|
| ||
| Fbkp.exe is trying to access the internet.. Hey it seems like i get rid of one virus and another one pops up > I dont know how long i can take my comp getting infected , since i have AVG, spy bot, spy-blaster, adware 6.0, puritan remover & mcaffee..I dont want to re install windows xp again maybe i have alot fo backed up data thats causing my windows to also be sluggis.. Anyhow zone alarm keeps asking if I want " Fbkp.exe is trying to access the internet.. " of course i say no.. but whats safe to get rid of here ? thanks and specially thanks to crunchie for helpping out in the past.. Logfile of HijackThis v1.97.7 Scan saved at 9:24:58 PM, on 7/7/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\sstray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\AIM\aim.exe C:\WINDOWS\System32\fbkp.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\Program Files\Network Associates\VirusScan\avsynmgr.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Network Associates\VirusScan\VsStat.exe C:\Program Files\Network Associates\VirusScan\Vshwin32.exe C:\Program Files\Network Associates\VirusScan\Avconsol.exe C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\hijack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3DDA4307-BB48-42F1-D720-16550CA12D4E} - C:\WINDOWS\System32\lxtwqfu.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP |
| ||
| Re: Fbkp.exe is trying to access the internet.. That looks like an incomplete log? Download CWShredder from here & run it. Select the fix button & it will fix everything related to CoolWebSearch that is stored in it's database. Close ALL windows, including Iinternet Explorer, before running CWShredder. Reboot. To help prevent this from happening again, install the patches for the vulnerabilities that this hijacker exploits by going here for your critical updates. Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked': R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: (no name) - {3DDA4307-BB48-42F1-D720-16550CA12D4E} - C:\WINDOWS\System32\lxtwqfu.dll Reboot into safe mode following the instructions here & navigate to & delete the following if found: C:\WINDOWS\System32\fbkp.exe Reboot after doing this & post another log please. Make sure that IE is closed before scanning with HJT. |
| ||
| Re: Fbkp.exe is trying to access the internet.. Hey thanks crunchie , I just DLd CS shredder and ran "fix " mode once it finished it didtn seem like it fixed anything.. soo i did a "scan "and i see all the cool web search stuff lurking in my comp from shredder ...heres a log from Cw shredder --------- CWShredder v1.57.0 scan only report Please understand that a CWShredder 'Scan only' report might not be sufficient to troubleshoot an infected system. You can use HijackThis for that: http://www.merijn.org/files/hijackthis.zip http://www.spywareinfo.com/~merijn/files/hijackthis.zip Windows XP (5.01.2600 SP1) Windows dir: C:\WINDOWS Windows system dir: C:\WINDOWS\system32 AppData folder: C:\Documents and Settings\julio\Application Data Username: julio Found Hosts file: C:\WINDOWS\system32\drivers\etc\hosts (2 bytes, -) Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINDOWS\system32\userinit.exe, CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwebsearch.com[*] dword:4 CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwwwsearch.com[*] dword:4 CWS.Googlems.2 (if value is 2) Registry value: Domains: *.xxxtoolbar.com[*] dword:4 CWS.Googlems.4 (if value is 2) Registry value: Domains: *.teensguru.com[*] dword:4 Registry value: DefaultPrefix (should be http://) [] http:// Registry value: WWW Prefix (should be http://) [www] http:// Registry value: Mosaic Prefix (should be http://) [mosaic] http:// Registry value: Home Prefix (should be http://) [home] http:// Found Win.ini file: C:\WINDOWS\win.ini (734 bytes, A) Found System.ini file: C:\WINDOWS\system.ini (435 bytes, A) - END OF REPORT - sorry about the incomplete log heres my full HIJACK THIS Log ------------------------ Logfile of HijackThis v1.97.7 Scan saved at 1:54:19 PM, on 7/8/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\sstray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\fbkp.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\Program Files\Network Associates\VirusScan\avsynmgr.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Network Associates\VirusScan\VsStat.exe C:\Program Files\Network Associates\VirusScan\Vshwin32.exe C:\Program Files\Network Associates\VirusScan\Avconsol.exe C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\hijack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3DDA4307-BB48-42F1-D720-16550CA12D4E} - C:\WINDOWS\System32\lxtwqfu.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Ktfnbbrm] C:\WINDOWS\System32\fbkp.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Microsoft« JavaScript« Console (HKLM) O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM) O9 - Extra button: Research (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Microsoft« JavaScript« Console (HKCU) O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...940.2945833333 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab thanks.. |
| ||
| Re: Fbkp.exe is trying to access the internet.. That version of CWShredder is ancient. It's at 1.59.1 now & does fix this infection. There is an update feature in CWShredder. |
| ||
| Re: Fbkp.exe is trying to access the internet.. Thnks ill update it and see it gets rid of the coolweb pages.. ill be posting the Hijacklog soon.. |
| ||
| Re: Fbkp.exe is trying to access the internet.. Hey ive done every you told from the begining , got cool shredder working, but ive encountered one problem .. Everytime i turn off my computer and reboot it freezes, i have too reset it manually for 2nd time for windows to work.. what can i do and heres my HIJACK LOG ----------->>>> Logfile of HijackThis v1.97.7 Scan saved at 12:17:08 AM, on 7/14/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\sstray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\AIM\aim.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\Program Files\Network Associates\VirusScan\avsynmgr.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Network Associates\VirusScan\VsStat.exe C:\Program Files\Network Associates\VirusScan\Vshwin32.exe C:\Program Files\Network Associates\VirusScan\Avconsol.exe C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\hijack this\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Ktfnbbrm] C:\WINDOWS\System32\fbkp.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Real.com (HKLM) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...940.2945833333 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab |
| ||
| Re: Fbkp.exe is trying to access the internet.. Still there: O4 - HKCU\..\Run: [Ktfnbbrm] C:\WINDOWS\System32\fbkp.exe Reboot into safe mode following the instructions here & navigate to & delete the following if found: C:\WINDOWS\System32\fbkp.exe Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked': O4 - HKCU\..\Run: [Ktfnbbrm] C:\WINDOWS\System32\fbkp.exe Reboot normally. |
| ||
| Re: Fbkp.exe is trying to access the internet.. hey whats up , I deleted the " C:\WINDOWS\System32\fbkp.exe " in safe mode last time, but i dont see it agian .. deleted and fixed " O4 - HKCU\..\Run: [Ktfnbbrm] C:\WINDOWS\System32\fbkp.exe " in HIJACK THIS too, but my comp wont reboot normal,i have to keep resetting it after the second first boot.. Whatelse can I do? heres my HIJACK LOG ---------->>> ogfile of HijackThis v1.97.7 Scan saved at 9:25:39 PM, on 7/14/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\sstray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\AIM\aim.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\Program Files\Network Associates\VirusScan\avsynmgr.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Network Associates\VirusScan\VsStat.exe C:\Program Files\Network Associates\VirusScan\Vshwin32.exe C:\Program Files\Network Associates\VirusScan\Avconsol.exe C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\hijack this\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Real.com (HKLM) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...940.2945833333 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab |
| ||
| Re: Fbkp.exe is trying to access the internet.. I see nothing else wrong in your log. When did that problem start? Hopefully one of our other knowledgeable members can advise on this? |
| All times are GMT -4. The time now is 1:48 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC