|
| ||
| Click me! .. keeps coming back no matter what! 1 Attachment(s) Hi there, I am very very sick by having to fight this little bugger. I just cant get rid of this spam, spybot, trojan, hacktool, virus, whatever. I really need some professional help because if I can't fix this I will :cry: all day. I am going through some real life stuff right now and I seriously cant have this along with it. I need this system and just BLEAGH.. Go through this with me step by step and hopefully I can suddenly fix it. Ok, out of the blue I have this green little icon on my desktop that says Click me. Of course I know I didnt put it there, so I won't click it - but that is not even the point. Popup banners appear everywhere and various other virusses and trojans and worms start to appear as if they're having a party. After fighting this all day I am now about to give up and throw away this damn computer (at least the hard drive) PLEASE help me try to fight this, people always come to me to help them and I have nobody to turn to but hopefully you. Today I have run at least 3 different anti spyware, bot destroyers, adware removers, anti virus and trojan hunters .. I've done safe mode reboots a zillion times to check and check again. And when everything says 0 found again I reboot and the f0kkuhr is there again. Seriously, it is no longer funny for me anymore. I never have issues, and if I do these programs catch them in time and remove them properly. But this one.. this little f0ckah I just cant get rid of. What do you need to know? What is my FIRST step? Attached is the screenshot of that damn green icon that keeps re-appearing on my desktop after each reboot, prompts me to yes/no for some dailup and during the time the system is on pops up at random some crap advertisements. Do you recognize it? which worm, spyware, etc is this? Where do I find removal instructions on it? |
| ||
| Re: Click me! .. keeps coming back no matter what! I see that you have a little HJT icon there too. Can you paste us your HJT log please? Thanks! |
| ||
| Re: Click me! .. keeps coming back no matter what! Logfile of HijackThis v1.99.1 Scan saved at 1:26:56, on 10-4-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE E:\Internet\DU Meter\DU Meter\DUMeter.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Motherboard Monitor 5\MBM5.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\SOUNDMAN.EXE E:\Adobe\acrobat\Distillr\Acrotray.exe C:\Program Files\Pulse\Pulse.exe E:\Internet\Trillian\trillian.exe C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\floris\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vBulletin.nl/community/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vbulletin.nl/community R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\floris\Application Data\Mozilla\Profiles\default\8bvnhz95.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\floris\Application Data\Mozilla\Profiles\default\8bvnhz95.slt\prefs.js) O1 - Hosts: 217.155.49.105 www.example.com O4 - HKLM\..\Run: [DU Meter] E:\Internet\DU Meter\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE" O4 - HKLM\..\Run: [Fortis Secure Layer Config] cseinst.exe -o-h O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "e:\Adobe\acrobat\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [firlnin] H:\TMP\Tijdelijke Internet-bestanden\Content.IE5\YHGRYLA5\delf061225[1].exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitecav32.exe O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\netherlands.exe -N O4 - HKCU\..\Run: [Pulse] C:\Program Files\Pulse\Pulse.exe -splash O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Convert link target to Adobe PDF - res://e:\Adobe\acrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://e:\Adobe\acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://e:\Adobe\acrobat\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://e:\Adobe\acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://e:\Adobe\acrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://e:\Adobe\acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://e:\Adobe\acrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://e:\Adobe\acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\Office\OFFICE11\EXCEL.EXE/3000 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1107951478468 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: PestPatrol Remote - PestPatrol, Inc. - C:\Program Files\Common Files\PestPatrol\ppRemoteService.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\SiSoftware Sandra Professional 2005\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
| ||
| Re: Click me! .. keeps coming back no matter what! But when I check a checkbox and click to fix it, it doesnt do dick. It appears to be ready, but when I click scan again it is still there. No matter which item I select. |
| ||
| Re: Click me! .. keeps coming back no matter what! 1 Attachment(s) the confirm box is netherlands.exe and after reboot and clearing out all procs from run, runonce, etc.. I get this: Process list saved on 1:53:35, on 10-4-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) [pid] [full path to filename] [file version] [company name] 500 C:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation 584 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 Microsoft Corporation 628 C:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation 640 C:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation 792 C:\WINDOWS\System32\Ati2evxx.exe 6.14.10.4112 ATI Technologies Inc. 808 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation 940 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation 1208 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.2180 Microsoft Corporation 1468 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe 103.0.4.3 Symantec Corporation 1512 C:\WINDOWS\System32\GEARSEC.EXE 1.0.0.3 GEAR Software 1552 C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe 1.0.1117.0 Network Associates, Inc. 1600 C:\Program Files\Norton AntiVirus\navapsvc.exe 11.0.9.16 Symantec Corporation 1632 C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe 11.0.9.16 Symantec Corporation 1672 C:\Program Files\Common Files\PestPatrol\ppRemoteService.exe 5.0.1.2 PestPatrol, Inc. 1804 C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe 5.4.4.17 Symantec Corporation 1852 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe 1.0.1.47 Symantec Corporation 1880 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation 1908 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe 1.8.54.419 Symantec Corporation 180 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe 103.0.4.3 Symantec Corporation 324 C:\Program Files\Common Files\pestpatrol\PPMCActiveDetection.exe 5.0.1.2 PestPatrol, Inc. 1044 C:\WINDOWS\system32\Ati2evxx.exe 6.14.10.4112 ATI Technologies Inc. 1064 C:\WINDOWS\Explorer.EXE 6.0.2900.2180 Microsoft Corporation 2244 C:\WINDOWS\system32\wuauclt.exe 5.4.3790.2182 Microsoft Corporation 2484 E:\Internet\DU Meter\DU Meter\DUMeter.exe 3.0.3.96 Hagel Technologies 2492 C:\Program Files\Motherboard Monitor 5\MBM5.EXE 5.3.7.0 Alex van Kaam 2564 C:\Program Files\Pulse\Pulse.exe 1.0.0.1 3372 C:\Documents and Settings\floris\Bureaublad\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd. DLLs loaded by process C:\WINDOWS\System32\smss.exe: [full path to filename] [file version] [company name] C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 Microsoft Corporation |
| ||
| Re: Click me! .. keeps coming back no matter what! This process will clean out your Temp files and your Temporary Internet Files. Please do both steps: Step 1:Delete Temp Files To clean out your temp files, click on Start and then run, and type %temp% and press the ok button. This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files. Step 2: Delete Temporary Internet Files Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted. ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing. You might want to print out or copy & paste to notePad , these instructions as you will need to close this browser window to fix with hijackthis ! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O1 - Hosts: 217.155.49.105 www.example.com O4 - HKLM\..\Run: [firlnin] H:\TMP\Tijdelijke Internet-bestanden\Content.IE5\YHGRYLA5\delf061225[1].exe O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitecav32.exe O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\netherlands.exe -N Fix this on unless you set it with spybot or something else . O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present. Now reboot into safe mode and delete the following files and folders if found . H:\TMP\Tijdelijke Internet-bestanden\Content.IE5\YHGRYLA5\delf061225[1].exe ,,,,,,,,delete file C:\windows\system32\elitecav32.exe,,,,,,,delete file C:\WINDOWS\system32\netherlands.exe,,,,,,,,,delete file to delete the above files and folder you will need to do the following go to Show hidden files & folders "Fix Checked"...Reboot to SAFE mode to delete files How to start computer in safe mode reboot computer and post a new log |
| All times are GMT -4. The time now is 2:32 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC