| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 81222 | 2007-07-21 00:11:00 | Internet Explorer Problems - Virus? | Sam Bos (12456) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 570815 | 2007-07-21 00:11:00 | Im getting having this really frustrating problem with my computer at the moment. For the past few days my antivirus program, AVG (Free Edition), has been detecting 3 or 4 threats each time I go on the internet (im on paradise dial-up). Some of them can be healed (when I click heal) but others cant. Most of the infected files seem to be in my TEMP folder or the Temporary Internet Files folder. I’ve already run quite a few virus scans since this first started happening (on Wednesday I think.) each time it comes up with 3 or 4 threats (that are either in the TEMP folder or the Temporary Internet Files folder). These ones can’t be healed, so im guessing they are deleted (at the end of the scan in the results page it says ‘deleted’ next to each of these files. But every time I run a virus scan it comes up with those exact same files/threats, sometimes 3, sometimes 4. And I have no idea what’s going on. Also, when I’m in Internet Explorer, randomly a window pops up and says something like “Internet Explorer needs to close, we are sorry for the inconvenience.’ It does this quite often, sometimes every 5 mins, or 10 mins or more. I’m not sure if it depends on what im doing in internet explorer, but it happens randomly – its unpredictable and very annoying. Even trying to get onto this PC World website I have had to try a number of times because Internet Explorer keeps closing. Can anyone help me or give me some idea on how to fix this? I’m sure its at least one virus causing these problems, but thats really as much as I know. Thanks guys for your help |
Sam Bos (12456) | ||
| 570816 | 2007-07-21 00:45:00 | Ok, well I would get hijackthis in my sig below if u can. If you cant, here's the direct link to the file (www.trendsecure.com) Download it put it in its own folder, run it. Then click on scan the system and save a log. Copy and paste the log it makes in notepad, back in here. We'll see whats in it. I would get ccleaner as well (http://www.ccleaner.com) Download this install it, (untick the yahoo toolbar option), then click on run cleaner. Close browser/s before you click on run cleaner. |
Speedy Gonzales (78) | ||
| 570817 | 2007-07-21 03:41:00 | Sam, you could also try ditching IE once you have sorted your problem out and download Firefox since IE (Internet Exploder) is nothing more than a bloated pile of crap containing ActiveX also known as a crap magnet for your "enhanced browsing experience" | winmacguy (3367) | ||
| 570818 | 2007-07-21 11:24:00 | Speedy Gonzales, here is the log of the scan i did using HiJackThis. Hope this helps you to help me. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:29:45 p.m., on 21-Jul-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE C:\Program Files\Microsoft Works\WkDetect.exe C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\sstray.exe C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB HP.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Microsoft Office\Office\winword.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.xtramsn.co.nz R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = g.xtramsn.co.nz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = g.xtramsn.co.nz R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O3 - Toolbar: SuperBar - {62822C7A-4292-49A6-AF26-3729C22942C2} - C:\Program Files\_SUPERBAR\_SUPERBAR.dll (file missing) O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.5.1.0\HbHostIE.dll (file missing) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar3.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe O4 - HKLM\..\Run: [EPSON Stylus C61 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P23 "EPSON Stylus C61 Series" /O5 "LPT1:" /M "Stylus C61" O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [EPSON Stylus C59 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB HP.EXE /FU "C:\WINDOWS\TEMP\E_S95.tmp" /EF "HKLM" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe" O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\krrpvfee.dll",forkonce O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user') O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: &Search - bar.mywebsearch.com O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing) O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - messenger.zone.msn.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.imgfarm.com O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - update.videoegg.com O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - promo.dollarrevenue.com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - by13fd.bay13.hotmail.msn.com O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - toolbar.google.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - cdn.digitalcity.com O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - static.zangocash.com f7f5822a4301327b3f9141d5c15113deef26ab072e4b9823d5 9ace9d9365ca936542977b3ec2c642b:d65dcad4d7f23d81ea 8a8b93e75306fe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O24 - Desktop Component 0: (no name) - www.traditional-german-giftshop.com O24 - Desktop Component 1: (no name) - media.basspro.com -- End of file - 11606 bytes |
Sam Bos (12456) | ||
| 570819 | 2007-07-21 14:10:00 | BTW, also don't get Safari for Windows either. Horrible piece of software. | beeswax34 (63) | ||
| 570820 | 2007-07-21 18:50:00 | Looks like you've got Winantivirus, which is rogue software. And mywebsearch, which is malware/spyware. And hotbar, which is adware Run hijackthis again tick these entries then tick fix checked. Close browser/s. Get Rogueremover in my sig below as well. That should remove whatever Winantivirus installed. And get trojan remover in my sig too, install this update it then click on scan. Then select all options under the utilities menu. C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com O3 - Toolbar: SuperBar - {62822C7A-4292-49A6-AF26-3729C22942C2} - C:\Program Files\_SUPERBAR\_SUPERBAR.dll (file missing)' O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.5.1.0\HbHostIE.dll (file missing) O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe" O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\krrpvfee.dll",forkonce O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O8 - Extra context menu item: &Search - bar.mywebsearch.com O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.imgfarm.com O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - promo.dollarrevenue.com O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - static.zangocash.com O24 - Desktop Component 0: (no name) - http://www.traditional-german-giftsh...eriverback.jpg 024 - Desktop Component 1: (no name) - media.basspro.com Uninstall ALL versions of Sun Java. Latest version is 6 Update 2. Look in Add/remove programs for Mywebsearch or similar, uninstall it. |
Speedy Gonzales (78) | ||
| 1 | |||||