•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 426,182 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 1,797 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Viruses, Spyware and other Nasties advertiser: Programming Forums
Views: 3872 | Replies: 9 | Solved
 |
•
•
Join Date: Jun 2004
Posts: 5
Reputation: 
Rep Power: 0
Solved Threads: 0
Newbie Poster
Warning you're in Danger - Spyware Problem Hello,
Im having some problems with my computer, when i rebooted my computer i'm getting a desktop with WARNING You're in Danger , secure yourself right now .. (linked to a company called: smart-security.info) it's spyware but i don't know i can delete it.
My startup page from IE is also changed because of this ad.
My computer is also very slow now..
Do someone know what I must do ?? Thanks.
Hijack Log:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\ojyxdm.exe
C:\WINDOWS\mstasks2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Downloads\hijackthis1977.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startpagina.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [easywww] C:\windows\easywww2.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [rqmvlr] C:\WINDOWS\System32\ojyxdm.exe
O4 - HKLM\..\Run: [ist service uninstall] C:\WINDOWS\mstasks2.exe /u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [wsock32] C:\WINDOWS\System32\wsock32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://cashsearch.biz/legal/x.chm::/load.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab27571.cab
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...8057.365474537
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
Im having some problems with my computer, when i rebooted my computer i'm getting a desktop with WARNING You're in Danger , secure yourself right now .. (linked to a company called: smart-security.info) it's spyware but i don't know i can delete it.
My startup page from IE is also changed because of this ad.
My computer is also very slow now..
Do someone know what I must do ?? Thanks.
Hijack Log:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\ojyxdm.exe
C:\WINDOWS\mstasks2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Downloads\hijackthis1977.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startpagina.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [easywww] C:\windows\easywww2.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [rqmvlr] C:\WINDOWS\System32\ojyxdm.exe
O4 - HKLM\..\Run: [ist service uninstall] C:\WINDOWS\mstasks2.exe /u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [wsock32] C:\WINDOWS\System32\wsock32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://cashsearch.biz/legal/x.chm::/load.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab27571.cab
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...8057.365474537
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
•
•
Join Date: Mar 2004
Location: Purmerend, Holland (near Amsterdam)
Posts: 381
Reputation:
Rep Power: 5
Solved Threads: 14
Posting Whiz
Are you a dutchman by any chance? I see you start your internet normally with startpagina.nl
But anyway, you are indeed infected.
First run Ad-aware6.0 and UPDATE accordingly with the [check for updates now] button and afterwards delete everything it finds. Especially bridge.dll
Perform an online virus scan at Trend Micro's Housecall. Remove every virus.
reboot
Download, install and UPDATE Spybot Search and Destroy. Scan and fix all items maked in RED.
reboot
And post your log here again.
But anyway, you are indeed infected.
First run Ad-aware6.0 and UPDATE accordingly with the [check for updates now] button and afterwards delete everything it finds. Especially bridge.dll
Perform an online virus scan at Trend Micro's Housecall. Remove every virus.
reboot
Download, install and UPDATE Spybot Search and Destroy. Scan and fix all items maked in RED.
reboot
And post your log here again.
- Yzk
•
•
Join Date: Jun 2004
Posts: 5
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
Yes im dutch .. :cheesy:
But i did already run ad-aware 6.0 with update.
But i'll do the things u said and post the log after that!
Thanks... :!:
But i did already run ad-aware 6.0 with update.
But i'll do the things u said and post the log after that!
Thanks... :!:
•
•
Join Date: Jun 2004
Posts: 5
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
Here 2 Screenshots of the problem (spyware) and the new hijack log file after some changes and after scanning spyware programs.
But stil have the problem... hope someone can help me, thanks :!:
http://www.baroyo.demon.nl/spyware1.jpg
http://www.baroyo.demon.nl/spyware2.jpg
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C
rogram FilesCommon FilesSymantec SharedccSetMgr.exe
Crogram FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
Crogram FilesNorton AntiVirusnavapsvc.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesCommon FilesSymantec SharedccApp.exe
Crogram FilesWinampwinampa.exe
C:WINDOWSSOUNDMAN.EXE
Crogram FilesJavaj2re1.4.2_03binjusched.exe
Crogram FilesMessenger Plus! 3MsgPlus.exe
C:WINDOWSSystem32ctfmon.exe
Crogram FilesU.S. Robotics 802.11g WLANUSRWLANG.exe
Crogram FilesMessengermsmsgs.exe
Crogram FilesInternet Exploreriexplore.exe
C:WINDOWSexplorer.exe
C
ownloadshijackthis1977.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.startpagina.nl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - Crogram FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [ccApp] "Crogram FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [WinampAgent] Crogram FilesWinampwinampa.exe
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck.exe
O4 - HKLM..Run: [QuickTime Task] "Crogram FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [SunJavaUpdateSched] Crogram FilesJavaj2re1.4.2_03binjusched.exe
O4 - HKLM..Run: [MessengerPlus3] "Crogram FilesMessenger Plus! 3MsgPlus.exe"
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = Crogram FilesMicrosoft OfficeOfficeOSA9.EXE
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab27571.cab
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...8057.365474537
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
But stil have the problem... hope someone can help me, thanks :!:
http://www.baroyo.demon.nl/spyware1.jpg
http://www.baroyo.demon.nl/spyware2.jpg
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C
rogram FilesCommon FilesSymantec SharedccSetMgr.exeC
rogram FilesCommon FilesSymantec SharedccEvtMgr.exeC:WINDOWSsystem32spoolsv.exe
C
rogram FilesNorton AntiVirusnavapsvc.exeC:WINDOWSSystem32svchost.exe
C
rogram FilesCommon FilesSymantec SharedccApp.exeC
rogram FilesWinampwinampa.exeC:WINDOWSSOUNDMAN.EXE
C
rogram FilesJavaj2re1.4.2_03binjusched.exeC
rogram FilesMessenger Plus! 3MsgPlus.exeC:WINDOWSSystem32ctfmon.exe
C
rogram FilesU.S. Robotics 802.11g WLANUSRWLANG.exeC
rogram FilesMessengermsmsgs.exeC
rogram FilesInternet Exploreriexplore.exeC:WINDOWSexplorer.exe
C
ownloadshijackthis1977.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.startpagina.nl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C
rogram FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C
rogram FilesNorton AntiVirusNavShExt.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [ccApp] "C
rogram FilesCommon FilesSymantec SharedccApp.exe"O4 - HKLM..Run: [WinampAgent] C
rogram FilesWinampwinampa.exeO4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck.exe
O4 - HKLM..Run: [QuickTime Task] "C
rogram FilesQuickTimeqttask.exe" -atboottimeO4 - HKLM..Run: [SunJavaUpdateSched] C
rogram FilesJavaj2re1.4.2_03binjusched.exeO4 - HKLM..Run: [MessengerPlus3] "C
rogram FilesMessenger Plus! 3MsgPlus.exe"O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C
rogram FilesMicrosoft OfficeOfficeOSA9.EXEO4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab27571.cab
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...8057.365474537
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
•
•
Join Date: Feb 2004
Location: Oztralya
Posts: 7,816
Reputation:
Rep Power: 22
Solved Threads: 431
Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :
R0 - HKCUSoftwareMicrosof tInternet ExplorerMain,Start Page = C:WINDOWSsecure.html
R1 - HKCUSoftwareMicrosof tInternet ExplorerMain,Default _Page_URL = C:WINDOWSsecure.html
R0 - HKLMSoftwareMicrosof tInternet ExplorerMain,Start Page = C:WINDOWSsecure.html
R1 - HKLMSoftwareMicrosof tInternet ExplorerMain,Default _Page_URL = C:WINDOWSsecure.html
R0 - HKCUSoftwareMicrosof tInternet ExplorerMain,Local Page = C:WINDOWSsecure.html
R0 - HKLMSoftwareMicrosof tInternet ExplorerMain,Local Page = C:WINDOWSsecure.html
R0 - HKCUSoftwareMicrosof tInternet ExplorerToolbar,Link sFolderName = Koppelingen
Uninstall Messenger Plus as it comes with LOP. You can reinstall it without the sponsor.
R0 - HKCUSoftwareMicrosof tInternet ExplorerMain,Start Page = C:WINDOWSsecure.html
R1 - HKCUSoftwareMicrosof tInternet ExplorerMain,Default _Page_URL = C:WINDOWSsecure.html
R0 - HKLMSoftwareMicrosof tInternet ExplorerMain,Start Page = C:WINDOWSsecure.html
R1 - HKLMSoftwareMicrosof tInternet ExplorerMain,Default _Page_URL = C:WINDOWSsecure.html
R0 - HKCUSoftwareMicrosof tInternet ExplorerMain,Local Page = C:WINDOWSsecure.html
R0 - HKLMSoftwareMicrosof tInternet ExplorerMain,Local Page = C:WINDOWSsecure.html
R0 - HKCUSoftwareMicrosof tInternet ExplorerToolbar,Link sFolderName = Koppelingen
Uninstall Messenger Plus as it comes with LOP. You can reinstall it without the sponsor.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
•
•
Join Date: Jun 2004
Posts: 5
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
Thanks for the help guys! 
•
•
Join Date: Feb 2004
Location: Oztralya
Posts: 7,816
Reputation:
Rep Power: 22
Solved Threads: 431
Did that solve your problem??
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
•
•
Join Date: Mar 2004
Location: Purmerend, Holland (near Amsterdam)
Posts: 381
Reputation:
Rep Power: 5
Solved Threads: 14
Posting Whiz
nice to see another dutchmen!
- Yzk
•
•
Join Date: Jun 2004
Posts: 5
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
Yes it's solved , but i start up in safe mode and delete the lines from hijack this and reboot my pc.
After that i had still that desktop u see on the screenshot .. I delete that via desktop options in configration screen and changed the desktop options and it was gone!
But thanks again guys!
ps. hup Holland hup
After that i had still that desktop u see on the screenshot .. I delete that via desktop options in configration screen and changed the desktop options and it was gone!
But thanks again guys!
ps. hup Holland hup
|
•
•
•
•
•
•
•
•
DaniWeb Viruses, Spyware and other Nasties Marketplace
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Linear Mode
- Previous Thread: IE Hompage hijacked, tried PestPatrol, SpyBot 1.3, Virus scan
- Next Thread: Hijacked Repeatedly "about:blank" - Please Help
