Jump to content


Photo

spyware, help me


  • Please log in to reply
4 replies to this topic

#1 xenogear

xenogear

    Member

  • New Member
  • Pip
  • 2 posts

Posted 27 May 2004 - 10:18 AM

hello, i have this .dll file that was detected by my adaware as a spyware and im having trouble removing it. the name of the file is "aativeds.dll" and so far i tried to remove it also through running windows xp in safe mode. if you guys were to have any suggestion for me i would be in your debt. thanks in advance.

#2 Daemon

Daemon

    Security Expert

  • Emeritus
  • PipPipPipPipPip
  • 3,350 posts

Posted 27 May 2004 - 04:46 PM

Could you click here to download HijackThis by Merijn Bellekom. Doubleclick the file, click Unzip and it will save the application to C:\HijackThis. Run it from there to scan your computer.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Save the log, Ctrl-A to Select All and post it here for examination. Don't fix anything yet as most of what it lists will be harmless.
Posted Image

#3 xenogear

xenogear

    Member

  • New Member
  • Pip
  • 2 posts

Posted 30 May 2004 - 10:35 PM

Logfile of HijackThis v1.97.7
Scan saved at 11:34:19 PM, on 5/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Program Files\TorrentStorm\TorrentStorm.exe
C:\Program Files\TorrentStorm\Downloader\tor020.exe
C:\Program Files\TorrentStorm\Downloader\tor020.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\iccvid.exe
C:\Documents and Settings\Tanzir\My Documents\My eBooks\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [iccvid] C:\WINDOWS\System32\iccvid.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.st.../soesysinfo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

....here it is....

#4 Daemon

Daemon

    Security Expert

  • Emeritus
  • PipPipPipPipPip
  • 3,350 posts

Posted 31 May 2004 - 03:45 AM

There's no sign of that dll - could you post a full path to it. Some other things to look at - click here, for instructions on how to enable hidden files and folders to be visible. After enabling, find, zip and send this file:

C:\WINDOWS\System32\iccvid.exe

to this e-mail address including a link to this thread in the body of the email.

Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [iccvid] C:\WINDOWS\System32\iccvid.exe

Reboot into safe mode by tapping F8 after the BIOS has loaded, find and delete the following:

C:\Program Files\Common files\WinTools\WToolsA.exe
C:\Program Files\Common files\WinTools\WSup.exe

Reboot back into normal mode, rescan with HJT and post a new log here for a final check over.
Posted Image

#5 Daemon

Daemon

    Security Expert

  • Emeritus
  • PipPipPipPipPip
  • 3,350 posts

Posted 31 May 2004 - 07:43 AM

Thanks for the file - I have checked it and it is a trojan. Please find the file again and this time delete it:

C:\WINDOWS\System32\iccvid.exe

Reboot and post a new HJT log.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button