Jump to content


Photo

5 Malwares of Fun


  • Please log in to reply
5 replies to this topic

#1 Eos

Eos

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 17 June 2004 - 09:45 AM

Alright. Long story short, I stopped using Mozilla firebird for one night (in antcipation for .9) and used IE. I was overjoyed when I found all the malware that I received. I love presents!

My first stop was Housecall by Trend Micro. Sure enough IE crashes when I go there. No worries, right? I load Housecall on Firefox. It tells me to download a program designed for netscape based browsers so housecall will work. This file will not recognize my firefox plugins folder as my 'plugins' folder. So I bite the bullet. I download netscape. Get to the same program page. Download it, it won't recognize my plugins folder. It won't install in any directory either. So Housecall is out.

I download CWShredder. Run it. Fix what I can. Problem is still there.

I download HijackThis. Run it. Fix what I can. Problem is still there (Log posted at the end of the post).

I download Ad-Aware. Run it. Fix what I can. Problem is still there.

I go to Mcafee.com and run their free scan (you know that annoying one that just tells you what's wrong). I get this fun list of problems:
Exploit-MhtRedir.gen
JS/Exploit-DialogArg.b
VBS/Psyme
Exploit-ObjectData
Exploit-IFrame


I search the web but only find updates for mcafee or norton to get rid of these problems.

Housecall won't work, so I download the trial version of pc-cillin. It doesn't find one 'problem' on my computer. Great.

List of fun things that happen:
IE Loads slowly
Pop Up Ads
Crashes
Changed Homepage to a local file

So what's a mate to do? I eagerly await your response.

Here's my HijackThis log:

Logfile of HijackThis v1.97.7
Scan saved at 10:22:34 AM, on 6/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\javarb.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\apiym.exe
C:\WINDOWS\system32\d3qo32.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Valhalla\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hrrwi.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://hrrwi.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://hrrwi.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hrrwi.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://hrrwi.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hrrwi.dll/sp.html#96676
O2 - BHO: (no name) - {381988C0-977D-2B6F-F8DB-298FF4DB7FEB} - C:\WINDOWS\d3bg32.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [javarb.exe] C:\WINDOWS\system32\javarb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKLM\..\RunOnce: [d3qg32.exe] C:\WINDOWS\system32\d3qg32.exe
O4 - HKLM\..\RunOnce: [d3qo32.exe] C:\WINDOWS\system32\d3qo32.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...38109.861087963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...367/mcfscan.cab

-Eos (pzofrenik@yahoo.com)

#2 Eos

Eos

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 17 June 2004 - 04:32 PM

Just bumping

#3 Eos

Eos

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 18 June 2004 - 12:00 AM

Help?

#4 Eos

Eos

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 18 June 2004 - 10:57 AM

Please?

#5 Eos

Eos

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 20 June 2004 - 01:01 AM

I quit. This is ridiculous.

#6 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 20 June 2004 - 01:06 AM

Do you quite or would you like help? I also suggest, before getting frustrated, that you read the pinned topics - They are there for a reason. If you would still like help, please post an update HijackThis log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button