Jump to content


Photo

Casino Palazzo & other problems as well


  • Please log in to reply
5 replies to this topic

#1 NoRegister

NoRegister

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 01 July 2004 - 09:03 AM

I have that Casino problem where it pops up a window and sticks an icon on my desktop. Also I experience general slowdown of my system and other popups, such as http://easysearch.cc...day_search.html.

I also get a popup from "Windows File Protection" that tells me I'm infected with "SubSearch," "MoneyTree," "Aornum," and "Win32/Aspam. Trojan." It asks if I want to find out how to get rid of it, and then it takes me to an MSN search page with "spyware" as the search.

I also get shortcuts added to my favorites: BEST SEARCH, CASINO, Easy Search, GIFT CERTIFICATE, Pop Up Blocker, Spyware Removal, VIAGRA, Web HOSTING.

I started with Ad-Aware, but no matter what process I took, trying to kill these things at every step, they always come back. I also saw someone else's thread about the Casino problem and found the telnetxp.exe file with the same icon. I deleted it, ran ad-aware, reset, ran ad-aware, and everything seemed fine. Until the Casino problem came back again, which means there's something still infected. I have McAfee as well, but it's stopped working, it crashes on load-up (I have tried re-installing countless times) - also, I use ATI File Player to watch avi files and it's stopped working (it freezes on load-up). So I'm hoping someone can help me out here to find all the stuff that's screwing me up, I deleted telnetxp.exe again, and here's the HijackThis info:

Logfile of HijackThis v1.98.0
Scan saved at 6:29:52 AM, on 01/07/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\WMPCI54G WLAN MONITOR\WMP54G.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE\OPWARE32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
C:\PROGRAM FILES\IRIVER\IHP100\IHPDETECT.EXE
C:\WINDOWS\CY_BG.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\TASKMGN.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\TRILLIAN\TRILLIAN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
E:\UTILS\INTERNET\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {98DBBF16-CA43-4c33-BE80-99E6694468A4} - C:\WINDOWS\SYSTEM\MSMK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\SYSTEM\USBMonit.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [iHP-100] C:\PROGRAM FILES\IRIVER\IHP100\IHPDETECT.EXE
O4 - HKLM\..\Run: [CY_BG] C:\WINDOWS\CY_BG.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [WMLAN54G.exe] C:\Program Files\WMPCI54G WLAN Monitor\WMP54G.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAM FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLL
O9 - Extra button: AOL Instant Messenger ™ - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 4.0.0.301 - http://63.102.226.24...va/cfs40301.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = 207.102.93.157,207.194.28.230
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 207.102.93.157,207.194.28.230

Edited by NoRegister, 01 July 2004 - 09:24 AM.


#2 NoRegister

NoRegister

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 05 July 2004 - 12:44 AM

Can't anyone help me?

Everytime I boot I scan with ad-aware, and I usually come up clean. Then I start IE, and the Casino pop-up appears and places a shortcut on my desktop and a bunch of bookmarks in my IE Favorites. I clean out the bookmarks, run ad-aware again, delete the desktop shortcut, and delete the file telnetxp.exe like I saw in someone else's thread. Then about 1/2 an hour later, if I'm using IE, it comes back. So there must be something else from the log file that is keeping this thing coming back.

#3 helpmeplease1

helpmeplease1

    Member

  • New Member
  • Pip
  • 3 posts

Posted 06 July 2004 - 11:32 AM

Did you find a solution?? I am having the same problem.

#4 joebassili

joebassili

    Member

  • New Member
  • Pip
  • 1 posts

Posted 06 July 2004 - 06:41 PM

I'm having the same exact problem. :(

#5 NoRegister

NoRegister

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 06 July 2004 - 09:06 PM

Since more people are having the same problem, will one of the admins around here please help us with this problem? Sorry, is there something I should be doing that I haven't in order to get you to help with this?

I have more information to report... I installed SpyBot-S&D on the recommendation of a friend, but that still did not help. It seemed to cut down on some of my problems, but the main problem still remains.

Popup of Casino in browser window, addition of icon to desktop, addition of links to Favorites, and lastly appearance of telnetxp.exe. I go through the same steps, delete the links, the icon, the exe, run Spybot-S&D and Ad-Aware, but then it keeps coming back. And then my system slows down because of whatever it's doing, so I have to reboot... and after I reboot, it just pops back up again.

Edited by NoRegister, 06 July 2004 - 09:07 PM.


#6 gasp

gasp

    Member

  • New Member
  • Pip
  • 4 posts

Posted 07 July 2004 - 03:42 AM

The thread in http://www.computerc...ostp226121.html discusses your very problem.

In particular, read the responses by jbrown7711 and brkerez -- one of them should be relevant to your situation.

Hope this helps.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button