Laptop Spam Virus

Discussion in 'Windows - Virus and spyware problems' started by Thisman, Jun 1, 2008.

  1. Thisman

    Thisman Member

    Joined:
    Sep 2, 2006
    Messages:
    65
    Likes Received:
    0
    Trophy Points:
    16
    Okay, sorry for 2 different threads, but this is a whole new problem. I current have a laptop and it is constantly being spammed with a messgae that says "go here to fix this problem" or "If u dont go to this site, popups like these will keep coming up". I dont know what it is, but any input is much appreciated. Thanks again guys.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:25:58 AM, on 6/1/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\acs.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\dwwin.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

    --
    End of file - 2310 bytes
     
    Thisman, Jun 1, 2008
    #1
  2. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hi Thisman again :)

    i will tell you the same thing as your other thread. Please download A-squared, run it, and then post the log here without deleting anything. I cannot see any problem with your HijackThis log, so we are going to have to rely on other ways. :p

    What do you mean by "spammed"? Pop ups? Pop ups usually indicate spyware, or a trojan. Next time, if you encounter this problem, you can immediately point out the spyware problem, and then download antispyware scanners.

    Best Regards :D
     
    cdavfrew, Jun 1, 2008
    #2
  3. Thisman

    Thisman Member

    Joined:
    Sep 2, 2006
    Messages:
    65
    Likes Received:
    0
    Trophy Points:
    16
    this a-squared log probably wont show anything because i tried to install AVG, but it wouldnt allow it, so i got AVG via flash drive from my desktop computer. But then when i did an AVG scan it wouldnt scan the C: Drive, it just says it cant. But hey, i dont know anything about virus's and trojans and junk, so here's the log. Thanks for helping.

    a-squared Anti-Malware - Version 3.5
    Last update: 6/1/2008 7:52:55 PM

    Scan settings:

    Objects: Memory, Traces, Cookies
    Scan archives: On
    Heuristics: On
    ADS Scan: On

    Scan start: 6/1/2008 8:53:45 PM

    C:\Documents and Settings\Ralph Manabat\Cookies\ralph manabat@247realmedia[1].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Cookies\ralph manabat@2o7[1].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Cookies\ralph manabat@adserver.adreactor[1].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Cookies\ralph manabat@adserver[1].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Cookies\ralph manabat@advertising[1].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Cookies\ralph manabat@atdmt[2].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Cookies\ralph manabat@bluestreak[2].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Cookies\ralph manabat@casalemedia[1].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Cookies\ralph manabat@doubleclick[1].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Cookies\ralph manabat@edge.ru4[1].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Cookies\ralph manabat@fastclick[1].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Cookies\ralph manabat@media.adrevolver[1].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Cookies\ralph manabat@media6degrees[1].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Cookies\ralph manabat@questionmarket[2].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Cookies\ralph manabat@realmedia[2].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Cookies\ralph manabat@specificclick[2].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Cookies\ralph manabat@statcounter[1].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Cookies\ralph manabat@trafficmp[1].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Cookies\ralph manabat@tribalfusion[2].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Cookies\ralph manabat@zedo[1].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:16 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:21 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:22 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:23 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:25 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:28 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:29 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:35 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:42 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:68 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:69 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:70 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:71 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:72 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:73 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:74 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:75 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:76 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:77 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:91 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:94 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:98 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:99 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:100 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:101 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:109 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:169 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:170 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:171 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:172 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:173 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:219 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:220 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:221 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:222 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:241 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:242 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:243 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:244 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:254 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:317 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:320 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:329 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:330 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:331 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:336 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:347 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:348 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:357 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:362 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:363 detected: Trace.TrackingCookie
    C:\Documents and Settings\Ralph Manabat\Application Data\Mozilla\Firefox\Profiles\qxkuv7xi.default\cookies.txt:389 detected: Trace.TrackingCookie

    Scanned

    Files: 1078
    Traces: 411940
    Cookies: 545
    Processes: 22

    Found

    Files: 0
    Traces: 0
    Cookies: 72
    Processes: 0
    Registry keys: 0

    Scan end: 6/1/2008 8:58:12 PM
    Scan time: 0:04:27
     
    Last edited: Jun 1, 2008
    Thisman, Jun 1, 2008
    #3
  4. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    I see. You have a trojan which prevents installation of antiviruses and such, and also hides from a-squared. Try downloading Antivir Free installer, then install it in safe mode. You might not be able to update it, but if you have the time, you can download the update package from http://www.softpedia.com/get/Others...a-Antivir-Virus-Definition-File-Update.shtml, and then apply it to the installed Antivir in safe mode. After that, scan with Antivir (still in safe mode), and then quarantine everything it finds (that is, things you know are not safe).

    Also, run a scan with A-squared in safe mode. Follow that up with a scan with GMER in normal mode.

    Best Regards :D
     
    cdavfrew, Jun 1, 2008
    #4

Share This Page