• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
scottpope

binace spyware?

2 posts in this topic

I never got badly infected before, please help.

 

I think I got infected by downloaded the update to MsgrPlus, but I'm not certain.

I already ran Spybot and Adaware and CWShredder, and they got rid of one of the Search spyware and something that said keyloggerbut I keep getting my StartupMonitor warning me about a program called "binace" trying to run C:\PROGRA~1\IdleList\Birdwma01.exe which google came up with nothing.

 

Thanks so much,

Scott

 

 

Logfile of HijackThis v1.97.7

Scan saved at 12:36:33 PM, on 7/28/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\SYSTEM32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\Nhksrv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\NavNT\defwatch.exe

C:\Program Files\Expertcity\GoToMyPC\g2svc.exe

C:\Program Files\NavNT\rtvscan.exe

C:\Program Files\uphclean\uphclean.exe

C:\Program Files\Expertcity\GoToMyPC\g2comm.exe

C:\Program Files\Expertcity\GoToMyPC\g2tray.exe

C:\WINNT\Explorer.EXE

c:\progra~1\intern~1\iexplore.exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\NavNT\vptray.exe

C:\WINNT\StartupMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Messenger Plus! 3\MsgPlus.exe

C:\WINNT\MMKeybd.exe

C:\WINNT\System32\taskswitch.exe

C:\Program Files\Netropa\Onscreen Display\OSD.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\PaulB\GetHotmail\GetMail\GetMail.exe

C:\Program Files\ePrompter\ePrompter.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\pope\Desktop\HijackThis.exe

 

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.ufozwkoltst.com/6saMf_omQCv1mOHF2W/fiHzVlWF/GmayYJlqJZFoCtM.html"); (C:\Program Files\Netscape\Users\asdfds\prefs.js)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon

O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

O4 - HKLM\..\Run: [PowerMenu] "%systemroot%\system32\powermenu.exe" -hideself on

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [DellTouch] C:\WINNT\MMKeybd.exe

O4 - HKLM\..\Run: [CoolSwitch] C:\WINNT\System32\taskswitch.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKCU\..\Run: [getmail] "C:\Program Files\PaulB\GetHotmail\GetMail\GetMail.exe"

O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart

O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Zoom In - C:\WINDOWS\web\zoomin.htm

O8 - Extra context menu item: Zoom Out - C:\WINDOWS\web\zoomout.htm

O9 - Extra button: ieSpell (HKLM)

O9 - Extra 'Tools' menuitem: ieSpell (HKLM)

O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)

O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)

O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8111.5059722222

O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Your log is actually clean. The problem you describe with 'binace' sounds like an LOP infection. MessengerPlus, in its various forms has been known to invite LOP. Unless you are really attached to it, I would remove Messenger Plus via Add/Remove Programs.

 

Also, idf you installed PowerMenu, or are aware of it, fine. Here is the log entry: O4 - HKLM\..\Run: [PowerMenu] "%systemroot%\system32\powermenu.exe" -hideself on I am suspicious because of the 'Hide' feature.

 

 

Once you have this done, post a new HiJackThis log in this thread and let me know if there are any other problems.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0