Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Infected Pc


  • Please log in to reply
47 replies to this topic

#31 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 01 August 2007 - 07:39 PM

Something there is placing blocks, at least for the way Kaspersky operates, but Panda shouldn't have the same issues. That IE desktop shortcut issue almost sounds like you sometimes move it, and sometimes click it (more mouse/mouse settings than problems). Is it just IE's shortcut?

    Advertisements

Register to Remove


#32 Cammy

Cammy

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 02 August 2007 - 12:20 PM

My IE won't work from the desk top at all. If I double click it, it just creates another shortcut. I hope I did this one right! Adware:Adware/FlashTrack Not disinfected C:\Documents and Settings\BJ Krivoniak\Local Settings\Temporary Internet Files\Content.IE5\XORKIT55\channels_02[1].gif Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Carol McClure\Application Data\Mozilla\Firefox\Profiles\sb4i3tll.default\cookies.txt[.zedo.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Carol McClure\Application Data\Mozilla\Firefox\Profiles\sb4i3tll.default\cookies.txt[.advertising.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Carol McClure\Application Data\Mozilla\Firefox\Profiles\sb4i3tll.default\cookies.txt[.zedo.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Carol McClure\Application Data\Mozilla\Firefox\Profiles\sb4i3tll.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Carol McClure\Application Data\Mozilla\Firefox\Profiles\sb4i3tll.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Carol McClure\Application Data\Mozilla\Firefox\Profiles\sb4i3tll.default\cookies.txt[.atwola.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Carol McClure\Application Data\Mozilla\Firefox\Profiles\sb4i3tll.default\cookies.txt[.2o7.net/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Carol McClure\Application Data\Mozilla\Firefox\Profiles\sb4i3tll.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Carol McClure\Application Data\Mozilla\Firefox\Profiles\sb4i3tll.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Carol McClure\Application Data\Mozilla\Firefox\Profiles\sb4i3tll.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Carol McClure\Application Data\Mozilla\Firefox\Profiles\sb4i3tll.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Carol McClure\Application Data\Mozilla\Firefox\Profiles\sb4i3tll.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Carol McClure\Application Data\Mozilla\Firefox\Profiles\sb4i3tll.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Carol McClure\Application Data\Mozilla\Firefox\Profiles\sb4i3tll.default\cookies.txt[.statcounter.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Carol McClure\Application Data\Mozilla\Firefox\Profiles\sb4i3tll.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Carol McClure\Application Data\Mozilla\Firefox\Profiles\sb4i3tll.default\cookies.txt[.statcounter.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Carol McClure\Application Data\Mozilla\Firefox\Profiles\sb4i3tll.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Carol McClure\Application Data\Mozilla\Firefox\Profiles\sb4i3tll.default\cookies.txt[.adrevolver.com/] Virus:Generic Trojan Disinfected C:\Documents and Settings\Carol McClure\Desktop\ComboFix.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Carol McClure\Desktop\SmitfraudFix\Process.exe Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Carol McClure\Desktop\SmitfraudFix\restart.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe Potentially unwanted tool:Application/SuperFast Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\restart.exe Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

#33 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 02 August 2007 - 08:02 PM

Cookies and the tools we used (you can use the end of that Panda log as a list of them and delete those now). Second request today about issues with the IE desktop shortcut. Go here and scroll down to " 20. Restore IE Desktop Shortcut Icon Functions". Then right click that and download iedesktopshortcut.reg to your desktop (Save Target/Link As), then click on the downloaded file, and allow it to merge with the registry.

Reboot, and check the IE shortcut after and post back an update please.

#34 Cammy

Cammy

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 04 August 2007 - 10:58 AM

I am sorry. Where do I go to delete the files in the log? I really am a computer dummy! Thanks.

#35 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 05 August 2007 - 02:25 PM

I get pretty used to seeing the same files for tools we use in forums and can forget that they would not be as familiar to others. You can go ahead and delete the following:

Files:
C:\WINDOWS\nircmd.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\ComboFix-quarantined-files.txt
ComboFix.exe

Folders:
C:\Documents and Settings\Carol McClure\Desktop\SmitfraudFix
C:\Program Files\Mozilla Firefox\SmitfraudFix


Plus any of the logs produced by those. And if things are doing well there now you just need to clear your System Restore to complete the cleaning. To do this, right-click My Computer and select Properties. Click the System Restore tab in the window that appears, and check the box that says "Turn off System Restore on all drives" and click Apply.

You will be asked if you are sure, click Yes. This will delete the restore points. Then click OK in the Properties window and reboot your computer.

When your desktop appears, right-click My Computer and select Properties once more. Uncheck the "Turn off System Restore..." box and click Apply. OK.


In addition, I like to recommend reviewing the information Here to make sure you stay malware free.

#36 Cammy

Cammy

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 07 August 2007 - 03:58 PM

Ok. I did all of it but the IE still wont acess from the desktop. When I double click it, it just creates another shortcut on the desktop.

#37 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 07 August 2007 - 05:34 PM

I'll research that and come back with some suggested steps. Just the shortcut changed, but it is not like other shortcuts so best to be sure.

#38 Cammy

Cammy

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 07 August 2007 - 07:12 PM

I downloaded the Zone alert and not sure what I did, but now IE and Firefox wont load. I had to go to another computer to send this message. Should I uninstall the Zone alert?

#39 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 07 August 2007 - 07:25 PM

Zone Alarm firewall? You will need to adjust it to allow web access for the different services there, but I am not a ZA user so could not provide you with the details to do the install/setup the way it should be. Why not leave it installed but disable it and see if that corrects the access issues.

#40 Cammy

Cammy

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 08 August 2007 - 09:55 AM

Ok. Got the Firefox working with the Zone Alarm, but IE still doesn't work quite right. I don't really care if it works or not as long as my automatic updates can get through. I really like the firefox a lot and have started using it exclusively.

    Advertisements

Register to Remove


#41 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 08 August 2007 - 02:03 PM

Cammy, did you uninstall or completely disable McAfee's firewall first, before any of these changes? One problem for me is before I can complete resolving just the IE shortcut issue new problems occur. You did not have a protection problem - you clicked on the wrong email. Once someone clicks something that is physically on their computer it has already bypassed much of the security in place.

#42 Cammy

Cammy

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 08 August 2007 - 03:33 PM

Window firewall was disabled when we ran the McAfee. One of the girls that likes to use my computer (doesn't work here anymore) used to disable my firewall so she could play poker on Full Tilt. She said it wouldn't load otherwise. I finally started locking up my room when I would leave so she couldn't use it. Started having some problems back in September---nothing real big--then the e-mail thing that I did. I have Zone Alarm set up now so McAfee and windows firewall are disabled. Would you like a new highjackthis log?

#43 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 08 August 2007 - 08:47 PM

Given all the changes done sure, run and post that.

#44 Cammy

Cammy

    Authentic Member

  • Authentic Member
  • PipPip
  • 33 posts

Posted 09 August 2007 - 02:30 PM

Logfile of HijackThis v1.99.1
Scan saved at 3:24:24 PM, on 8/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\1147712667\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\mcafee.com\personal firewall\MPFTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\4 Warn Alert\TrueWeather.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Common Files\AOL\1147712667\ee\SSCEvtHdlr.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Common Files\AOL\1147712667\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1147712667\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1147712667\ee\aolsoftware.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1034
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: 4 Warn Alert.lnk = C:\Program Files\Common Files\4 Warn Alert\TrueWeather.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://games.king.co...l/kingcomie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1184945911156
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1184945902015
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1147712667\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

#45 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 10 August 2007 - 10:53 AM

You're losing me here on all the changes being made at your end, such as my wondering now how MyWebSearch got installed there? That will need to be removed through Add/Remove Programs as a minimum. This doesn't really even look like the same system we started with, so many changes have occurred "off camera". I think what you might more benefit from is a different forum than this, as malware removal forums are restricted (for good reasons) on who responds to requests, and as a one-on-one format limits how often interaction occurs. As you are making many independent changes you are going to need to be more having a running dialogue with others than this forum format. Why not stop here, and instead post a new request in our Other Computer Problems forum, and link back to this thread just for the background info.

Edited by Jintan, 10 August 2007 - 10:55 AM.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users