• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
SuzyQ

Fake System Alert Popups advertising antispyware

4 posts in this topic

Help! I’ve tried all the scans (spybot, avg, adaware, etc.) and nothing is working. I keep getting these pop-ups that look like System Alerts – first a red triangle with a white exclamation point flashes in the system tray and gives a “System Alert” that says:

 

“System detected virus activities. These may impact the performance of your computer. Please use recommended spyware software to protect your computer from parasite programs”

 

Then I get a pop-up “Malware Alert” that says:

 

“Warning! Trojan Adware.W32.ExpDwnldr spyware detected. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This also prompts advertising popups. This process is a security risk and should be removed from your system.

Type: Trojan Horse

System Affected: Windows 98, 2000, NT, ME, XP

Security Risk(0-5): 4

Recommendations: Click Yes to get all available antispyware software.”

 

I always click no – but if I click yes it launches a web browser that wants me to download their antispyware.

 

Also, upon startup, icons appear on my desktop even though I try and delete them:

Privacy Protector, Spyware&Malware Protection, & Error Cleaner.

 

I also get a popups that looks like a system alerts that talk about registry clean-up and ones that talk about speeding up my computer (which of course is responding very sloooow right now!). They both launch web browsers that take me to these various tools – Error Cleaner, PC Turbo, PC Privacy Tool, winantivirus, etc..

 

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 9:04:39 AM, on 5/30/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Softex\OmniPass\Omniserv.exe

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

C:\Program Files\Microsoft Office97\Office\OSA.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Owner\Desktop\Spyware Downloads\HiJackThis_v2.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS10

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus9.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/hp/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [uycncxzb] C:\WINDOWS\System32\lpppgitd.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office97\Office\FINDFAST.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office97\Office\OSA.EXE

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Renee

O17 - HKLM\Software\..\Telephony: DomainName = Renee

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Renee

O20 - AppInit_DLLs:

O21 - SSODL: iedns - {2B248AEC-7591-472D-8531-D6569A8E3F20} - C:\WINDOWS\iedns.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

 

--

End of file - 7798 bytes

 

 

 

 

From AVG - this is all the report saved:

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 8:49:18 AM 5/30/2007

 

+ Scan result:

 

 

 

C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP7\A0001457.dll -> Adware.HotBar : Cleaned with backup (quarantined).

 

 

::Report end

 

 

 

****************************************

****************************************

UPDATE 6/2/2007

 

Well, I ran all the scans again - picked up a few things here and there. BitDefender seemed to pick up quite a few trojans (log below). But, I think what really ended up fixing the issue was SmitfraudFix. It completely eliminated the popups and the recurring icons on the desktop.

 

Here are some current logs in case you'd like to take a look...

 

SmitFraudFix v2.190

Scan done at 17:00:42.46, Sat 06/02/2007

Run from C:\Documents and Settings\Owner\Desktop\Spyware Downloads\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\iedns.dll Deleted

C:\WINDOWS\msdns.dll Deleted

C:\DOCUME~1\Owner\Desktop\Error Cleaner.url Deleted

C:\DOCUME~1\Owner\Desktop\Privacy Protector.url Deleted

C:\DOCUME~1\Owner\Desktop\Spyware?Malware Protection.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5CB9AAFB-AE22-400A-88FE-C519529EC10B}: DhcpNameServer=66.75.160.15 66.75.160.16

HKLM\SYSTEM\CS1\Services\Tcpip\..\{5CB9AAFB-AE22-400A-88FE-C519529EC10B}: DhcpNameServer=66.75.160.15 66.75.160.16

HKLM\SYSTEM\CS3\Services\Tcpip\..\{5CB9AAFB-AE22-400A-88FE-C519529EC10B}: DhcpNameServer=66.75.160.15 66.75.160.16

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=66.75.160.15 66.75.160.16

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=66.75.160.15 66.75.160.16

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=66.75.160.15 66.75.160.16

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 7:16:12 PM, on 6/2/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Softex\OmniPass\Omniserv.exe

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\wdfmgr.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe

C:\Program Files\Microsoft Office97\Office\OSA.EXE

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Spyware Downloads\HiJackThis_v2.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office97\Office\FINDFAST.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office97\Office\OSA.EXE

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Renee

O17 - HKLM\Software\..\Telephony: DomainName = Renee

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Renee

O20 - AppInit_DLLs:

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx2\PXAgent.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

 

--

End of file - 7630 bytes

 

 

Bitdefender

BitDefender Online Scanner

Scan report generated at: Sat, Jun 02, 2007 - 19:02:34

Scan path: A:\;C:\;D:\;E:\;F:\;

 

Engine build

AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

 

C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP108\A0019979.exe

Infected with: Trojan.Killapp.30208.A

C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP108\A0019979.exe

Disinfection failed

C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP108\A0019979.exe

Deleted

C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP7\A0001132.dll=>(Quarantine-2)

Infected with: Trojan.Agent.AUQ

C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP7\A0001132.dll=>(Quarantine-2)

Disinfection failed

C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP7\A0001132.dll=>(Quarantine-2)

Deleted

C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP7\A0001133.dll=>(Quarantine-2)

Infected with: Trojan.Juan.G

C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP7\A0001133.dll=>(Quarantine-2)

Disinfection failed

C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP7\A0001133.dll=>(Quarantine-2)

Deleted

C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP7\A0001134.dll=>(Quarantine-2)

Infected with: Trojan.Juan.G

C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP7\A0001134.dll=>(Quarantine-2)

Disinfection failed

C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP7\A0001134.dll=>(Quarantine-2)

Deleted

C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP7\A0001135.dll=>(Quarantine-2)

Infected with: Trojan.BHO.AW

C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP7\A0001135.dll=>(Quarantine-2)

Disinfection failed

C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP7\A0001135.dll=>(Quarantine-2)

Deleted

C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP7\A0001136.exe=>(Quarantine-2)

Infected with: Trojan.BHO.AW

C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP7\A0001136.exe=>(Quarantine-2)

Disinfection failed

C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP7\A0001136.exe=>(Quarantine-2)

Deleted

Edited by SuzyQ

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hello,

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Nothing suspicious was found on your last HijackThis log after the Smitfraudfix.

 

Clean the registry.

 

Disable Spyware Doctor:

Please disable Spyware Doctor, as it may interfere with the fix. To disable Spyware Doctor:

  • Click the Spyware Doctor icon in the System Tray.
  • Click Settings.
  • Click Startup Settings under Pick a Category.
  • Uncheck Run at Windows startup.
  • Click Apply and Exit Spyware Doctor

Once your log is clean you can re-enable Spyware Doctor.

 

Disable Microsoft Windows Defender:

We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

  • Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
  • Click on Tools, General Settings.
  • Under Real-time protection options, unselect the Turn on real-time protection check box
  • Click Save

After all of the fixes are complete it is very important that you enable Real-time Protection again.

 

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

 

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O20 - AppInit_DLLs:

 

Click on Fix Checked when finished and exit HijackThis.

 

Restart the computer to reset the registry.

 

Enable the software disabled ealier.

 

Submit a fresh HijackThis log and let me know what probem remains.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0