|
|
#1
25th Jun 2007, 04:52
|
|||
|
|||
|
Hi,
Having recently downloaded a program file to my computer I am starting to get endless pop-ups and adverts coming up on my computer when on the internet. I have took a friends advice and got rid of my fee virus software and uploaded Avast and subscribed to that also I have subscribed to RegCure and XoftSpySE and have Spybot Search and destroy. The problem started when I had a trojan loaded on with the program file which I downloaded (Vundo Trojan). Having put these virus programs on I have managed to remove the trojan I think  and the computer is running fine but I keep on getting these pop-ups and when I run the virus software the bring up more stuff and sometimes the same stuff as before but thankfully not the trojan. Any hep and advice would be great. Oh pop-up blocker se to max, one error found on XoftSpySE is 'Internet Explorer firewall breach' but removes and comes back.Regards, John. |
|
#2
25th Jun 2007, 05:16
|
||||||||||||
|
||||||||||||
|
Hello John
__________________
Welcome to TCF Can you tell us what the program file was that you downloaded? My System: #
|
|
#3
25th Jun 2007, 05:33
|
|||
|
|||
|
Auto CAD 2008 my Program CD was destroyed by the kids so needed another coppy as I have the CD ilcence and took the advice from a mate to look at minanova torrent sight my fault:( wont be doing that again! Like I said as far as the Torent goes it is removed I think
have not seen it on any of the scanners again but its all the other stuff Gambling offers, Virus checker sights, Dating stuff, and other advertizing sights. They keep on poping up when I visit sights etc.
|
|
#4
25th Jun 2007, 10:31
|
|||
|
|||
|
well, first and foremost let's get started on the infection:
[font=Tahoma]Please do this: · Click here to download HJThis.exe · Save HJTsetup.exe to your desktop. · Doubleclick on the HJTsetup.exe icon on your desktop. · By default it will install to C:\Program Files\Hijack This. · Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue. · Put a check by Create a desktop icon then click Next again. · Continue to follow the rest of the prompts from there. · At the final dialogue box click Finish and it will launch Hijack This. · Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. · Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. · Come back here to this thread and Paste the log in your next reply. · DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. later we can deal with the legal issues of downloading stuff from torrent sites. Unless the bosses say we deal with them first. :) |
|
#5
25th Jun 2007, 10:40
|
||||||||||||
|
||||||||||||
|
Valis mate that link is not working.
__________________
RE: Torrents There is a fine line I think, current rules forbid the discussion on how to circumvent copyright law, so the discussion on how to use torrents is not ok. This topic is ok for now as it is not overstepping that mark. But at the end of the day don't use illegal file sharing networks, go and buy the stuff you want, it is theft. My System: Hybr!d
|
|
#6
25th Jun 2007, 12:02
|
|||
|
|||
|
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:01:56, on 25/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\stsystra.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\ATK Media\DMEDIA.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\WINDOWS\system32\ACEngSvr.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Corel\Graphics8\Programs\MFIndexer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\WINDOWS\system32\acovcnt.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe D:\Software Programs\Downloaded\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec.com/techsupp/ser...build=Symantec O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5F492902-8A29-49E0-B81F-D312A60D9248} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {E7E9F57E-2947-40B1-9BBF-0896D19C092F} - C:\DOCUME~1\JOHN&S~1\LOCALS~1\Temp\~DP11.dll (file missing) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV2.1\MediaDetector.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1170844644718 O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://myconnect.bbc.co.uk/InternalSite/WhlCompMgr.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab55762.cab O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/fs5/ax/ActiveXWebCam.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab55579.cab O20 - Winlogon Notify: mljjhfe - mljjhfe.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 9205 bytes |
|
#7
25th Jun 2007, 12:40
|
|||
|
|||
|
thanks dave and wolfey; will fix for future usage.
sgt: close all windows, including the internet, open HJT, run 'perform system scan only', place a tick next to the following, click 'fix checked', reboot, and post a new log: O2 - BHO: (no name) - {5F492902-8A29-49E0-B81F-D312A60D9248} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {E7E9F57E-2947-40B1-9BBF-0896D19C092F} - C:\DOCUME~1\JOHN&S~1\LOCALS~1\Temp\~DP11.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/fs5/ax/ActiveXWebCam.cab O20 - Winlogon Notify: mljjhfe - mljjhfe.dll (file missing) You definitely had vundo; those are all abandoned .dll files left by it. Regardless, reboot and post a new log. Thanks, v |
|
#8
25th Jun 2007, 12:45
|
|||
|
|||
|
Don't worry said sight is never going to be used and my so called mate is going to get a stern word when I see him tomorrow.
As for my program I have found a better opiton and purchasing a legit disk! Such sights should not exsist!  My appologies for mentioning said sight! Computers are a big learning curve to myself so Lesson learnt! Have found a sight regarding the legality of the use of these sights and fully understand your points as I was not 100% aware! |
|
#9
25th Jun 2007, 13:00
|
|||
|
|||
|
We all learn valuable lessons John and you have learned one today.
Normally I would have shut this post down and the only reason I didn't is because you realised just what trash these sites peddle. Now stick with Valis's advice and he will try his best to get you back on track. |
|
#10
25th Jun 2007, 13:03
|
|||
|
|||
|
Manythanks Wolfey.
|
