4 replies to this topic

[jisu009]

I have the SpyAxe/W32.Sinnaka.A@mm problem. I have followed the steps in the "self help" post, however, I am unable to open Ewido. I have tried uninstalling and reinstalling it....it just won't work. It opens briefly and they closes and makes and "error noise." Anyone have any suggestions? Should I post a Hijack this log? Thanks so much for the help! -Jeremy

[jisu009]

ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 11:18:00 PM, 1/4/2006 + Report-Checksum: CCD90170 + Scan result: C:\Documents and Settings\JiSU\Cookies\jisu@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@counter13.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@cz4.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@cz8.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@e-2dj6wfkoeod5gcq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@e-2dj6wjk4apcjwbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@e-2dj6wjkoopdpgdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@e-2dj6wjkycodzckq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@e-2dj6wjl4knc5agp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@e-2dj6wjlooid5igp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@e-2dj6wjnyemcjgap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@ehg.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\JiSU\Cookies\jisu@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup ::Report End Logfile of HijackThis v1.99.1 Scan saved at 11:29:13 PM, on 1/4/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\JiSU\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: eFax Live Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe O4 - Global Startup: eFax Tray Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing) O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{EB51DE64-45DB-4174-ABF2-D5746F71F9AB}: NameServer = 4.1.1.1,4.2.2.2 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe smitRem © log file version 2.8 by noahdfear Microsoft Windows XP [Version 5.1.2600] The current date is: Wed 01/04/2006 The current time is: 22:25:27.92 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! checking for WinHound.com key WinHound.com key not present! spyaxe uninstaller NOT present Winhound uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ Online Security Guide.url ~~~ Favorites ~~~ ~~~ system32 folder ~~~ msvol.tlb ld****.tmp mssearchnet.exe ncompat.tlb nvctrl.exe mscornet.exe hp***.tmp ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 876 'explorer.exe' Starting registry repairs Deleting files Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ Online Security Guide.url ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! THANKS SO VERY MUCH IN ADVANCE!!!! thank you!! -Jeremy

[pskelley]

OK Jeremy, I have merged your posts. Do not start new topics, stick with the first one you start, thanks.

ewido anti-malware - Scan report Created on: 11:18:00 PM, 1/4/2006
All cookies, and ewido was able to remove everyting it located. Here is some information to help your control IE cookies:
http://www.mvps.org/...002/cookies.htm
http://www.microsoft...acy/config.mspx

Logfile of HijackThis v1.99.1 Scan saved at 11:29:13 PM, on 1/4/2006

(I suggest you use HJT to get this stuff out off your computer)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

The balance of the log is clean and noahdfear's tool has killed another trojan
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://boards.cexx.o...topic.php?t=957
http://russelltexas....re/allclear.htm
http://forum.malware...wtopic.php?t=14
http://www.bleepingc...topict2520.html

To make sure none of this junk has gotten backed up in your System Restore files, follow the directions in this link.
http://service1.syma...src=sec_doc_nam

Safe surfing...Phil

Thanks...pskelley
TomCoyote forum
Expert Member
If you are reading this information...thank a teacher, If you are reading it in English...thank a soldier.

Edited by pskelley, 08 January 2006 - 12:28 PM.

[jisu009]

Awesome! Thank you so very much! I will read up and hopefully stay virus free!

[pskelley]

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php