Jump to content


Photo

AV programing finding many adware.(name) files


  • Please log in to reply
1 reply to this topic

#1 Celina

Celina

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 06 July 2004 - 03:45 AM

when i run norton 2004 it finds the files adware.iefeats, adware.browseraid, adware.winshow, adware.Ncase, adware.statblaster, adware.winfetch.

also when i run trojanhunter fully updated it finds adware.jdf.100 nbx.100 luxi.100 and wowex

it finds about 12 adware.iefeats files that seems to be the biggest problem

when i run HJT this is everything it tells me

please help this adware stuff is getting insane they install things on my computer without me knowing


Logfile of HijackThis v1.97.7
Scan saved at 1:45:35 AM, on 7/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\appne32.exe
C:\documents and settings\main\local settings\temp\v5I9Y3ZIh.exe
C:\WINDOWS\System32\comsnap735v.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\ipfa.exe
C:\Program Files\TrojanHunter 3.9\THGuard.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32/left.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bypew.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bypew.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\bypew.dll/sp.html#96676
O2 - BHO: (no name) - {75DA5B79-BB0F-7591-1E95-0650631B2DE5} - C:\WINDOWS\system32\ienr.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKLM\..\Run: [appne32.exe] C:\WINDOWS\system32\appne32.exe
O4 - HKLM\..\Run: [ndw] C:\Program Files\ndw\ndw.exe
O4 - HKLM\..\Run: [v5I9Y3ZIh] C:\documents and settings\main\local settings\temp\v5I9Y3ZIh.exe
O4 - HKLM\..\Run: [3TL#F#62GQ3K6N] C:\WINDOWS\System32\YgwaH.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [p77T35V] dgncan.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe"
O4 - HKCU\..\Run: [comsnap735v.exe] "C:\WINDOWS\System32\comsnap735v.exe"
O4 - HKLM\..\RunOnce: [mfcxe32.exe] C:\WINDOWS\mfcxe32.exe
O4 - HKLM\..\RunOnce: [ipfa.exe] C:\WINDOWS\ipfa.exe
O9 - Extra button: AIM (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

#2 808chick

808chick

    SWI Junkie

  • Retired Staff - Helper
  • PipPipPipPip
  • 262 posts

Posted 09 July 2004 - 03:32 AM

Hi Celina,
You are infected with the Peper Trojan. Download Option^Explicit’s PeperFix=http://downloads.sub...rg/PeperFix.exe & save it to your Desktop.
Click Find & Fix.
Reboot, and run PeperFix.exe again.

Next, please update your version of HijackThis. Double click the exe, go to Config > Misc Tools. Hit Check for update online, & then OK.

(NOTE: Be sure you check the header of your log (EX: Logfile of HijackThis v1.97.7) before you post it here. Your updated version should say: Logfile of HijackThis v1.98.0. If your header does not say 1.98.0, download the updated version from here.)

Download About:Buster from either of the following locations.
http://www.atribune....AboutBuster.zip
or
http://tools.zerosre...AboutBuster.zip
Unzip it to your Desktop.

(DO NOT RUN ABOUT: BUSTER YET)

Run your updated HijackThis and post a new log here.

Edited by 808chick, 09 July 2004 - 10:45 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button