• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
uyeahu

Look2Me Won't Go Away

9 posts in this topic

I've tried and tried to get rid of this problem but it continues to get worse. My work computer has been hijacked by adware and I'm now getting pop-ups at a rate of about 2 per minute. I can't just disconnect from the internet because my job requires that I be available by email and Instant Messenger at all times. This is really becoming a hindrance to my work so I hope one of you will please assist me in getting rid of this stuff.

 

I've run Adaware, spybot blaster, kill2me.exe, cwshredder and fix.reg but the pop ups are back within a few hours at most.

 

My Hijack this log is:

Logfile of HijackThis v1.97.7

Scan saved at 1:20:43 PM, on 6/9/04

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\hidserv.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\regsvc.exe

C:\WINDOWS\system32\MSTask.exe

C:\WINDOWS\system32\stisvc.exe

C:\WINDOWS\System32\WBEM\WinMgmt.exe

C:\WINDOWS\System32\mspmspsv.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\WINDOWS\winhlp32.exe

C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-aware.exe

C:\Program Files\mozilla.org\Mozilla\mozilla.exe

C:\Documents and Settings\Gretchen\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [HPWITOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe "-i"

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Yahoo! Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

 

When I type in: java script:navigator.userAgent

I get: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; {F119E2FC-17D9-413D-B03C-07C8F3451EB9})

 

VX2_BetterInternet finds:

Log for VX2.BetterInternet File Finder

 

Files Found---

C:\WINDOWS\system32\ibseng.dll

C:\WINDOWS\system32\ieseng.dll

C:\WINDOWS\system32\ifseng.dll

C:\WINDOWS\system32\izseng.dll

C:\WINDOWS\system32\meltus40.dll

C:\WINDOWS\system32\mhjtes40.dll

C:\WINDOWS\system32\mijtes40.dll

C:\WINDOWS\system32\mjltus40.dll

C:\WINDOWS\system32\mmltus40.dll

C:\WINDOWS\system32\mujtes40.dll

C:\WINDOWS\system32\mzltus40.dll

C:\WINDOWS\system32\pmdlib32.dll

C:\WINDOWS\system32\pqdlib32.dll

C:\WINDOWS\system32\psdlib32.dll

C:\WINDOWS\system32\pwdlib32.dll

C:\WINDOWS\system32\pzdlib32.dll

C:\WINDOWS\system32\sbmsg.dll

C:\WINDOWS\system32\semsg.dll

C:\WINDOWS\system32\slmsg.dll

C:\WINDOWS\system32\swmsg.dll

C:\WINDOWS\system32\WhLOADER.DLL

C:\WINDOWS\system32\Wj2Robo.dll

C:\WINDOWS\system32\WlVSYN32.DLL

C:\WINDOWS\system32\yccscom.dll

C:\WINDOWS\system32\yecscom.dll

C:\WINDOWS\system32\ykcscom.dll

C:\WINDOWS\system32\yrcscom.dll

C:\WINDOWS\system32\yscscom.dll

C:\WINDOWS\system32\ywcscom.dll

C:\WINDOWS\system32\zaib.dll

C:\WINDOWS\system32\zgib.dll

 

 

Guardian Key--- is called: GuardianCIHDN

Asynchronous 000

DllName C:\WINDOWS\system32\mjltus40.dll

Impersonate 000

Logon WinLogon

Logoff WinLogoff

Version 124

ID {F119E2FC-17D9-413D-B03C-07C8F3451EB9}

IDex BM2

 

User Agent String---

{F119E2FC-17D9-413D-B03C-07C8F3451EB9}

Share this post


Link to post
Share on other sites

Just wanted to add that I had to go into my system32/Drivers/Etc/hosts file for another reason and it was inexplicably blank. So my IT Director had me open another file called hosts.20040503.backup and it had 15 IP redirects in it. We deleted them all and resaved the file as hosts, deleted the hosts.20040503-112554.backup file and now look2me has a fatal error when it tries launch the pop up. Still have the problem with look2me window always popping up though.

 

What was deleted:

 

127.0.0.1 www.igetnet.com

127.0.0.1 code.ignphrases.com

127.0.0.1 clear-search.com

127.0.0.1 r1.clrsch.com

127.0.0.1 sds.clrsch.com

127.0.0.1 status.clrsch.com

127.0.0.1 www.clrsch.com

127.0.0.1 clr-sch.com

127.0.0.1 sds-qckads.com

127.0.0.1 status.qckads.com

127.0.0.1 status.qckads.com

207.36.196.189 auto.search.msn.com

207.36.196.189 search.netscape.com

207.36.196.189 ieautosearch

127.0.0.1 status.qckads.com

Edited by uyeahu

Share this post


Link to post
Share on other sites

My IT guy has given me a new hosts file that seems to be blocking the pop-ups for now, but I'd still like any information you can provide me on how to get rid of this virus entirely.

Edited by uyeahu

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0