•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 402,750 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,444 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Viruses, Spyware and other Nasties advertiser: Programming Forums
Views: 1377 | Replies: 3
 |
| |
•
•
Join Date: May 2005
Posts: 2
Reputation: 
Rep Power: 0
Solved Threads: 0
Newbie Poster
Spyware? hijacked cursor at "2:Open" sign Hi-
I'm running Win 98 SE:A. On bootup, the cursor is hijacked to a yellow sign that says "2:Open". Once, I think it said "1:Explorer".
I've virus and spyware the dickens out of this thing. Found Alexa spyware (deleated) and a file that had been infected with Micro-128 (C)- deleated.
On boot-up, I've still got the same problem.
Perplexed-
Dave
I'm running Win 98 SE:A. On bootup, the cursor is hijacked to a yellow sign that says "2:Open". Once, I think it said "1:Explorer".
I've virus and spyware the dickens out of this thing. Found Alexa spyware (deleated) and a file that had been infected with Micro-128 (C)- deleated.
On boot-up, I've still got the same problem.
Perplexed-
Dave
•
•
Join Date: Jul 2004
Location: Washington, USA
Posts: 2,964
Reputation:
Rep Power: 10
Solved Threads: 189
Hi Dave, welcome to DaniWeb 
To help us see what you have going on, get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html
Then, close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it here in this thread.
And check this thread before you post the log:
http://www.daniweb.com/techtalkforums/thread24085.html
To help us see what you have going on, get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html
Then, close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it here in this thread.
And check this thread before you post the log:
http://www.daniweb.com/techtalkforums/thread24085.html
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
•
•
Join Date: May 2005
Posts: 2
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
•
•
•
•
Originally Posted by dlh6213
Hi Dave, welcome to DaniWeb
To help us see what you have going on, get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html
Then, close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it here in this thread.
And check this thread before you post the log:
http://www.daniweb.com/techtalkforums/thread24085.html
Logfile of HijackThis v1.99.1
Scan saved at 1:23:33 PM, on 5/25/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATWTUSB.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\TBLMOUSE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\atwtexe.exe
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\IGFXTRAY.EXE
C:\WINDOWS\SYSTEM\HKCMD.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\MSTMON_Q.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\MEMOREX\TRAVELDRIVE2B\SHWICON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\DESKTOP\DOWNLOAD\HIJACKTHIS.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Dimension4] C:\PROGRAM FILES\D4\D4.EXE
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1350WStatusDisplay] C:\WINDOWS\SYSTEM\MSTMON_Q.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ShowIcon_Memorex_USB Product Driver v2.13r002] C:\Memorex\TravelDrive2B\shwicon.exe -t"Memorex\USB Product Driver v2.13r002"
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Mass Storage Check Registry] rundll32.exe C:\WINDOWS\SYSTEM\ShellExt\MSDServ.dll,CheckRegistry
O4 - HKCU\..\Run: [VIP ORGANIZER.EXE] C:\PROGRAM FILES\VIP QUALITY SOFTWARE\VIP ORGANIZER\VIP ORGANIZER.EXE
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
•
•
Join Date: Dec 2003
Location: Marin County, CA
Posts: 6,439
Reputation:
Rep Power: 18
Solved Threads: 340
That's a clean log, and neither Alexa nor the micro-128 virus would cause such behaviour as far as I know. Had you installed any software around the time you first noticed this (think carefully...)? My first thought is that the icon is part of some freebie cursor accessory or the like (although I don't see anything in your log to support that hunch).
Do you get a normal cursor when you boot into Safe Mode? (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)
Do you get a normal cursor when you boot into Safe Mode? (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
|
•
•
•
•
•
•
•
•
DaniWeb Viruses, Spyware and other Nasties Marketplace
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Hybrid Mode
•
•
•
•
apple cocoa commercial computer defender dell development drivers firefox framework games graphics im intel internet java linux malware mcafee microsoft microsystems mozilla news next open open source open-source opengl openoffice operating programming red hat reliability search security software source spyware step sun super survey system ubuntu viruses vista vulnerability wesnoth windows xp
- "Open With" menu Question (Windows 9x / Me)
- I have an "open with" problem...can someone help? (Windows NT / 2000 / XP / 2003)
- Need VB code to open "Open With" Dialogbox (Visual Basic 4 / 5 / 6)
- google "keyword" question (Search Engine Optimization)
- Opening "Open With.." dialogbox through VB code (VB.NET)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: W32.Spybot.Worm!!!!
- Next Thread: Microsoft Error #317
