• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
TomGreen

Help with VX2 - Autodad

12 posts in this topic

Thanks for the quick response, by the way! Here is the requested info.

I'm posting in response to this post: http://forums.spywareinfo.com/index.php?sh...t=0entry56726.

 

 

Logfile of HijackThis v1.98.0

Scan saved at 12:33:00 PM, on 7/13/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NavNT\vptray.exe

C:\WINDOWS\System32\sstray.exe

C:\WINDOWS\System32\zojvjp.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\NavNT\defwatch.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\MsgSys.EXE

C:\Program Files\Kazaa Lite\kazaa.kpp

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.drudgereport.com/

R3 - Default URLSearchHook is missing

O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Windows Services] wsz32.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [fyzjta] C:\WINDOWS\System32\zojvjp.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\RunServices: [Windows Services] wsz32.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab

O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/partner...lim/install.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5BD9E7D7-D102-4781-95CB-A450171C167E}: NameServer = 192.168.0.1,138.237.128.3

 

 

And:

 

 

Log for VX2.BetterInternet File Finder (msg126)

 

Files Found---

 

Additional Files---

 

Keys Under Notify---crypt32chain

Keys Under Notify---cryptnet

Keys Under Notify---cscdll

Keys Under Notify---NavLogon

Keys Under Notify---ScCertProp

Keys Under Notify---Schedule

Keys Under Notify---sclgntfy

Keys Under Notify---SensLogn

Keys Under Notify---termsrv

Keys Under Notify---wlballoon

 

 

Guardian Key--- is called:

 

User Agent String---

Edited by TomGreen

Share this post


Link to post
Share on other sites

Hi TomGreen,

 

Click Start, click Control Panel, and then double-click Add or Remove Programs "Change or Remove Programs"

and Remove Twain-Tech (if there)

_______

 

Next, go to Task Manager (Ctrl + Alt + Delete) and click on "Processes" then "End Process" for this:

 

zojvjp.exe

 

Then close Task Manager.

________

 

Then, open Hijackthis, click Scan, then put a check next to the following entries:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

 

R3 - Default URLSearchHook is missing

 

O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll

 

O4 - HKLM\..\Run: [Windows Services] wsz32.exe

O4 - HKLM\..\Run: [fyzjta] C:\WINDOWS\System32\zojvjp.exe

O4 - HKLM\..\RunServices: [Windows Services] wsz32.exe

 

O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/partner...lim/install.cab

 

 

Now, Close all open Windows and browsers (have only HJT open) and click "Fix Checked".

 

Then, reboot to safe mode (tap F8 while restarting) and delete this file:

 

C:\WINDOWS\System32\zojvjp.exe

 

You may have to show hidden files:

 

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

 

Then, reboot normally.

 

Download a Free Trial of Trojan Hunter at http://www.misec.net/products/TrojanHunter.exe first.

Next, take a free Online Virus scan at http://housecall.trendmicro.com or http://www3.ca.com/virusinfo/virusscan.aspx.

After this, Reboot and please post a fresh HijackThis log.

Share this post


Link to post
Share on other sites

Alrighty, the Trojan detector found 19 trojans, and the virus thing found 6 viruses (even though I have Norton's - guess that shows how usefull Norton's is!). Here's the HJT log after following all the instructions! Thanks again.

 

 

Logfile of HijackThis v1.98.0

Scan saved at 10:44:58 PM, on 7/13/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\Program Files\NavNT\defwatch.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\NavNT\vptray.exe

C:\WINDOWS\System32\sstray.exe

C:\Program Files\NavNT\rtvscan.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\MsgSys.EXE

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.drudgereport.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5BD9E7D7-D102-4781-95CB-A450171C167E}: NameServer = 192.168.0.1,138.237.128.3

Share this post


Link to post
Share on other sites

Your log looks good. Do you still have your concern?

 

Here is some free protection you should consider:

Download and install:

 

SpywareBlaster will block bad ActiveX and malevolent cookies.

 

IESPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

 

Check for updates occaisionally.

 

And also see So how did I get infected in the first place?

Share this post


Link to post
Share on other sites

Well, last night I didn't have any concerns because I didn't get any pop-ups. Today I opened a browser and got 2 pop ups. :(

Share this post


Link to post
Share on other sites

One other thing that I noticed just now - there are .dll files from Twain in my C: Windows file. I try to delete them and they go away for a second, then reappear.

 

 

I just ran adaware and found, I think 41 files. I deleted them and then ran spybot. It found VX2/f. :grrr: Stupid stupid stupid spyware.

 

I was going to post another HJT log, but I'm not sure if you need one.

Edited by TomGreen

Share this post


Link to post
Share on other sites

Hi TomGreen,

 

Yes, please post a new HJT log. This entry, shows that msconfig is on, and indicates you are using selective/diagnostic startup.

 

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

 

If you have anything disabled in MSconfig, please re-enable all, before you run HJT.

Start>Run>type 'msconfig' (no quotes) and select "Normal" for start mode..

Then Reboot and post a new HijackThis log.

Share this post


Link to post
Share on other sites

Ok, changed that setting to normal in msconfig, and here's the HJT log after restart.

 

Logfile of HijackThis v1.98.0

Scan saved at 4:56:24 PM, on 7/15/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\NavNT\defwatch.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\MsgSys.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\NavNT\vptray.exe

C:\WINDOWS\System32\sstray.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.drudgereport.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5BD9E7D7-D102-4781-95CB-A450171C167E}: NameServer = 192.168.0.1,138.237.128.3

Share this post


Link to post
Share on other sites

Hello TomGreen,

 

Your log looks clean.

As for the files that Ad-aware finds, are they tracking cookies? Does Ad-aware also find VX2/f ?

If VX2/f only shows in Spybot, it may be a false positive. Take a look at this link, and see if it applies to you.

 

http://forums.net-integration.net/index.php?showtopic=19521

 

Now, as for the "2 pop ups" that you received when you opened your browser. Your homepage http://www.drudgereport.com/ does have pop-ups.

I disabled my pop-up blocker, then went to http://www.drudgereport.com/ and got a pop-up.

You can try to use a different homepage, or use a pop-up stopper. I use EMS Free Surfer mk II when on IE. You can also get Mozilla Firefox and use that as your browser. That blocks many pop-ups, among other security 'advantages'.

Let us know how you make out.

Share this post


Link to post
Share on other sites

The one's that showed up in adaware aren't appearing anymore, but the one in spybot is still appearing.

 

Here are my Spybot logs:

 

VX2/f: Settings (Registry key, nothing done)

HKEY_LOCAL_MACHINE\Software\Vendor

 

VX2/f: Settings (Registry key, nothing done)

HKEY_USERS\S-1-5-21-1275210071-436374069-839522115-1003\Software\MxTarget

 

 

--- Spybot - Search && Destroy version: 1.3 ---

2004-07-09 Includes\Cookies.sbi

2004-07-09 Includes\Dialer.sbi

2004-07-09 Includes\Hijackers.sbi

2004-07-09 Includes\Keyloggers.sbi

2004-05-12 Includes\LSP.sbi

2004-07-09 Includes\Malware.sbi

2004-07-09 Includes\Revision.sbi

2004-07-02 Includes\Security.sbi

2004-07-09 Includes\Spybots.sbi

2004-07-09 Includes\Tracks.uti

2004-07-09 Includes\Trojans.sbi

 

Even after I delete these (sometimes go in there manually through Regedit), they still reappear. This doesn't really bother me, I just read somethings about the VX2 and how it logs your information and sends it to servers. That kind of made me freak out, not so much pop-ups. And on the note of the pop-ups, I am still kind of ignorant to how they work, but is it normal for them to open up even when you aren't clicking on a link? I'll be in a game with IE open and all of a sudden, it minimizes my game and opens some pop-ups. I think it was on drudgereport, so that might be the problem right there.

 

Thanks so much for helping me out man.. I'm still learning what all of this is about.

Share this post


Link to post
Share on other sites

Hi

Your Spybot log looks just like the one in the link I showed you. I would just ignore it for now, and check for updates, as they are aware of it.

 

As for the pop-ups, I'm not much of a gamer, so I don't use that site. Try using Firefox (it's free) as your browser, and see if you still get them.

 

Also, here is some free protection you should consider:

Download and install:

 

SpywareBlaster will block bad ActiveX and malevolent cookies.

 

IESPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

 

Check for updates occaisionally.

 

And also see So how did I get infected in the first place?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0