User User name Password  
   
Sunday 22.12.2024 / 00:12
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > do you have adware, spyware, virus/trojan or a browser hijacker?
Show topics
 
Forums
Forums
Do you have Adware, Spyware, Virus/Trojan or a Browser Hijacker?
  Jump to:
 
Posted Message
eLeCTR0n
Member
_
8. September 2005 @ 16:21 _ Link to this message    Send private message to this user   
you're welcome, come back if you ever need to
Advertisement
_
__
Glitched
Suspended permanently
_
25. September 2005 @ 12:27 _ Link to this message    Send private message to this user   
Hey guys can you help me out, my problem is that some thing called intel32.exe keeps on loading at startup, so i decided to go 2 msconfig and turn it off, It hasnt been a problem to me ever scince so i left it alone,but one day i thought i should remove that crap permanenty So i used ad aware and Spybot search and destroy to remove it and it did but them when i rebooted my cpu it came again so i disabled it now, now sumthing else comes up called psguard its a spyware action to clean your cpu so i deleted all my files with that thing on it.....how do i permentantly destroy those two



Sig Created Phantom69
crxshn
Newbie
_
6. October 2005 @ 00:51 _ Link to this message    Send private message to this user   
Hi

I just ran a Trend micro House Call check.... and it turn out that i have some trojans -
TROJ PUPER.AO - \system32\itmon.exe
TROJ PUPER.AQ - \system32\itmonp.exe
TROJ PUPER.AQ - \popuper.exe

how can i remove these virus? i had nortons but that expired & i dont have the rego stuff to renew
any other programs to recommend?
ddp
Moderator
_
6. October 2005 @ 07:12 _ Link to this message    Send private message to this user   
housecall didn't delete those files? did it give you an option to do something about that?
download, update & run in this order
ccleaner http://www.ccleaner.com/
cwshredder http://www.intermute.com/products/cwshredder.html
ad-aware se http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-...
spybot s&d http://www.majorgeeks.com/download2471.html
do an online virus & spyware scan with this link
http://housecall60.trendmicro.com/en/start_corp.asp
avg7 free edition http://free.grisoft.com/doc/2/lng/us/tpl/v5
eLeCTR0n
Member
_
6. October 2005 @ 16:47 _ Link to this message    Send private message to this user   
worst case search for the files and delete them yourself

troman12
Member
_
12. October 2005 @ 03:12 _ Link to this message    Send private message to this user   
Use NOD32. If it still does not work take backup and format your drive.
crxshn
Newbie
_
12. October 2005 @ 03:28 _ Link to this message    Send private message to this user   
thanks ddp and troman12....whats NOD32?
troman12
Member
_
12. October 2005 @ 04:16 _ Link to this message    Send private message to this user   
It's an anti virus. The best thing to do to is low level format your drive:

Take backup by putting another harddisk and copying your files or something and do this:

1) If you have a win98 Boot up disk then start your computer wit it.
2) Type debug then type the following:

-F 200 L1000 0 <enter>
-A CS:100 <enter>
xxxx:0100 MOV AX,301 <enter>
xxxx:0103 MOV BX,200 <enter>
xxxx:0106 MOV CX,1 <enter>
xxxx:0109 MOV DX,80 <enter>
(80 for hd 0 or 81 for hd 1 )
xxxx:010C INT 13 <enter>
xxxx:010E INT 20 <enter>
xxxx:0110 <enter>
-g <enter>
It will say Program terminated normally
-q<enter>
ddp
Moderator
_
12. October 2005 @ 17:33 _ Link to this message    Send private message to this user   
if want to low level format your hd than get the program from the hd manufacturer.
troman12
Member
_
12. October 2005 @ 20:12 _ Link to this message    Send private message to this user   
Hi

For performing Low Level format you can either use the codes or use the Hard Disk manufacturer's software.
For seagate you can use the disc utility given by them.
But they dont have low level format ibn the 2005 version.
j6stik
Suspended due to non-functional email address
_
19. October 2005 @ 19:45 _ Link to this message    Send private message to this user   
Hey.

Earlier today a Norton AntiVirus "Virus Alert" popped up on my computer that says:
"Norton AntiVirus has detected and remoced a virus from your computer
Object Name..........C:\WINDOWS\TEMP\TMP%%%%.TMP
Virus Name...........IRC.Backdoor.Trojan
Action Taken.........The file was automatically deleted."

The %%%% displays a four digit group of letters and numbers from 1-9 and then from A-F after 1-9. Every time I click okay, another window pops up, but the number goes up one. So far I've clicked okay about 500 times (at least; literally) and it just keeps popping up with another window. Can someone tell me wether or not this means I still have a virus on my computer, or if Norton got rid of it, how I don't have to sit through clicking that box probably about 15,000 times?
ddp
Moderator
_
20. October 2005 @ 11:49 _ Link to this message    Send private message to this user   
j6stik
Suspended due to non-functional email address
_
20. October 2005 @ 14:07 _ Link to this message    Send private message to this user   
I ran a few of those programs and restarted my computer again and things seem to be back to normal now. Thanks! :)
ddp
Moderator
_
20. October 2005 @ 14:10 _ Link to this message    Send private message to this user   
no problem, teach & learn
nomonster
Newbie
_
1. November 2005 @ 18:13 _ Link to this message    Send private message to this user   
hey everyone! this thread has been super useful but i have one question. i seem to have a .dll hijacker (wingenerics.dll) somewhere on my computer, that adware away cant take care of.
i dont know what to do! ive ran spybot, spysweeper, adwear away and adadware(sp?). the computer turns off from time to time when i try to remove certain files (especially through that "housecall" thing.
this is my moms computer and she usually browzes the web through google (i always tell her not to) and she must have picked something up :/
oh this might help:
windowsXP with avantbrowser(ie)
i keep getting tons of popups from "ad-w-a-r-e.com" or something
and i keep getting a popup saying that
SUBJECT BAR: qmgis11n.exe - bad image
BODY: The application or DLL c:\program files\setahoo!\wingenerics.dll is not a valid windows image. please check this against your installation diskette.

this is my hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:12:00 PM, on 11/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avant Browser\avant.exe
C:\hjt\HijackThis.exe

O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant

Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program

Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant

Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant

Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -

C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -

http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) -

http://thesims.ea.com/teleport/hotdate/NPC/MaxisHotDateTeleX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} -

http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

http://software-dl.real.com/220ae2f7f66caedcd122/netzip/RdxIE601.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) -

http://thesims.ea.com/teleport/superstar/MaxisSuperstarTeleX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...

130896773750
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -

http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) -

http://thesims.ea.com/teleport/unleashed/LOT/MaxisUnleashedLotTel...
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -

http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) -

https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -

http://a19.g.akamai.net/7/19/7125/1451/ftp.coupons.com/r3302/cpbr...
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) -

http://thesims.ea.com/teleport/families/MaxisSimsFamilyTeleX.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl

Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) -

http://livesc03.rightnowtech.com/5571-b301h/rnl/java/RntX.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) -

http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) -

http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -

http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\gp8sl3l71.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe

(file missing)
O23 - Service: lxbt_device - Lexmark International, Inc. -

C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. -

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB

Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

can anybody help??
thanks in advance! oh and feel free to ask for more info!


help meeeee

This message has been edited since posting. Last time this message was edited on 1. November 2005 @ 18:17

troman12
Member
_
1. November 2005 @ 18:37 _ Link to this message    Send private message to this user   
Hi
You seem to have those sites opening right. Like adwave.com and a-d-w-a-r-e.com or something. Run CCleaner and then scan with norton,Microsoft antispyware and also check your hosts file with Microsoft antispyware for that thing. If it is there block it or permanently delete it. And then run another scan with norton.
nomonster
Newbie
_
2. November 2005 @ 02:37 _ Link to this message    Send private message to this user   
hey thanks so much im going to do that now :)

help meeeee
hopper393
Junior Member
_
17. November 2005 @ 15:23 _ Link to this message    Send private message to this user   
Can I jump in on this thread and get a little knowledge...so that I can help a close friend of mine out....myself I am fairly new to computors...but..
heres the deal ...she picked up C:\oo.exe
Trojan horseIRS/BackDoor.SdBot.MYX
Win32.Rbot.DZS
atleast thats what avg free version says it is....but can't delete or put in the vault....due to it not letting her have access...also it is useing limewire to go out the door....its starting limewire to open and run on the loading of windows....even with it turned off...uninstalled lime wire...wasnt showing in add and remove programs....but after reboot...it starts lime wire...and still no lime wire in the add and remove ....either windows add and remove ...or showing in CCleaner programs...also when she goes to the task bar and tries to bring up her task manager it wont open...thought might kill the program there long enough to delete or move to vault....help...anybody know a way to get this out....
One other thing I had her DL F-Secure-F-Bot-cleaner-tool..checked she didn't have restore on so had her run it....memory said nothing found...then went to doing her files...now instead of running all the way out and then haveing her hit a key to exit....it just disappered off her screen....I spent maybe three or four hours with her on the phone trying to help her yesterday...and been trying to find something to get this out ....and when I do...what do I need to help her do to get the task manager to opening up so I can teach her how to use it too....and by the way people ....I will link her into the site and let her read on her own....but will also help walk her through it on the phone while she does it.....
Let me say thanks a head of time......

just an old highway tramp
----Bill---
Senior Member
_
17. November 2005 @ 16:21 _ Link to this message    Send private message to this user   
to remove limewire i'd say go to my computer then to your local disk then find the folder that says programs click that, find limewire and remove it from their.
as for this trojan try http://housecall60.trendmicro.com/en/start_corp.asp?id=scan

its a free online virus scan... and pretty powerful...
hopper393
Junior Member
_
17. November 2005 @ 16:38 _ Link to this message    Send private message to this user   
okay will send her that way...but guess I wasn't quit clear as when I said I had her uninstall lime wire....we also deleted all lime wire folders....not only from the hive but also used windows search and deleted any we missed....and even after the un install and the wipeing of all folders....when she rebooted...here lime wire pops open....but yet doesnt show up in the programs ...and before I had her un install ...I had her make sure that lime was not set to start with windows and only connect manually.... like I just said I will get her to try the link you just said,,,,....
But I am still wondering why task manager won't open ....thought might be able to kill the process long enough there to delete the file....and as far as I know she has never had her restore point turned on so don't have to worry about the files popping back up from there.....anyway....
Thanks and will get in touch with her and see if house cleaning works.....

just an old highway tramp
----Bill----
Senior Member
_
17. November 2005 @ 17:36 _ Link to this message    Send private message to this user   
i think task manager isn't working cuz of the virus, use that link and remove the virus, then try, it should work, then remove lime wire from task maneger and it will hopfully stop

This message has been edited since posting. Last time this message was edited on 17. November 2005 @ 17:38

hopper393
Junior Member
_
17. November 2005 @ 18:13 _ Link to this message    Send private message to this user   
We will give it a try as soon as she gets back home......right now she is at walmart picking up norton system works....guess this woke her up to the fact that yahoo sbc isn't as protected as she thought...and maybe we can keep her husband off the porn sites now that he had to cough up the cash for norton...hehehe....and stick to Dl what he wants to watch....anyway.....want to thank you again....and I have a feeling that we will have to use house call to get this out....between me and you ....I went and already checked it out ....and ran it on mine just to see before I passed it on to her...and I got norton system works in also....and she has a forward link sitting in her email right now......and supose to call as soon as she gets home....

THANKS AGAIN.........

just an old highway tramp
----Bill----
Senior Member
_
17. November 2005 @ 18:56 _ Link to this message    Send private message to this user   
norton sucks bad, avg is even better, i'd say don't use that trash..


use tune up tuneup utilities 2006 is way better, http://www.tune-up.com/
download the trial and see how it works.

o i had the 2005 version, ill upgrade aswell

This message has been edited since posting. Last time this message was edited on 17. November 2005 @ 18:57

ddp
Moderator
_
17. November 2005 @ 18:59 _ Link to this message    Send private message to this user   
Advertisement
_
__
 
_
Senior Member
_
17. November 2005 @ 19:16 _ Link to this message    Send private message to this user   
ok this thing is kind of rare

i think i found like some kind of security exploit or something or maybe it's just some kind of virus.

everytime when i restart my computer and i check my regristry under

Local Machine/Software/Microsoft/Security Center/Monitor/programs...

in the security center i found some registry file that disable my windows update, firewall, anti-virus; and in Tiny Firewall(i do use)under Monitor i also found a registry thing that diable monitoring, and same thing goes for Trend Micro also found that diable things. Everytime i deleted it. it appears also when i restart my computer.

One night when i'm doing a virus scan i found some viruses which i rarely get.

so is there a effectively way to get rid of this thing??

very strangely found same it on my desktop but when i delted on my desktop it's gone never see it again.

also i did ddp's scan, but none of them got it?

stop hoping, start loving.
 
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > do you have adware, spyware, virus/trojan or a browser hijacker?
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork