| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 88942 | 2008-04-15 11:49:00 | Pop-Ups, Spyware and Viruses, THE WHOLE DEAL. HELP!! | bomby101 (12915) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 659152 | 2008-04-15 11:49:00 | I had a really bad infection on my computer, viruses etc so I wiped the computer and clean installed Windows XP, I put all my programs back on, all was well, THEN I went away and my brother had downloaded LimeWire Pro and downloaded a bunch of viruses thinking they were songs, mp3's etc. I now get CONSTANT Messenger Service pop-ups titles "Malware warning" I have disabled messenger service and un-installed msn messenger because I thought that associated with the problem, I have the full version of NOD32 3.650 Anti-Virus and Anti-Spy-ware, windows firewall and CCleaner (crap cleaner), I have a random app that every now and again pops up in the system tray, it's a black square (I assume a corrupt bit of spy-ware/virus) that warns me that I have spy-ware and need to scan immediately I click this and it goes away, I had 12 viruses after doing a scan with NOD32, all deleted but still having problems, and just general errors every now and again, can you guys help me out, I'm on Windows XP Service Pack 2 - Here's my HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:50:31 PM, on 4/15/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\msiconf.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB ZP.EXE C:\WINDOWS\system32\sistray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\FREEDO~1\fdm.exe C:\Documents and Settings\Timothy & Jackson\Desktop\HiJackThis.exe O2 - BHO: (no name) - {AAF17B9E-7245-4CBB-A7B0-C44717CED179} - C:\WINDOWS\system32\d3d8th.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 2285 bytes |
bomby101 (12915) | ||
| 659153 | 2008-04-15 11:58:00 | Is that it?? It looks a bit short to me.. Make sure u copy and paste the WHOLE log. Get rogueremover, trojan remover in my sig in the meantime. Install and update both, then click on scan See what they pick up |
Speedy Gonzales (78) | ||
| 659154 | 2008-04-15 22:10:00 | I have the full version of NOD32 3.650 Anti-Virus and Anti-Spy-ware, windows firewall and CCleaner (crap cleaner), Well no wonder you have malware then. Nod is good as an AV. CCleaner is a housekeeping program not a malware finder. Get 2 more: Superantispyware Spyware Terminator Spyware Doctor Starter Edition Counterspy whatever..........just have at least 2 stand alone anti-spyware programs in addition to your NOD. |
pctek (84) | ||
| 659155 | 2008-04-16 03:19:00 | Heres my Hijack This log again: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:18:45 PM, on 4/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Timothy & Jackson\Desktop\HiJackThis.exe O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {AAF17B9E-7245-4CBB-A7B0-C44717CED179} - C:\WINDOWS\system32\d3d8th.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 2507 bytes |
bomby101 (12915) | ||
| 659156 | 2008-04-16 03:24:00 | The filename is associated with the malware group Generic8.COD.Some files using the name D3D8TH.DLL are also associated with the malware groups: * Trojan.DoS.Win32.Opdos * SPYWARE.BZUB.NGP Like I said.........get some anti-spyware. |
pctek (84) | ||
| 659157 | 2008-04-16 03:30:00 | Are you sure, thats ALL of it?? It doesnt look like all of it Put hijackthis in its own folder then run it again then tick this entry. Its the only entry that shouldn't be there Disable system restore O2 - BHO: (no name) - {AAF17B9E-7245-4CBB-A7B0-C44717CED179} - C:\WINDOWS\system32\d3d8th.dll <-- boot into safe mode after, and delete this file |
Speedy Gonzales (78) | ||
| 1 | |||||