Jump to content


Photo

mediatickets problem grr


  • Please log in to reply
10 replies to this topic

#1 kenshinmuyo

kenshinmuyo

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 11 June 2004 - 09:43 PM

whenever i'm connected to the net, my ie6 goes to some website asking if i want to install mediatickets. i've run ad-aware and cwshredder and nothing works. it also doesn't let me sign into my e-mail at hotmail.com..any help will be appreciated

here is my hijackthis log

Logfile of HijackThis v1.97.7
Scan saved at 10:35:25 PM, on 6/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\navmgrd.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\systemse.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\j2re1.4.2_04\bin\javaw.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Wong\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.animenfo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Microsoft Update] navmgrd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] systemse.exe
O4 - HKLM\..\RunServices: [Microsoft Update] navmgrd.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] systemse.exe
O4 - HKCU\..\Run: [Microsoft Update] navmgrd.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] systemse.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28177.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28177.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8144.8265856481
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{655C969D-BAC9-4892-99D0-8C396FF87205}: NameServer = 198.235.216.110 209.226.175.224

#2 Arm4

Arm4

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 11 June 2004 - 09:48 PM

I am also having this problem... I've tried everything... I think this is a pretty new problem. I have yet to find any perminant solutions. :mellow:

#3 kenshinmuyo

kenshinmuyo

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 11 June 2004 - 11:18 PM

i also typed found some files in "regedit"
it seems to be in a folder called

Search Assistant>ACMru>5603

#4 kenshinmuyo

kenshinmuyo

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 11 June 2004 - 11:37 PM

sorry if i'm posting too much..but while i was trying to fix this problem of mine..a dos window popped up onto my desktop and a few lines of coding scrolled across. way too fast for me to read any of it, and then it disappeared. after that happened my ie6 instantly went to another page asking to dl that mediaticket crap....

#5 LoPhatPhuud

LoPhatPhuud

    Master of Disaster Recovery

  • Emeritus
  • PipPipPipPip
  • 432 posts

Posted 11 June 2004 - 11:58 PM

Log being handled in #privacy
IPB Image Microsoft MVP Windows-Security 2005

Posted Image


When angry count four; when very angry, swear

#6 Arm4

Arm4

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 12 June 2004 - 12:02 AM

..a dos window popped up onto my desktop and a few lines of coding scrolled across. way too fast for me to read any of it, and then it disappeared.

Same thing happend to me a few mins ago!

A dos window opened and said something like...

Can't find files [somefile]
sys32.exe...

Or something... It went away really fast, I couldn't really see either.


When you get done with the log file in #private, please look at my log as well in my post. Please.

#7 LoPhatPhuud

LoPhatPhuud

    Master of Disaster Recovery

  • Emeritus
  • PipPipPipPip
  • 432 posts

Posted 12 June 2004 - 12:05 AM

First:
You are running an outdated and therefore unsafe version of Internet Explorer.
You NEED to upgrade to IE 6.0 SP1
http://v4.windowsupd.../en/default.asp

(Make sure you get the correct language version for your operating system! ).

Next, go to the Windows Update site, and download and install ALL Critical Updates on offer.
That will fix innumerable bugs, update a large number of important system files, and plug many security holes.


You also need to install Windows SP1 and all Critical Updates for Windows.

This step is mandatory if you are to avoid Gaobot, Sasser, and Help file exploits.


I realize this is a long a time consuming process, but it is necessary. It can wait until your log is clean, but no longer.


Second:
1.Download the Hoster from here: http://members.aol.c...dbee/hoster.zip
2. Install the program and run it.
3. Press 'Restore Original Hosts' and press 'OK'
4. Exit Program.


Third:
Before we begin, please be sure that HiJackThis is in its own folder. This will allow us to use backups to restore entries if necessary. I suggest 'c:\program files\hijackthis\' but any folder other than the Desktop or a temporary folder is fine.

Reboot in Safe Mode* and run HiJackThis. <-- IMPORTANT

Check the following items in HijackThis.
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Microsoft Update] navmgrd.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] systemse.exe
O4 - HKLM\..\RunServices: [Microsoft Update] navmgrd.exe
O4 - HKCU\..\Run: [Microsoft Update] navmgrd.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] systemse.exe


Close all windows except HijackThis and click Fix checked:

While still in Safe Mode*, delete the following: (you may need to show hidden files**)
C:\WINDOWS\UpdReg.EXE
C:\Windows\System32\navmgrd.exe
C:\Windows\System32\systemse.exe


*How to Boot into Safe mode: http://service1.syma...001052409420406
**Show hidden files/folders as per the instructions here http://www.tacktech....ay.cfm?ttid=190

Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.

Reboot in normal mode.

Post another HiJackThis log in this thread for review.

Edited by LoPhatPhuud, 12 June 2004 - 12:44 AM.

IPB Image Microsoft MVP Windows-Security 2005

Posted Image


When angry count four; when very angry, swear

#8 kenshinmuyo

kenshinmuyo

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 12 June 2004 - 12:58 AM

here's my second log, i couldn't finish updating my windows because it crapped out on my half way

Logfile of HijackThis v1.97.7
Scan saved at 2:03:18 AM, on 6/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.animenfo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] systemse.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28177.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28177.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8144.8265856481
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{655C969D-BAC9-4892-99D0-8C396FF87205}: NameServer = 198.235.216.110 209.226.175.224

#9 LoPhatPhuud

LoPhatPhuud

    Master of Disaster Recovery

  • Emeritus
  • PipPipPipPip
  • 432 posts

Posted 12 June 2004 - 01:04 AM

At last, your system is clean and free of spyware! Want to keep it that way?

Here are some simple steps you can take to reduce the chance of infection in the future.



1. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

2. Download and install the following free programs]
a. SpywareBlaster: http://www.javacools...areblaster.html
b. SpywareGuard: http://www.wildersse...ywareguard.html
c. IE/Spyad: http://www.staff.uiu...es/resource.htm

1. Install Spyware Detection and Removal Programs:
You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.
a. AdAware: http://www.lavasoft.de/
b. Spybot S&D: http://security.koll...n&page=download


For more information about Spyware, the tools available, and other informative material, including information on how you may have been infected in the first place, please check out this link: http://forum.gladiat...?showtopic=9857
IPB Image Microsoft MVP Windows-Security 2005

Posted Image


When angry count four; when very angry, swear

#10 kenshinmuyo

kenshinmuyo

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 12 June 2004 - 01:15 AM

thx for the help, and arm4, goodluck ^^

#11 Arm4

Arm4

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 12 June 2004 - 01:18 AM

Thanks for the luck, kenshinmuyo. Hope it stays away for you.

Its reassuring to see that there IS a solution!

Me next, LoPhatPhuud?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button