1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Norton Antivirus has detected a virus! eerrr...

Discussion in 'Virus & Other Malware Removal' started by clueless99, Feb 15, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. clueless99

    clueless99 Thread Starter

    Joined:
    Feb 7, 2003
    Messages:
    121
    I got two pop-ups stating the above when I clicked on a link. So, I ran a full scan of my computer. And found no problems, but I'm still a little freaked. Anyone know why that might have happened?

    Also, my windows toolbar Search window comes up blank. Even the Customize and New buttons doesn't work.
     
  2. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    It's probably a malicious Javascript on a web page, and Norton apparently prevented it from doing anything bad, which is a good thing.

    Just empty your TEmporary Internet Files folder.

    As for your Search problem, repair IE:

    Control Panel > Add/Remove Software > MS Internet Explorer > REmove > Repair IE.

    Cheers,
     
  3. clueless99

    clueless99 Thread Starter

    Joined:
    Feb 7, 2003
    Messages:
    121
    Ok...phew...was getting kinda worried.

    I have Windows XP and there isn't an Add/Remove Software. There is an Add/Remove Programs but it doesn't have the 'Repair' option....
     
  4. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Well, I meant Add/Remove Programs, and if you have Windows XP, Internet Explorer indeed won't be listed there.

    Would you do this first, please:

    Go to http://www.spywareinfo.com/downloads.php#det , and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please show us its contents.
     
  5. clueless99

    clueless99 Thread Starter

    Joined:
    Feb 7, 2003
    Messages:
    121
    Logfile of HijackThis v1.91.2
    Scan saved at 4:09:27 PM, on 2/16/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.hotmail.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.gateway.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer
    N3 - Netscape 7: user_pref("browser.startup.homepage", "www.hotmail.com"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rgzca168.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rgzca168.slt\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
    O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP40\hta\station.sbrt
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp2.81\Winampa.exe"
    O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINNT\System\WINSTA~1.EXE -b
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra 'Tools' menuitem: IMI (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003012801/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37589.9566550926
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw8fd.law8.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O18 - Protocol: relatedlinks - {5AB65DD4-01FB-44D5-9537-3767AB80F790} - C:\PROGRA~1\COMMON~1\MSIETS\msielink.dll

    Should I do a scan and post everytiime I have a problem?
     
  6. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Thanks for that.

    You have some IgetNet spyware starting up: http://www.doxdesk.com/parasite/IGetNet.html

    Check, and have Hijack This fix all of the following items:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=about :blank

    O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINNT\System\WINSTA~1.EXE -b


    This will in itself probably not do anything to fix your original problem.

    I suggest you repair/reinstall Internet Explorer following the directions given here:

    How to Reinstall or Repair Internet Explorer and Outlook Express in Windows XP (Q318378)
     
  7. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
  8. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Yup. Sorry about that.
    I misread, and thought this was an Internet Explorer thing...:rolleyes:
     
  9. clueless99

    clueless99 Thread Starter

    Joined:
    Feb 7, 2003
    Messages:
    121
    Sorry Rog, I think you missunderstood. I'm talking about the "Search" button in the IE windows toolbar. Thanks for trying to help!

    I'm still not sure if I should go reinstall IE6, because of all the warnings. If I do something wrong.....gawd. Now, when I click the 'Customize' button, a window with the words "Directory Listing Denied."

    Is there any other way to fix this problem w/o the % of doing some fatal harm?
     
  10. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    In that case do upgrade as we advised. Nothing can go wrong. Just shut down unneccessarily running programs, especially your antivirus, before upgrading.

    Do that, and test your browser.

    Cheers,
     
  11. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
  12. clueless99

    clueless99 Thread Starter

    Joined:
    Feb 7, 2003
    Messages:
    121
    Ok...I tried to reinstall IE6 with no luck because some Windows Logo thing wasn't right. So, after a few quick back and forth from my old and new computer, I fixed all the registry keys that were different that could've caused my searching problem. However, I still can't "Customize" the search to go to a different search engine like Google or Ask.com, besides the Yahoo one it has now.

    Thanks anyways you guys! I think I'll live.....
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Norton Antivirus detected
  1. DebbyR
    Replies:
    2
    Views:
    720
  2. Talshere
    Replies:
    1
    Views:
    636
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/119026

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice