Please Help!
I dont know what virus it is so i ran windows live care one but it didnt detect anything.
It keeps changing my homepage to:
http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
Then it directs me to:
http://ucleaner.com/main.php?wmid=60...o4OQ==&lndid=2
then i change the homepage and it changes right back.
I can search the internet but i get system alert at the
bottom right corner of my screen with a flashing circle red X
saying:
System has detected virus acivities, these my impact the
peformane of your computer. Please use recommended
antispyware software to protect your system from parasites on
your computer
window security alert popup saying:
windows has detected an internet attack attempt...
somebodys trying to infect your pc with spyware
or harmful viruses. run full system scan no to
protect your pc from internet attacks,hijacking
attempts and spyware! Click here to download
spyware remover for total protection.
spyware alert popup:
worm. win32.netsky detected on your machine. this virus is distrbuted
via the internet throught the email and active-X objects. The worm has its
own smtp engine which means it gathers emails from your local computer and re-distributes itself. In worst case this worm can allow attackers to access your
computer, stealing passwords and personal data.
This process should be removed from you system. Type:virus
system affected: windows 2000, nt, me, xp, vista
security risk(0-5): 5
Recomendation: Click Yes to rmove it from your PC immediately
popup windows internet explore:
warning! Serious malicious objects and spyware have been detected on
your pc.we highly recommend you scan the system completely and download the latest
version of spywareIsolator program which with all its cutting-edge features
helps you to protect the p against spyware and viruses.
then opens window to:
http://spywareisolator.com/landing/scan.php?wmid=abr
then it opens a fake security control panel page:
http://www.system-defender.com/freew...&lndid=37&p=01
its also put these on my desktop:
error cleaner
privavy protector
spyware&malware protection
They must really want me to use their programs!
I ran combofix and it took the three so called virus protection programs off
my desktop and got rid of the flashing red x system alert and no pop ups and then
I was able to change my homepage
. so i restarted my computer and now its
all back again
what am i doing wrong?
Here's the log from combofix:
D:\Documents and Settings\Static\Desktop\Error Cleaner.url
D:\Documents and Settings\Static\Desktop\Privacy Protector.url
D:\Documents and Settings\Static\Desktop\Spyware&Malware Protection.url
D:\Documents and Settings\Static\Favorites\Error Cleaner.url
D:\Documents and Settings\Static\Favorites\Privacy Protector.url
D:\Documents and Settings\Static\Favorites\Spyware&Malware Protection.url
D:\Program Files\FunWebProducts
D:\Program Files\FunWebProducts\ScreenSaver\Images\
020EDE15.urr
D:\Program Files\FunWebProducts\ScreenSaver\Images\
02111309.urr
D:\Program Files\FunWebProducts\ScreenSaver\Images\
0212F099.dat
D:\Program Files\FunWebProducts\ScreenSaver\Images\
0213EE99.dat
D:\Program Files\FunWebProducts\ScreenSaver\Images\
02152013.dat
D:\Program Files\FunWebProducts\ScreenSaver\Images\
0216E1BF.dat
D:\Program Files\FunWebProducts\ScreenSaver\Images\
02181740.dat
D:\Program Files\FunWebProducts\ScreenSaver\Images\
021BB3F1.dat
D:\Program Files\FunWebProducts\ScreenSaver\Images\
021E1393.dat
D:\Program Files\FunWebProducts\ScreenSaver\Images\
0220E9DA.dat
D:\Program Files\FunWebProducts\ScreenSaver\Images\
0221A5E5.dat
D:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
D:\Program Files\MyWebSearch
D:\Program Files\MyWebSearch\bar\History\search2
D:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
D:\Program Files\MyWebSearch\bar\Settings\setting2.htm
D:\Program Files\MyWebSearch\bar\Settings\settings.dat
.
((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.
2008-03-21 18:18 . 2008-03-21 18:18 3,631 --a------ D:\C5.tmp
2008-03-20 10:56 . 2008-03-20 10:57 <DIR> d-------- D:\Program Files\Google
2008-03-19 01:12 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
2008-03-19 01:12 . 2007-07-30 19:19 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui
2008-03-18 10:59 . 2008-03-21 17:42 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-03-18 10:59 . 2008-03-18 10:59 1,409 --a------ D:\WINDOWS\QTFont.for
2008-03-18 09:06 . 2007-11-27 22:56 116,416 --a------ D:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-03-18 09:06 . 2007-11-27 22:56 91,328 --a------ D:\WINDOWS\system32\drivers\msfwdrv.sys
2008-03-18 09:05 . 2008-03-18 09:05 <DIR> d-------- D:\WINDOWS\system32\bits
2008-03-18 09:05 . 2007-07-06 15:09 70,928 --a------ D:\WINDOWS\system32\drivers\MpFilter.sys
2008-03-18 09:04 . 2007-03-29 05:56 7,168 -----c--- D:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-03-18 09:04 . 2007-03-29 05:56 7,168 --------- D:\WINDOWS\system32\bitsprx4.dll
2008-03-18 07:41 . 2008-03-18 07:44 <DIR> d-------- D:\WINDOWS\system32\NtmsData
2008-03-18 00:44 . 2008-03-21 16:38 <DIR> d-------- D:\Program Files\Microsoft Windows OneCare Live
2008-03-18 00:09 . 2008-03-18 00:09 <DIR> d-------- D:\Program Files\Windows Defender
2008-03-17 23:35 . 2007-12-06 19:21 6,066,176 -----c--- D:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-17 23:35 . 2007-06-30 20:31 2,455,488 -----c--- D:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-17 23:35 . 2007-06-30 20:36 991,232 -----c--- D:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-17 23:35 . 2007-12-06 19:21 459,264 -----c--- D:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-17 23:35 . 2007-12-06 19:21 383,488 -----c--- D:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-17 23:35 . 2007-12-06 19:21 267,776 -----c--- D:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-17 23:35 . 2007-12-06 19:21 63,488 -----c--- D:\WINDOWS\system32\dllcache\icardie.dll
2008-03-17 23:35 . 2007-12-06 19:21 52,224 -----c--- D:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-17 23:35 . 2007-12-06 04:00 13,824 -----c--- D:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-17 11:17 . 2008-03-17 08:37 237,568 --a------ D:\WINDOWS\altvxvm.dll
2008-03-17 11:17 . 2008-03-17 08:37 221,184 --a------ D:\WINDOWS\bokpkov.dll
2008-03-09 09:08 . 2008-03-09 09:08 <DIR> d-------- D:\Program Files\HP
2008-03-09 09:08 . 2008-03-09 09:08 <DIR> d-------- D:\Program Files\Common Files\HP
2008-03-09 09:08 . 2008-03-09 09:08 <DIR> d-------- D:\Documents and Settings\Static\Application Data\Image Zone Express
2008-03-07 19:19 . 2004-08-04 00:08 26,624 --a------ D:\WINDOWS\system32\drivers\usbehci.sys
2008-03-07 19:19 . 2004-08-04 00:08 26,624 --a--c--- D:\WINDOWS\system32\dllcache\usbehci.sys
2008-03-07 19:19 . 2004-08-04 01:56 7,168 --a------ D:\WINDOWS\system32\hccoin.dll
2008-03-07 19:19 . 2004-08-04 01:56 7,168 --a--c--- D:\WINDOWS\system32\dllcache\hccoin.dll
2008-03-03 01:42 . 2008-03-03 01:42 <DIR> d-------- D:\Program Files\MySpace
2008-03-03 01:42 . 2008-03-03 01:42 <DIR> d-------- D:\Documents and Settings\Static\Application Data\MySpace
2008-02-23 03:05 . 2001-09-24 10:38 412,672 --a------ D:\WINDOWS\system32\drivers\lvcodek2.dll
2008-02-23 03:05 . 2001-09-24 10:41 200,704 --a------ D:\WINDOWS\system32\LVUI2.dll
2008-02-23 03:05 . 2001-09-24 10:40 172,032 --a------ D:\WINDOWS\system32\lvcodec2.dll
2008-02-23 03:05 . 2001-09-24 10:39 98,304 --a------ D:\WINDOWS\system32\LVComS.exe
2008-02-23 03:05 . 2001-09-24 10:41 69,632 --a------ D:\WINDOWS\system32\LVUI2RC.dll
2008-02-23 03:05 . 2001-09-24 10:38 59,904 --a------ D:\WINDOWS\system32\drivers\lvcam2.dll
2008-02-23 03:05 . 2001-09-24 10:39 57,344 --a------ D:\WINDOWS\system32\LVComC.dll
2008-02-23 03:05 . 2001-09-24 10:38 38,912 --a------ D:\WINDOWS\system32\drivers\lvcd.sys
2008-02-23 03:05 . 2008-02-23 03:05 264 --a------ D:\WINDOWS\_delis32.ini
2008-02-23 02:55 . 2008-02-23 02:55 <DIR> d-------- D:\Program Files\Common Files\Logitech
2008-02-23 02:54 . 2008-02-23 02:54 <DIR> d-------- D:\Program Files\Windows Media Components
2008-02-23 02:51 . 2008-02-23 02:53 <DIR> d-------- D:\Program Files\Logitech
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 16:10 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-03-18 16:10 --------- d-----w D:\Program Files\Philips
2008-03-18 06:54 --------- d-----w D:\Program Files\Yahoo!
2008-03-06 07:09 --------- d-----w D:\Documents and Settings\Static\Application Data\Yahoo!
2008-03-06 07:09 --------- d-----w D:\Documents and Settings\All Users\Application Data\Yahoo!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebCamRT.exe"="" []
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2006-02-28 05:00 15360]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-20 10:57 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SbUsb AudCtrl"="sbusbdll.dll" [2005-05-26 18:52 128000 D:\WINDOWS\system32\sbusbdll.dll]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="F:\muszik\iTunesHelper.exe" [2008-01-15 04:22 267048]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"LVCOMS"="D:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 10:39 98304]
"Windows Defender"="D:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"OneCareUI"="D:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-01-22 19:43 67112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 01:01 437160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
"altvxvm"= {4849D093-1839-4D3F-A8F7-6AAA605D760D} - D:\WINDOWS\altvxvm.dll [2008-03-17 08:37 237568]
"bokpkov"= {B59FA3A0-F687-4FE2-8523-83EDEC893C39} - D:\WINDOWS\bokpkov.dll [2008-03-17 08:37 221184]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"F:\\muszik\\iTunes.exe"=
"D:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
S3 sbusb;Sound Blaster USB Audio Driver;D:\WINDOWS\system32\DRIVERS\sbusb.sys [2005-06-10 10:39]
.
Contents of the 'Scheduled Tasks' folder
"2008-03-19 06:07:03 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-03-21 18:24:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
Login 
