•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 391,768 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 3,159 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Viruses, Spyware and other Nasties advertiser:
Views: 1339 | Replies: 13
![]() |
The 3 things at the bottom won't go away ive tried and tried i had 101 other things on it but I got rid of those. Is this bad?
Logfile of HijackThis v1.98.2
Scan saved at 7:58:05 PM, on 8/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\HTMPLA~1\axis wait.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\gcesrmpc.exe
C:\docume~1\owner\locals~1\temp\taCQu.exe
C:\WINNT\SM1BG.EXE
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\WINNT\wt\updater\wcmdmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WebSphere\AppServer\installedApps\cfusion.ear\cfusion.war\WEB-INF\cfusion\db\slserver52\bin\swagent.exe
C:\WebSphere\AppServer\installedApps\cfusion.ear\cfusion.war\WEB-INF\cfusion\db\slserver52\bin\swstrtr.exe
C:\WebSphere\AppServer\installedApps\cfusion.ear\cfusion.war\WEB-INF\cfusion\db\slserver52\bin\swsoc.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Macromedia\Flash Communication Server MX\FlashComAdmin.exe
C:\WINNT\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\Emis.exe
C:\WINNT\System32\Bpr5o82k.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ix0hs42o.slt\prefs.js)
O4 - HKLM\..\Run: [2SWZKN82R5K47C] C:\WINNT\System32\Pvd8k13.exe
O4 - HKLM\..\Run: [owns dart] C:\PROGRA~1\HTMPLA~1\axis wait.exe
Logfile of HijackThis v1.98.2
Scan saved at 7:58:05 PM, on 8/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\HTMPLA~1\axis wait.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\gcesrmpc.exe
C:\docume~1\owner\locals~1\temp\taCQu.exe
C:\WINNT\SM1BG.EXE
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\WINNT\wt\updater\wcmdmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WebSphere\AppServer\installedApps\cfusion.ear\cfusion.war\WEB-INF\cfusion\db\slserver52\bin\swagent.exe
C:\WebSphere\AppServer\installedApps\cfusion.ear\cfusion.war\WEB-INF\cfusion\db\slserver52\bin\swstrtr.exe
C:\WebSphere\AppServer\installedApps\cfusion.ear\cfusion.war\WEB-INF\cfusion\db\slserver52\bin\swsoc.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Macromedia\Flash Communication Server MX\FlashComAdmin.exe
C:\WINNT\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\Emis.exe
C:\WINNT\System32\Bpr5o82k.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ix0hs42o.slt\prefs.js)
O4 - HKLM\..\Run: [2SWZKN82R5K47C] C:\WINNT\System32\Pvd8k13.exe
O4 - HKLM\..\Run: [owns dart] C:\PROGRA~1\HTMPLA~1\axis wait.exe
•
•
Join Date: May 2004
Location: Boston,MA
Posts: 1,362
Reputation:
Rep Power: 7
Solved Threads: 16
spybot search and destroy if using internet explorer then try mozilla which has better pop up blocking tech in it or if u dont want mozilla then get panicware popup stopper. When sp2 is finally released in its full version the internet explorer has a pop up blocking.
One question is this happening while browsing or just connected to the internet?
One question is this happening while browsing or just connected to the internet?
•
•
Join Date: Feb 2004
Location: Oztralya
Posts: 7,637
Reputation:
Rep Power: 22
Solved Threads: 415
You got the peper trojan. Once you run the following tool you may want to post the entire log. You have other stuff that I can see that needs to be removed.
Clear the contents of the following folder in safe mode;
C:\docume~1\owner\locals~1\temp
In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.
Uninstal *Mywebsearch* from add remove programs. Also uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, run this uninstaller:
http://lop.com/new_uninstall.exe
Download the PeperFix.exe tool from here:
http://downloads.subratam.org/PeperFix.exe
Click on the PeperFix.exe to launch it.
Click the Find and Fix button.
It will scan the %Systemroot% folder and locate all the peper files. You will be prompted to reboot. Reboot and it will delete the peper files.
Ensure that you are online before starting the fix. Make sure to run the fix twice.
Clear the contents of the following folder in safe mode;
C:\docume~1\owner\locals~1\temp
In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.
Uninstal *Mywebsearch* from add remove programs. Also uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, run this uninstaller:
http://lop.com/new_uninstall.exe
Download the PeperFix.exe tool from here:
http://downloads.subratam.org/PeperFix.exe
Click on the PeperFix.exe to launch it.
Click the Find and Fix button.
It will scan the %Systemroot% folder and locate all the peper files. You will be prompted to reboot. Reboot and it will delete the peper files.
Ensure that you are online before starting the fix. Make sure to run the fix twice.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
•
•
Join Date: Feb 2004
Location: Oztralya
Posts: 7,637
Reputation:
Rep Power: 22
Solved Threads: 415
Merged your two threads. Please do not post in more than one forum with the same problem
. Thank you.
. Thank you. Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
•
•
Join Date: Feb 2004
Location: Oztralya
Posts: 7,637
Reputation:
Rep Power: 22
Solved Threads: 415
Both issues are spyware related. Peper trojan is bundled with memorywatcher.
From the vendor: "By installing the Memory Watcher Software on your computer, you understand that: (i) Several ADVERTISING CONSOLES may be launched for the duration of time you spend online."
From the vendor: "By installing the Memory Watcher Software on your computer, you understand that: (i) Several ADVERTISING CONSOLES may be launched for the duration of time you spend online."
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
![]() |
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
•
•
•
•
•
•
•
•
DaniWeb Viruses, Spyware and other Nasties Marketplace
- Previous Thread: Bridge.dll
- Next Thread: logfile



Linear Mode