Jump to content


Photo

Strange Pop-Ups


  • This topic is locked This topic is locked
8 replies to this topic

#1 Bueller

Bueller

    Member

  • New Member
  • Pip
  • 4 posts

Posted 06 July 2004 - 09:19 AM

Hi all, long time browser, first time poster. You guys do some great work on here and I would really appreciate your guidance on this issue. About once an hour or so, I get this popup, even when I am not using the computer:

Posted Image


*Please note that sometimes the "Spyware that has been detected" is different than what is listed in the screenshot. It will throw all kinds of different names of malicious software in there, the dialog boxes usually show different spyware application names each time this pop-up comes up. I am sure I am not infected with anything that the dialog box tells me I am because when you click on yes, it takes me to a MSN search page, with the following URL as its address:

http://likesurfing.c....php?qq=spyware

This is a fake windows message I am sure, however when I have ran Ad-Aware, CWShredder and Spybot S & D, none of them find what I am infected with that is causing this dialog box to come up. (I did update each application before I ran them)

I have pasted my HiJackThis logfile below. Please take a look and see if you can tell what is causing this to happen. Thank you VERY much for your assistance!

Logfile of HijackThis v1.98.0
Scan saved at 11:27:42 PM, on 7/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Registry Clean Expert\RCScheduler.exe
C:\WINDOWS\system32\taskmgn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\D\My Documents\Applications\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 
R3 - Default URLSearchHook is missing
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Core Library - {6CDF3C49-20E6-48d7-811B-9F5DD17F1D90} - C:\WINDOWS\System32\sfg089b.dll
O2 - BHO: (no name) - {85CBFDE0-B26B-4EE5-BD3C-4DE111DE763E} - C:\WINDOWS\System32\winnet.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamp.baben...cabs/videox.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://activex.micro...eb/ikcntrls.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - (no file)

Thank you again. Bueller

#2 Bueller

Bueller

    Member

  • New Member
  • Pip
  • 4 posts

Posted 06 July 2004 - 02:42 PM

I'm bumping this to the first page as I still have no clue what is going on with this error and I am unable to resolve. Your assistance is appreciated.

#3 Bueller

Bueller

    Member

  • New Member
  • Pip
  • 4 posts

Posted 07 July 2004 - 04:39 PM

I fixed it. Thanks for all of your replies, lol. There was some kind of a file that was downloaded somehow called "Taskmgn.exe" (not Taskmgr.exe, the windows file). I am pretty sure that "Taskmgn.exe" came as part of a Casino Palazo hijack I got a few days ago. I thought I had removed all the files, but I missed this one. Taskmgn.exe throws up that "error" in the screen shot at random intervals. If anyone experiences a problem in which you see a similar message, deleting or renaming taskmgn.exe will fix it. If this helps anyone, please post a reply, I am curious as to how many people are stuck with this thing!

Bueller

Edited by Bueller, 07 July 2004 - 04:47 PM.


#4 rip1271

rip1271

    Member

  • New Member
  • Pip
  • 3 posts

Posted 19 July 2004 - 08:34 AM

When this first popped up I took a quick look at the running processes and killed the process/task and then deleted taskmgn.exe. It came back the next day however, and so far I've left it alone assuming there's something else hidden that is regenerating that exe file. Did it stay gone once you had deleted it?

#5 jones4925

jones4925

    Member

  • New Member
  • Pip
  • 2 posts

Posted 20 July 2004 - 04:58 PM

I too, have this pest. This is what I'm experiencing...After I start my computer and log on to the net (this seems to be what triggers the startup), 3 **.exe files start up. They are as follows...taskmgn.exe, authz.exe, and afilvil.exe. I'm not sure of the spelling on that last one. Every time, I end the processes and shred the files. Then the next time I start the computer, there they are again. I assumed they were being regenerated in the prefetch files, so I deleted all prefetch files from the point I first started having this problem. But, they still start when I restart the PC. Just before writing this, I shredded the entire prefetch folder. The jury is still out on whether or not this is going to help. Spysweeper doesn't recognize this. However, I ran a McAfee virus scan and these 3 things popped up as adware and asked if I wanted to remove them. Also, Hijackthis comes back with nothing out of the ordinary and the same goes for CWShredder. Oh yeah, I almost forgot...Spysweeper has that "favorites shield" and it will pop up when the browser is started with a laundry list of crap that I have to choose to remove. This thing is only a small pest to me, since I can shut it down pretty quickly, but it's still a pest.

#6 jones4925

jones4925

    Member

  • New Member
  • Pip
  • 2 posts

Posted 21 July 2004 - 08:11 PM

Well, either deleting the prefetch folder or, more likely, updating my Spysweeper program has killed off this pest.

#7 God

God

    Member

  • New Member
  • Pip
  • 2 posts

Posted 21 September 2004 - 03:06 PM

I get authz, and also some other fishy ones, I get taskmgn, PCMservice, DUMPREP, and many more... :thumbsdown:

#8 mmxx66

mmxx66

    The SWI drummer

  • Retired Staff
  • PipPipPipPipPip
  • 4,412 posts

Posted 21 September 2004 - 07:58 PM

God, please start your own topic.

#9 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 20 December 2004 - 05:12 PM

Due to the time passed without any response in this topic, it will be closed. If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button