User Name Password Register
DaniWeb IT Discussion Community
Home
Forums
Tutorials
Blogs
Link Directory
All
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 402,955 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,841 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Join our community!
Please support our Viruses, Spyware and other Nasties advertiser: Programming Forums

My HiJackThis Log

Join Date: Oct 2004
Posts: 7
Reputation: EdDLicious is an unknown quantity at this point 
Rep Power: 0
Solved Threads: 0
EdDLicious EdDLicious is offline Offline
Newbie Poster

Re: My HiJackThis Log *Updated*

  #10  
Oct 13th, 2004
(the below was written when I assumed all was fixed - but just a minute ago, the problem showed up again! the message has been edited to reflect what seemed to be the fix, but now shows it was not)

alrighty - so here's the current situation:

the problem SEEMED to be fixed. In fact, everything was running fine for about 20 minutes, a new record that I thought indicated everything was ok! JUST a second ago, it started with the exact same problem again!

At first, it seems no matter how much I trusted Lavasoft's AdAware - it would not detect what I thought was the cause of this problem. I ran Spybot - and it found:

WebTrends live: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)
WebTrends live: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)

Alexa Related: Link (Replace file, nothing done)
C:\WINNT\Web\RELATED.HTM

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-18636371-1523486670-2959832362-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

FunWeb: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts

FunWebProducts: Installer (File, nothing done)
C:\WINNT\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf

FunWebProducts: Program directory (Directory, nothing done)
C:\Program Files\MyWebSearch\

FunWebProducts: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

ICOO Loader: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\icoo

Travelocity: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)
Travelocity: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)
Travelocity: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done)

I'm a bit disappointed that AdAware did not find these problems - being I’ve always thought of them as the pioneers of spyware removal and prevention.

dlh6213 - I did go to the add/remove panel - but it did not list MyWebSearch as a program that could be removed. After running spybot - it seems that the C:\programfiles\MyWebSearch directory has been removed.

crunchie - Believe it or not, I followed your directions exactly - and in the 'Value' field - it did indeed list "AppInit_DLLs" as the value. Seems odd - but I just triple checked it.

have I discovered spyware that manages to elude even our best efforts? I’m kind of fresh out of ideas here...

I will list the popups that I see - I unfortunately forgot the name of the first few, but the most recent ones were:

Jimmy Surf Popunder
Freeze Screensavers
Reply With Quote  
Advertising Opportunities on DaniWeb
Contact Us - Newsletter Archive - Sitemap - Privacy Statement
All times are GMT -4. The time now is 6:36 pm.
Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC