I came about this site in hopes of gaining info and assistance to rid my home computer of the quite irretating yellow triangle w/ exclamation mark... telling me "Security Alert: Spyware found - Your computer is infected with last version of PSW.x-Vir trojan....etc..etc.

Attached is the log that I come up with from following the Highjack this download.


Thanks again, Duane

Logfile of HijackThis v1.99.1
Scan saved at 1:11:45 PM, on 11/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\QualityCodec\isamonitor.exe
C:\Program Files\QualityCodec\pmsngr.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinMXDownloadWinMX3.exe
C:\Program Files\QualityCodec\pmmon.exe
C:\Program Files\QualityCodec\isamini.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\highjack this\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Program Files\QualityCodec\isaddon.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\RunOnce: [ypagerps] cmd.exe /C del "C:\PROGRA~1\Yahoo!\MESSEN~1\ypagerps.dll"
O4 - Global Startup: WinMXDownloadWinMX3.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4079309-B495-4470-B566-3E0005C83D9F}: NameServer =
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

hey i got the same thing. i ran kaspersky twice, and after the scan it says "All threats have been removed", but that little yellow alert with "Security Alert: Spyware found" keeps coming up.

Have you found any way to get rid of this?? I have it also I and I have tried everything also. Just a ploy to make you buy another spyware program-It is driving me crazy

i hate to be pessemistic, but in this case i ended up throwin in the towel and reformatting the drives.

I just did a smitfraud fix and it seems to have worked. I am so sorry you had to go through with this. If others want to knowhow do i post the fix for them?? Thanks

Hii- There is a download which is free(NOTHING TO BUY) and I did it. I believe it is fixed. Go to Smitfraudfix (by S!Ri) Extract the content to your desktop. I got this from another person somewhere here I think- but I cannot seem to find the original post Open SmitfraudFix folder and double click smitfraudfix.cmd the follow directions. Hope this helps.Thanks to the guy who posted this but I cannot find it because I had to close my windows.
Thanx S:)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.