• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Eos

5 Malwares of Fun

6 posts in this topic

Alright. Long story short, I stopped using Mozilla firebird for one night (in antcipation for .9) and used IE. I was overjoyed when I found all the malware that I received. I love presents!

 

My first stop was Housecall by Trend Micro. Sure enough IE crashes when I go there. No worries, right? I load Housecall on Firefox. It tells me to download a program designed for netscape based browsers so housecall will work. This file will not recognize my firefox plugins folder as my 'plugins' folder. So I bite the bullet. I download netscape. Get to the same program page. Download it, it won't recognize my plugins folder. It won't install in any directory either. So Housecall is out.

 

I download CWShredder. Run it. Fix what I can. Problem is still there.

 

I download HijackThis. Run it. Fix what I can. Problem is still there (Log posted at the end of the post).

 

I download Ad-Aware. Run it. Fix what I can. Problem is still there.

 

I go to Mcafee.com and run their free scan (you know that annoying one that just tells you what's wrong). I get this fun list of problems:

Exploit-MhtRedir.gen

JS/Exploit-DialogArg.b

VBS/Psyme

Exploit-ObjectData

Exploit-IFrame

 

I search the web but only find updates for mcafee or norton to get rid of these problems.

 

Housecall won't work, so I download the trial version of pc-cillin. It doesn't find one 'problem' on my computer. Great.

 

List of fun things that happen:

IE Loads slowly

Pop Up Ads

Crashes

Changed Homepage to a local file

 

So what's a mate to do? I eagerly await your response.

 

Here's my HijackThis log:

 

Logfile of HijackThis v1.97.7

Scan saved at 10:22:34 AM, on 6/17/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\javarb.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\PROGRA~1\AIM\aim.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\apiym.exe

C:\WINDOWS\system32\d3qo32.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Valhalla\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hrrwi.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://hrrwi.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://hrrwi.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hrrwi.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://hrrwi.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hrrwi.dll/sp.html#96676

O2 - BHO: (no name) - {381988C0-977D-2B6F-F8DB-298FF4DB7FEB} - C:\WINDOWS\d3bg32.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [javarb.exe] C:\WINDOWS\system32\javarb.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

O4 - HKLM\..\RunOnce: [d3qg32.exe] C:\WINDOWS\system32\d3qg32.exe

O4 - HKLM\..\RunOnce: [d3qo32.exe] C:\WINDOWS\system32\d3qo32.exe

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...38109.861087963

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...367/mcfscan.cab

 

-Eos (pzofrenik@yahoo.com)

Share this post


Link to post
Share on other sites

Do you quite or would you like help? I also suggest, before getting frustrated, that you read the pinned topics - They are there for a reason. If you would still like help, please post an update HijackThis log.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0