Yet another w32.Myzor.FK@yf report [page 2/2]

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Saturday 8.3.2025 / 19:23

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > yet another w32.myzor.fk@yf report

Browse by topic

Forums

Start a new thread

Yet another w32.Myzor.FK@yf report

Jump to:

Posted

Message

Page:	< Previous	1	2

Niobis

Senior Member

8. October 2006 @ 18:41

Link to this message

Quote:
All the HijackThis files were deleted. Should I delete the backups?

Yes, do that now.

Quote:
But why FlashGet?

FlashGet is not Adobe Flash. It is adware/spyware.

Quote:
Oh, and why is SmitFraudFix potentially unwanted?

process.exe is a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

---------------------------------
Delete everything in this folder.
D:\Users\May\Local Settings\Temporary Internet Files

Everything looks good now. Except...

O17 - HKLM\System\CCS\Services\Tcpip\..\{739BF830-B850-4E9A-8235-494463629916}: NameServer = 209.226.175.223,198.235.216.134
O17 - HKLM\System\CCS\Services\Tcpip\..\{A75F5322-619F-46BB-945B-55E80FEA1EFD}: NameServer = 67.69.184.148 206.47.244.56

If either of those is not your ISP, delete it. Ask them if needed. I'm sure one was for the keylogger.

Remember to change all your passwords to all online accounts.

How are things?

[ + quote]

Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

Fredil

Member

9. October 2006 @ 06:45

Link to this message

Hrm... is this a problem? My mouse keeps flashing between the "pointer" mouse and the "working in background" mouse.

Also, http://www.freewebs.com/dracanis/untitled.PNG but I don't think that's a big problem.

All passwords changed.

HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 10:56:45 AM, on 09/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Fred\Desktop\Computer Fixers and Antivirus\hijackthis\scanme.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll...B_PVER}&ar=home
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [Synchronization Agent] "C:\Program Files\Sync Manager Demo\agent\syncagent.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1160272672732
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1160272666920
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{739BF830-B850-4E9A-8235-494463629916}: NameServer = 209.226.175.223,198.235.216.134
O17 - HKLM\System\CCS\Services\Tcpip\..\{A75F5322-619F-46BB-945B-55E80FEA1EFD}: NameServer = 67.69.184.148 206.47.244.56
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

[ + quote]

Geeks to Go - Trusted Helper

Please do not PM for help - please post on the forums.

This message has been edited since posting. Last time this message was edited on 9. October 2006 @ 06:57

Niobis

Senior Member

9. October 2006 @ 10:49

Link to this message

Hmm, that's odd because your HijackThis log is clean and the files Kaspersky and ActiveScan found should be gone now.

Go here and download CCleaner.

Note: If you do not want Yahoo! Toolbar uncheck the option when installing.

Close all windows.
Open CCleaner.
Click "Run Cleaner".
After cleaning, click "Issues".
Click "Scan for Issues".
After scannning, click "Fix selectes issues...".
When prompted to backup registry, click "Yes".

[ + quote]

Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

Page:	< Previous	1	2

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > yet another w32.myzor.fk@yf report


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.