•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 425,926 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 1,704 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Viruses, Spyware and other Nasties advertiser: Programming Forums
Views: 3667 | Replies: 4
 |
| |
•
•
Join Date: Oct 2003
Posts: 21
Reputation: 
Rep Power: 0
Solved Threads: 0
Newbie Poster
Hi
I am quite fed up with spyware , this time : http://prosearching.com/searchbar.html
(IŽd wish to have a valid email to call a bit of names to such [Moderator's edit: Please keep it clean, we ask that our members not use profanity in these forums- thanks]
is there any safe tutorial on how to get rid of IE hijacking (cwshredder has got 2 links where there are explanations on how to uninstall java virtual machine and others items which allow hijacking )
In this meantime , perhaps any of you could assist me to clear my system out of this rubbish (what the h e l l is that : C:\ARQUIVOS DE PROGRAMAS\MIX MAIL LOVE\POLLBAIT.EXE)
Here youŽve got the Logfile :
HijackThis v1.97.7
Scan saved at 1:00:59, on 23/04/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
D:\12GHOSTS\12SRVC.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\ADMUNCHER\ADMUNCH.EXE
C:\ARQUIVOS DE PROGRAMAS\MIX MAIL LOVE\POLLBAIT.EXE
C:\ARQUIVOS DE PROGRAMAS\MYVITALAGENT8\VITALAGENT\PROGRAM\VTLAGENT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\ARQUIVOS DE PROGRAMAS\MSN MESSENGER\MSNMSGR.EXE
D:\CHATBROWSER4.0\CB_4001.EXE
C:\ARQUIVOS DE PROGRAMAS\SYSAI\SYSAI.EXE
D:\!DOWNLOAD\!_HIJACK_CLEAN\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Multi Media Marketing
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://home.uol.com.br/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\ACROBATREADER\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {00000000-0007-5041-4354-0020e48020af} - D:\12Ghosts\12popup.dll
O2 - BHO: (no name) - {904071B0-0D97-86B7-E2E8-38105E672165} - C:\ARQUIVOS DE PROGRAMAS\SOFTWARE 2 LONG\SEEK64.DLL
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\ARQUIVOS DE PROGRAMAS\SYSAI\APROPOSPLUGIN.DLL
O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - D:\12Ghosts\12popup.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Ad Muncher] D:\ADMUNCHER\ADMUNCH.EXE /bt
O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\WINDOWS\TEMP\~COMPOUNDINST0\AUTO_UPDATE_LOADER.EXE"
O4 - HKLM\..\Run: [Flaw Dog] C:\ARQUIV~1\MIXMAI~1\Pollbait.exe
O4 - HKLM\..\RunServices: [12Ghosts TrayProtect] D:\12GHOSTS\12srvc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: MyVitalAgent.lnk = C:\Arquivos de programas\myvitalagent8\VitalAgent\Program\VtlAgent.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download with GetRight - D:\Arquivos de programas\getright502\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\Arquivos de programas\getright502\GRbrowse.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ComVC (HKCU)
O12 - Plugin for .spop: C:\ARQUIV~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O19 - User stylesheet: C:\WINDOWS\color.css
I am quite fed up with spyware , this time : http://prosearching.com/searchbar.html
(IŽd wish to have a valid email to call a bit of names to such [Moderator's edit: Please keep it clean, we ask that our members not use profanity in these forums- thanks]
is there any safe tutorial on how to get rid of IE hijacking (cwshredder has got 2 links where there are explanations on how to uninstall java virtual machine and others items which allow hijacking )
In this meantime , perhaps any of you could assist me to clear my system out of this rubbish (what the h e l l is that : C:\ARQUIVOS DE PROGRAMAS\MIX MAIL LOVE\POLLBAIT.EXE)
Here youŽve got the Logfile :
HijackThis v1.97.7
Scan saved at 1:00:59, on 23/04/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
D:\12GHOSTS\12SRVC.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\ADMUNCHER\ADMUNCH.EXE
C:\ARQUIVOS DE PROGRAMAS\MIX MAIL LOVE\POLLBAIT.EXE
C:\ARQUIVOS DE PROGRAMAS\MYVITALAGENT8\VITALAGENT\PROGRAM\VTLAGENT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\ARQUIVOS DE PROGRAMAS\MSN MESSENGER\MSNMSGR.EXE
D:\CHATBROWSER4.0\CB_4001.EXE
C:\ARQUIVOS DE PROGRAMAS\SYSAI\SYSAI.EXE
D:\!DOWNLOAD\!_HIJACK_CLEAN\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Multi Media Marketing
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://home.uol.com.br/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\ACROBATREADER\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {00000000-0007-5041-4354-0020e48020af} - D:\12Ghosts\12popup.dll
O2 - BHO: (no name) - {904071B0-0D97-86B7-E2E8-38105E672165} - C:\ARQUIVOS DE PROGRAMAS\SOFTWARE 2 LONG\SEEK64.DLL
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\ARQUIVOS DE PROGRAMAS\SYSAI\APROPOSPLUGIN.DLL
O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - D:\12Ghosts\12popup.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Ad Muncher] D:\ADMUNCHER\ADMUNCH.EXE /bt
O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\WINDOWS\TEMP\~COMPOUNDINST0\AUTO_UPDATE_LOADER.EXE"
O4 - HKLM\..\Run: [Flaw Dog] C:\ARQUIV~1\MIXMAI~1\Pollbait.exe
O4 - HKLM\..\RunServices: [12Ghosts TrayProtect] D:\12GHOSTS\12srvc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: MyVitalAgent.lnk = C:\Arquivos de programas\myvitalagent8\VitalAgent\Program\VtlAgent.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download with GetRight - D:\Arquivos de programas\getright502\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\Arquivos de programas\getright502\GRbrowse.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ComVC (HKCU)
O12 - Plugin for .spop: C:\ARQUIV~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O19 - User stylesheet: C:\WINDOWS\color.css
Last edited by DMR : Apr 23rd, 2004 at 3:29 pm.
•
•
Join Date: Feb 2002
Location: Lawn Guylen, NY
Posts: 10,901
Reputation:
Rep Power: 32
Solved Threads: 117
I'm moving this to our one-day old Security forum 
for all your hijacking needs 
for all your hijacking needs Dani the Computer Science Gal
Do you run a computer-related website? Feature it in our niche link directory!
Do you run a computer-related website? Feature it in our niche link directory!
•
•
Join Date: Feb 2004
Location: Oztralya
Posts: 7,812
Reputation:
Rep Power: 22
Solved Threads: 431
Hi. Close all (browser) windows & have HJT fix these entries by placing a check in the appropriate box=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html
O2 - BHO: (no name) - {904071B0-0D97-86B7-E2E8-38105E672165} - C:\ARQUIVOS DE PROGRAMAS\SOFTWARE 2 LONG\SEEK64.DLL
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\ARQUIVOS DE PROGRAMAS\SYSAI\APROPOSPLUGIN.DLL
O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\WINDOWS\TEMP\~COMPOUNDINST0\AUTO_UPDATE_LOADER.EXE"
Reboot into safe mode following the instructions here & navigate to & delete
C:\ARQUIVOS DE PROGRAMAS\SYSAI< this one
C:\ARQUIVOS DE PROGRAMAS\SOFTWARE 2 LONG< this one
C:\WINDOWS\TEMP< entire contents of folder
Reboot normally & you should be good.
Close all (browser) windows & have HJT fix these entries by placing a check in the appropriate box=R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html
O2 - BHO: (no name) - {904071B0-0D97-86B7-E2E8-38105E672165} - C:\ARQUIVOS DE PROGRAMAS\SOFTWARE 2 LONG\SEEK64.DLL
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\ARQUIVOS DE PROGRAMAS\SYSAI\APROPOSPLUGIN.DLL
O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\WINDOWS\TEMP\~COMPOUNDINST0\AUTO_UPDATE_LOADER.EXE"
Reboot into safe mode following the instructions here & navigate to & delete
C:\ARQUIVOS DE PROGRAMAS\SYSAI< this one
C:\ARQUIVOS DE PROGRAMAS\SOFTWARE 2 LONG< this one
C:\WINDOWS\TEMP< entire contents of folder
Reboot normally & you should be good.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
•
•
Join Date: Feb 2004
Location: Oztralya
Posts: 7,812
Reputation:
Rep Power: 22
Solved Threads: 431
Also remove this with hijack this & remove the folder whilst in safe mode too.
O4 - HKLM\..\Run: [Flaw Dog] C:\ARQUIV~1\MIXMAI~1\Pollbait.exe
C:\ARQUIV~1\MIXMAI~1< this one in safe mode.
O4 - HKLM\..\Run: [Flaw Dog] C:\ARQUIV~1\MIXMAI~1\Pollbait.exe
C:\ARQUIV~1\MIXMAI~1< this one in safe mode.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
•
•
Join Date: Feb 2004
Location: Oztralya
Posts: 7,812
Reputation:
Rep Power: 22
Solved Threads: 431
A few tips to stay relatively clean.
Download & instal Adaware from here
& update it B4 scanning.
In settings under 'scanning,' have it set to
'scan within archives,'
'scan active processes,'
'scan registry,'
'deepscan registry'
'scan my IE Favourites for banned URL's,'
'scan my host's file.'
Also in tweaks under 'cleaning engine' set it to 'Automatically try to unregister objects prior to deletion.'
When the scan is finished select 'next.'
Remove what it finds by placing a check in the box to the left of the object. Reboot
Download & instal Spybot S&D from here Update it B4 scanning. Go into settings & have it check for Beta releases also & download if available.
After the scan is complete, have spybot fix everything marked RED.
On the page that first opens when you start Spybot there is an option to immunise, you should do this. In the immunise section there is also a link to download Spywareblaster. Download that & you can keep it updated by selecting the same link that you use to download it. Reboot
Check out the "So how did I get infected to start with..." thread here
Download & instal Adaware from here
& update it B4 scanning.
In settings under 'scanning,' have it set to
'scan within archives,'
'scan active processes,'
'scan registry,'
'deepscan registry'
'scan my IE Favourites for banned URL's,'
'scan my host's file.'
Also in tweaks under 'cleaning engine' set it to 'Automatically try to unregister objects prior to deletion.'
When the scan is finished select 'next.'
Remove what it finds by placing a check in the box to the left of the object. Reboot
Download & instal Spybot S&D from here Update it B4 scanning. Go into settings & have it check for Beta releases also & download if available.
After the scan is complete, have spybot fix everything marked RED.
On the page that first opens when you start Spybot there is an option to immunise, you should do this. In the immunise section there is also a link to download Spywareblaster. Download that & you can keep it updated by selecting the same link that you use to download it. Reboot
Check out the "So how did I get infected to start with..." thread here
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
|
•
•
•
•
•
•
•
•
DaniWeb Viruses, Spyware and other Nasties Marketplace
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Hybrid Mode
•
•
•
•
adware code complete information css defender development div dreamweaver firefox google checkout google checkout vat html html api im javascript legal malware mcafee microsoft new folder new viruses news nhatquanglan reliability search security software spyware survey svchost symantec tables virus viruses vista w3c web windows wysiwyg xml
- JoeOneEye- prosearching.com problem (Viruses, Spyware and other Nasties)
- hijackthis log(help with prosearching) (Viruses, Spyware and other Nasties)
- prosearching.com/ passthrough/index (Web Browsers)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Tc1 Post List.... hijackthis results
- Next Thread: Virus, Adware, or just explorer causing malfunctions-res://mshp.dll/http_404.htm
