954,132 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
8 Years Ago
0

BlazeFind.Bridge

somhow, I have quite a lot of problems in my lately formated computer.
I run the spybot program and here are the results:
BlazeFind.Bridge: Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RunDLL
Windows Media Player: Client ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID=

--- Spybot-S&D version: 1.2 ---
2003-03-16 Includes\Temporary.sbi
2003-03-16 Includes\plugin-ignore.ini
2004-02-26 Includes\Cookies.sbi
2004-02-29 Includes\Dialer.sbi
2004-02-29 Includes\Hijackers.sbi
2004-02-26 Includes\Keyloggers.sbi
2004-02-29 Includes\Malware.sbi
2004-02-26 Includes\Security.sbi
2004-02-29 Includes\Spybots.sbi
2004-02-29 Includes\Trojans.sbi
2004-02-26 Includes\Tracks.uti
2004-03-09 Includes\Revision.sbi

and i have this BRIDGE.DLL missing massage at start-up.
Any help is appreciated

Mady
Junior Poster in Training
92 posts since Apr 2004
Reputation Points: 10
Solved Threads: 0
 
8 Years Ago
0

correction: sorry. I entered as administrator user and ran again the spybot and everything was fixed. Nevertheless, I still have problems:
When I start up I get the Error message: "Execution of the specified command has failed". and I have a strange problem with my Symantec AntiVirus. I try to open it (to update) but it keeps disapear after a second or even refuse to open up. I scaned my computer with Panda ActiveScan and the result was:

Incident Status Location
Virus:W32/Randon Disinfected Operating system
Virus:Bck/Sdbot.gen Renamed C:\WINNT\system32\wuaumgrd_exe.vir
Virus:Exploit/iFrame Disinfected C:\Documents and Settings\Smadar\Local Settings\Temporary Internet Files\Content.IE5\GX4XMVST\wbk6D.tmp
Virus:Trj/Downloader.L Disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\Belt.exe
Virus:W32/Netsky.P.worm Disinfected Local Folders\Deleted Items\Re: corrected\product_smaddar.zip[document.txt .exe]
Virus:W32/Netsky.P.worm Disinfected Local Folders\Inbox\Mail Delivery (failure [email="smaddar@netvision.net.il)message.scr"]smaddar@netvision.net.il)\message.scr[/email]

I have no idea how to deal with it.

The system is Microsoft winsows 2000 5.00.2195

Could you advise me?

Mady
Junior Poster in Training
92 posts since Apr 2004
Reputation Points: 10
Solved Threads: 0
 
8 Years Ago
0

Logfile of HijackThis v1.97.7
Scan saved at 13:20:37, on 26/04/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Barak013\fts.exe
C:\WINNT\system32\msmsn.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Barak013\FWPortal.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ynet.co.il/home/0,7340,L-8,FF.html
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [%FP%Barak013 fts.exe] "C:\Program Files\Barak013\fts.exe"
O4 - HKLM\..\Run: [Msg Fixage] msgfixed.exe
O4 - HKLM\..\Run: [Distributed Transaction Coordinator System] svchoct.exe
O4 - HKLM\..\Run: [Microsoft DirectX] SpoolServ.exe
O4 - HKLM\..\Run: [Microsoft MSN Service] msmsn.exe
O4 - HKLM\..\Run: [boy] c:\winnt\fonts\fonts\Windows.exe
O4 - HKLM\..\Run: [w0ndz] C:\WINNT\system32\f4k3\kolder.exe C:\WINNT\system32\f4k3\dirote.exe
O4 - HKLM\..\RunServices: [Msg Fixage] msgfixed.exe
O4 - HKLM\..\RunServices: [Microsoft DirectX] SpoolServ.exe
O4 - HKLM\..\RunServices: [Microsoft MSN Service] msmsn.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Msg Fixage] msgfixed.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38094.413587963
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D788EA0-403D-4FEE-A520-95B2284A14B0}: NameServer = 212.150.48.169 206.49.94.234

Mady
Junior Poster in Training
92 posts since Apr 2004
Reputation Points: 10
Solved Threads: 0
 
8 Years Ago
0

First up, you've got worms. Go here for an on-line scan & set it to autoclean for you.

When done get some info on this file "C:\Program Files\Barak013\fts.exe< this one & whatever else is in the same folder with it please.

Post new log with the info & also what the virus scan found.

crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
 
8 Years Ago
0

The virus scan found:
DOS AGOBOT.HM NonCleanable C:\WINNT\system32\drivers\etc
TROJ HIDEWND.A NonCleanable C:\WINNT\Fonts\Fonts\sox.exe

should I delete these files?

Barad013 is my network connection. What kind of info do you need?

Logfile of HijackThis v1.97.7
Scan saved at 15:01:39, on 26/04/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Barak013\fts.exe
C:\WINNT\system32\msmsn.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Barak013\FWPortal.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ynet.co.il/home/0,7340,L-8,FF.html
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [%FP%Barak013 fts.exe] "C:\Program Files\Barak013\fts.exe"
O4 - HKLM\..\Run: [Distributed Transaction Coordinator System] svchoct.exe
O4 - HKLM\..\Run: [Microsoft MSN Service] msmsn.exe
O4 - HKLM\..\Run: [boy] c:\winnt\fonts\fonts\Windows.exe
O4 - HKLM\..\Run: [w0ndz] C:\WINNT\system32\f4k3\kolder.exe C:\WINNT\system32\f4k3\dirote.exe
O4 - HKLM\..\RunServices: [Microsoft MSN Service] msmsn.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38094.413587963
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D788EA0-403D-4FEE-A520-95B2284A14B0}: NameServer = 212.150.48.169 206.49.94.234

Mady
Junior Poster in Training
92 posts since Apr 2004
Reputation Points: 10
Solved Threads: 0
 
8 Years Ago
0

Yes, delete the files. The info you gave is sufficient thanx. I wasn't sure what that Barad013 was.

Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder & not on the desktop). Close all (browser) windows & have HJT fix these entries by placing a check in the appropriate box=

R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: Shell=

O4 - HKLM\..\Run: [Distributed Transaction Coordinator System] svchoct.exe
O4 - HKLM\..\Run: [Microsoft MSN Service] msmsn.exe
O4 - HKLM\..\Run: [boy] c:\winnt\fonts\fonts\Windows.exe
O4 - HKLM\..\Run: [w0ndz] C:\WINNT\system32\f4k3\kolder.exe C:\WINNT\system32\f4k3\dirote.exe
O4 - HKLM\..\RunServices: [Microsoft MSN Service] msmsn.exe

Reboot into safe mode following the instructions here & navigate to & delete

c:\winnt\fonts\fonts\Windows.exe< this one
C:\WINNT\system32\f4k3< this folder

Reboot normally after doing the above then post a fresh log plz.

crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
 
8 Years Ago
0

done :)


Logfile of HijackThis v1.97.7
Scan saved at 19:03:56, on 26/04/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Barak013\fts.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Barak013\FWPortal.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ynet.co.il/home/0,7340,L-8,FF.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [%FP%Barak013 fts.exe] "C:\Program Files\Barak013\fts.exe"
O4 - HKLM\..\RunServices: [Microsoft MSN Service] msmsn.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38094.413587963
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D788EA0-403D-4FEE-A520-95B2284A14B0}: NameServer = 212.150.48.169 206.49.94.234

How does it look?

Mady
Junior Poster in Training
92 posts since Apr 2004
Reputation Points: 10
Solved Threads: 0
 
8 Years Ago
0

Looks good now. Need to get yourself a firewall. Zone alarm or sygate provide free versions.

crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
 
8 Years Ago
0

Thanks a lot
It was a real pleasure
and I realy appriciate your help

Mady
Junior Poster in Training
92 posts since Apr 2004
Reputation Points: 10
Solved Threads: 0
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed