| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 44372 | 2004-04-17 00:12:00 | VX2.BetterInternet | donna (1667) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 229947 | 2004-04-17 00:12:00 | Morning I found this little lovely while running ad aware and cannot get rid of it. Ad aware asks if I want to run it again after next bootup and I select yes but it doesn't start up. I have even tried running it in safe mode but still no joy. Tried using Spybot, but that doesn't pick it up at all. I am running win XP Pro. This is the info that I get from ad aware so if anyone can help that would be great. VX2.BetterInternet Object recognized! Type : File Data : aed.cpy.dll Object : C:\WINDOWS\System32\ FileSize : 301 KB Created on : 16/04/2004 22:48:37 Last accessed : 16/04/2004 22:48:37 Last modified : 12/04/2004 22:19:20 Performing conditional scans.. ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ VX2.BetterInternet Object recognized! Type : RegKey Data : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Guardian Conditional scan result: ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 1 Objects found so far: 2 10:58:36 Scan complete Summary of this scan ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Total scanning time :00:06:34:477 Objects scanned :49431 Objects identified :2 Objects ignored :0 New objects :2 |
donna (1667) | ||
| 229948 | 2004-04-17 21:48:00 | Hi again I finally got ad aware to delete the spyware ... but now when I restart the computer it goes through the checkdisk facility because there are inconsistencies on the disk. When this has finished lo and behold the spyware is back. Does anybody have any ideas about how I can get rid of this as its driving me nuts. I have also notice that when I am connected to the Internet that I can no longer see the icon in the notification area when I am connected. I have tried rechecking the box but to no avail. Not sure if it is connected or just a coincidence. Thanks |
donna (1667) | ||
| 229949 | 2004-04-17 22:01:00 | the little bugger has probably infected a good file that's needed, or has put in the registry that it's needed. try spybot search and destroy. www.downloads.com | Megaman (344) | ||
| 229950 | 2004-04-17 22:04:00 | Hi megaman, Thanks for that but I have already tried spybot and it didn't even pick it up at all.... any other ideas???? |
donna (1667) | ||
| 229951 | 2004-04-17 22:11:00 | Update your AdAware definitions, they apparently released a fix on 10 April for that. | godfather (25) | ||
| 229952 | 2004-04-17 22:15:00 | Hi Adaware is totally up to date, updated on the 16th... its just totally got me beat!!! |
donna (1667) | ||
| 229953 | 2004-04-17 22:19:00 | o/s? if ME or XP, have you tried system restore? |
Megaman (344) | ||
| 229954 | 2004-04-17 22:24:00 | Hi Running XP Pro. Tried system restore and that didn't work either. Tried turning off system restore to get rid of the restore points but that also did not work. Tried safe mode, also didn't work. |
donna (1667) | ||
| 229955 | 2004-04-17 22:41:00 | Grab hold of HijackThis ( . majorgeeks . com/download . php?det=3155" target="_blank">www . majorgeeks . com), give it a run and delete any entries that refer to BetterInternet . Be very careful not to delete anything other than BetterInternet or your computer may cease to work . If you are unsure you can post the list here for someone to advise what can be removed . |
Susan B (19) | ||
| 229956 | 2004-04-17 23:03:00 | Hi Susan Thanks for that. I did have a look at this yesterday, but was unsure of what to delete. Here is what it came up with. Logfile of HijackThis v1.97.7 Scan saved at 09:58:57, on 18/04/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\Fast.exe C:\WINDOWS\System32\mqsvc.exe C:\WINDOWS\System32\mqtgsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\taskswitch.exe C:\WINDOWS\System32\fast.exe C:\Program Files\Messenger Plus! 2\MsgPlus.exe C:\WINDOWS\Mixer.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\Program Files\MSGTAG\MSGTAG.exe C:\WINDOWS\system32\mapiicon.exe C:\WINDOWS\System32\cidaemon.exe C:\WINDOWS\System32\cidaemon.exe C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = xtra.co.nz R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {EFF80427-F837-4B74-8834-BAF18E0553FD} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKCU\..\Run: [MSGTAG] "C:\Program Files\MSGTAG\MSGTAG.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Add to Ad Hunter - C:\Program Files\MYIE2\config/blacklist.htm O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Subscribe in Desktop Sidebar (HKLM) O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar (HKLM) O16 - DPF: ppctlcab - www.pestscan.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - messenger.zone.msn.com O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - office.microsoft.com O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - security.symantec.com O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - www.pestscan.com O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - office.microsoft.com O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - www.installengine.com O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - www.pandasoftware.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - download.macromedia.com O17 - HKLM\System\CCS\Services\Tcpip\..\{B59657AF-D883-4CCA-B623-5A70EE309469}: NameServer = 202.27.184.3 202.27.184.5 |
donna (1667) | ||
| 1 2 | |||||