Help!

Rascus · 09-08-2007, 04:53 PM

I was creating a "playlist" that you commonly see on myspace, etc. Well when I went to click on one of the song links my virus detector went nuts and ever since it keeps going off, saying a Trojan horse is on and adware is to be found. I found some of the files and think I got rid of them but still get more.

I found some of the names:
Win32.Small-GWM
Win32.Vundo-gen-46

I also keep getting this "file download" window popping up asking me if I want to install "WinAntiSpyware2007FreeInstall.exe"

This shit is becoming a nuisance. I've searched for some of the files but the computer can't find them.

WIthout doing a complete reboot of the system, how can i get rid of this?

segue00 · 09-08-2007, 04:57 PM

Just shut down and re-boot the system. Your anti-virus should take care of it when you power up again.

Rascus · 09-08-2007, 05:01 PM

yea...that hasn't worked. I've run my adware and it found one but the "WinAntispyware" thing keeps popping up every 10mins or so

WhoUtink · 09-08-2007, 05:28 PM

Where did you get the myspace playlist thing? If it is a song just delete and and run a full system scan with a spyware reomover , adware remover and an antivirus. Idk know but it could be the app that runs the playlist. Myspace and all the sites that make myspace crap are full of spyware and adware. My girlfriend uses it and I have new stuff all the time. Did I mention I hate myspace.

also fuck that god damn myspace messenger it cause my compute to take like 5 minutes to start.

WhoUtink · 09-08-2007, 05:31 PM

Quote:

Originally Posted by Rascus

yea...that hasn't worked. I've run my adware and it found one but the "WinAntispyware" thing keeps popping up every 10mins or so

Is that a windows app? If so delete it and go get a free remover, like adaware, and spybot search and destroy. Avg also just released a antispyware that is free. You can also try a program called Highackthis ( I think) I never used it but it is supposed to be the shiz.

I learned everything I need to know about computers downloading porn, so I am a virus expert.

FZSilver · 09-08-2007, 05:42 PM

DL HighJackThis and run it.

Rascus · 09-08-2007, 06:28 PM

this is what i'm getting...about every 10 mins it pops up.

Rascus · 09-08-2007, 06:34 PM

ok...loaded hijack and do not understand this program at all.

it made this log file

Quote:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:30:48 PM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\1162358366\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DIGStream\PlayhouseDisneyDownloadManager.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\svhost.exe
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
C:\Program Files\ProStores\StoreMonitor\StoreMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ThePort\XML Player\XMLplayer.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
c:\program files\common files\aol\1162358366\ee\aim6.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\plk53vlh.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\plk53vlh.slt\prefs.js)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3AB792AA-53FE-4FBF-948D-30986F0502BB} - C:\WINDOWS\system32\vtstq.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\system32\ddcbbxy.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D1316} - C:\WINDOWS\System32\spm1316.dll (file missing)
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765721316} - C:\WINDOWS\System32\wer1316.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: MBKWBar - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - C:\Program Files\MBKWBar\IEToolBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int404433.exe -auto
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [aqyjnzxc] c:\windows\system32\aqyjnzxc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1162358366\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EIbminsprt310] E:\Ibmins\prtStart.exe 11 31 2 02 2007 "E:\Ibmins\prt3140.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PlayhouseDisneyDownloadManager] C:\Program Files\DIGStream\PlayhouseDisneyDownloadManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [ProStoresStoreMonitor] C:\Program Files\ProStores\StoreMonitor\StoreMonitor.exe
O4 - HKCU\..\Run: [My Kazaa Gold] C:\Program Files\MyKazaaGold\MyGoldKazaa.exe /hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: RedskinsDirect.lnk = C:\Program Files\ThePort\XML Player\XMLplayer.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - http://disney.go.com/games/downloads...areControl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v40...l/freecell.cab
O20 - Winlogon Notify: ddcbbxy - C:\WINDOWS\SYSTEM32\ddcbbxy.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ivbxsquf.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13826 bytes

WhoUtink · 09-08-2007, 08:04 PM

I think that is called a dialer not sure though, the l;ink says it is a trojan.
here is a really cool link I think you might appreciate.

http://forums.techguy.org/malware-re...or-trojan.html

FZSilver · 09-08-2007, 08:18 PM

The trojan is in the list that it brought up 95% of the time. The thing about it is that it can't tell what just you have customized and what you don't want there. One thing you can do is copy paste each of those into google and see what comes up. It's a long process but certain files are known and sites will tell you that is it a trojan/virus/spyware.

Rascus · 09-08-2007, 08:28 PM

I know what it is, i just want it gone.

while i was taking a shower and stuff, it popped up 26 times! and that was in about an hour time frame

Rascus · 09-08-2007, 08:33 PM

Quote:

Originally Posted by WhoUtink

I think that is called a dialer not sure though, the l;ink says it is a trojan.
here is a really cool link I think you might appreciate.

http://forums.techguy.org/malware-re...or-trojan.html

I didn't understand a damn thing on the site