O4 - Startup: Access DashBoard.lnk = C:\access\dashboard\PreDB.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {6F0C8A3E-8B0D-11D2-801B-00105AA78F4A} (CobAgent Class) - http://ecare2.netopi...ed/cobAgent.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab

Edited by raymonds, 02 July 2004 - 06:11 AM.


#2 raymonds

raymonds

    Member

  • New Member
  • Pip
  • 3 posts

Posted 01 July 2004 - 05:54 AM

:wtf:

Every time I go back to the computer, more icons have been added to the desktop. The lastest is a link for a free travel voucher (no -- I did not click on it)

#3 Rootkit

Rootkit

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 01 July 2004 - 06:16 AM

Hi,raymonds

Will here is what i see in your Logfile but
please do not remove anything tell one of
the pros have a look at this for you

R3 - Default URLSearchHook is missing


O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [1uq] C:\WINDOWS\TEMP\1UQ.EXE
O4 - HKLM\..\Run: [mswspl] C:\WINDOWS\DESKTOP\INFAMOUS_DOWNLOADER.EXE
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SYSUPD.EXE<--maybe a Virus

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Could you also do this please

Symantec
TrendMicro
A2 Trojan Scan

Gday :wave:

#4 raymonds

raymonds

    Member

  • New Member
  • Pip
  • 3 posts

Posted 02 July 2004 - 06:19 AM

*bump




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button