• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
NoRegister

Casino Palazzo & other problems as well

6 posts in this topic

I have that Casino problem where it pops up a window and sticks an icon on my desktop. Also I experience general slowdown of my system and other popups, such as http://easysearch.cc/top_today_search.html.

 

I also get a popup from "Windows File Protection" that tells me I'm infected with "SubSearch," "MoneyTree," "Aornum," and "Win32/Aspam. Trojan." It asks if I want to find out how to get rid of it, and then it takes me to an MSN search page with "spyware" as the search.

 

I also get shortcuts added to my favorites: BEST SEARCH, CASINO, Easy Search, GIFT CERTIFICATE, Pop Up Blocker, Spyware Removal, VIAGRA, Web HOSTING.

 

I started with Ad-Aware, but no matter what process I took, trying to kill these things at every step, they always come back. I also saw someone else's thread about the Casino problem and found the telnetxp.exe file with the same icon. I deleted it, ran ad-aware, reset, ran ad-aware, and everything seemed fine. Until the Casino problem came back again, which means there's something still infected. I have McAfee as well, but it's stopped working, it crashes on load-up (I have tried re-installing countless times) - also, I use ATI File Player to watch avi files and it's stopped working (it freezes on load-up). So I'm hoping someone can help me out here to find all the stuff that's screwing me up, I deleted telnetxp.exe again, and here's the HijackThis info:

 

Logfile of HijackThis v1.98.0

Scan saved at 6:29:52 AM, on 01/07/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\ATI2EVXX.EXE

C:\PROGRAM FILES\WMPCI54G WLAN MONITOR\WMP54G.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE

C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE

C:\WINDOWS\SYSTEM\USBMONIT.EXE

C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE\OPWARE32.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE

C:\PROGRAM FILES\IRIVER\IHP100\IHPDETECT.EXE

C:\WINDOWS\CY_BG.EXE

C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\TASKMGN.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\TRILLIAN\TRILLIAN.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\NOTEPAD.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

E:\UTILS\INTERNET\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {98DBBF16-CA43-4c33-BE80-99E6694468A4} - C:\WINDOWS\SYSTEM\MSMK.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe

O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\SYSTEM\USBMonit.exe

O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [iHP-100] C:\PROGRAM FILES\IRIVER\IHP100\IHPDETECT.EXE

O4 - HKLM\..\Run: [CY_BG] C:\WINDOWS\CY_BG.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe

O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe

O4 - HKLM\..\RunServices: [WMLAN54G.exe] C:\Program Files\WMPCI54G WLAN Monitor\WMP54G.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAM FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLL

O9 - Extra button: AOL Instant Messenger - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: ChatSpace Full Java Client 4.0.0.301 - http://63.102.226.240:8000/Java/cfs40301.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = 207.102.93.157,207.194.28.230

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 207.102.93.157,207.194.28.230

Edited by NoRegister

Share this post


Link to post
Share on other sites

Can't anyone help me?

 

Everytime I boot I scan with ad-aware, and I usually come up clean. Then I start IE, and the Casino pop-up appears and places a shortcut on my desktop and a bunch of bookmarks in my IE Favorites. I clean out the bookmarks, run ad-aware again, delete the desktop shortcut, and delete the file telnetxp.exe like I saw in someone else's thread. Then about 1/2 an hour later, if I'm using IE, it comes back. So there must be something else from the log file that is keeping this thing coming back.

Share this post


Link to post
Share on other sites

Since more people are having the same problem, will one of the admins around here please help us with this problem? Sorry, is there something I should be doing that I haven't in order to get you to help with this?

 

I have more information to report... I installed SpyBot-S&D on the recommendation of a friend, but that still did not help. It seemed to cut down on some of my problems, but the main problem still remains.

 

Popup of Casino in browser window, addition of icon to desktop, addition of links to Favorites, and lastly appearance of telnetxp.exe. I go through the same steps, delete the links, the icon, the exe, run Spybot-S&D and Ad-Aware, but then it keeps coming back. And then my system slows down because of whatever it's doing, so I have to reboot... and after I reboot, it just pops back up again.

Edited by NoRegister

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0