1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

security alert

Discussion in 'Virus & Other Malware Removal' started by solidwax, Jul 26, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. solidwax

    solidwax Thread Starter

    Joined:
    May 25, 2004
    Messages:
    322
    Hi, Can someone please tell me why i keep getting security alerts when browsing the internet? Thanks.
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download HJTsetup.exe.
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. solidwax

    solidwax Thread Starter

    Joined:
    May 25, 2004
    Messages:
    322
    Logfile of HijackThis v1.99.1
    Scan saved at 5:15:49 PM, on 7/26/2002
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\DeltTray.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Run ActiveScan online virus scan:
    http://www.pandasoftware.com/products/activescan.htm

    Once you are on the Panda site click the Scan your PC button.
    A new window will open...click the Check Now button.
    Enter your Country.
    Enter your State/Province.
    Enter your e-mail address and click send.
    Select either Home User or Company.
    Click the big Scan Now button.
    If it wants to install an ActiveX component allow it.
    It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    When download is complete, click on My Computer to start the scan.
    When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report.
     
  5. solidwax

    solidwax Thread Starter

    Joined:
    May 25, 2004
    Messages:
    322
    Well heres my activeScan report.

    Incident Status Location

    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Matt N.MATT\Cookies\matt [email protected][1].txt
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Matt N.MATT\Cookies\matt [email protected][1].txt
    Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Matt N.MATT\Cookies\matt [email protected][1].txt
    Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Matt N.MATT\Cookies\matt [email protected][1].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Matt N.MATT\Cookies\matt [email protected][1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Matt N.MATT\Cookies\matt [email protected][2].txt
    Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Matt N.MATT\Cookies\matt [email protected][1].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Matt N.MATT\Cookies\matt [email protected][2].txt
    Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Matt N.MATT\Cookies\matt [email protected][1].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Matt N.MATT\Cookies\matt [email protected][2].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Matt N.MATT\Cookies\matt [email protected][1].txt
    Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Common Files\{B868F80B-095A-1033-1219-050723050001}\services.dll
    Adware:Adware/TrustIn Not disinfected C:\RECYCLER\S-1-5-21-507921405-706699826-725345543-500\Dc1.exe[TrustInPopups.exe]
    Potentially unwanted tool:Application/Processor Not disinfected C:\SmitfraudFix\SmitfraudFix\Process.exe
    Spyware:Cookie/YieldManager Not disinfected F:\Documents and Settings\Administrator.MATT.000\Cookies\[email protected][2].txt
    Spyware:Cookie/Atwola Not disinfected F:\Documents and Settings\Administrator.MATT.000\Cookies\[email protected][1].txt
    Spyware:Cookie/BurstNet Not disinfected F:\Documents and Settings\Administrator.MATT.000\Cookies\[email protected][1].txt
    Spyware:Cookie/TeensForCash Not disinfected F:\Documents and Settings\Administrator.MATT.000\Cookies\[email protected][2].txt
    Spyware:Cookie/Toplist Not disinfected F:\Documents and Settings\Administrator.MATT.000\Cookies\[email protected][1].txt
    Spyware:Cookie/myaffiliateprogram Not disinfected F:\Documents and Settings\Administrator.MATT.000\Cookies\[email protected][2].txt
    Spyware:Cookie/Yadro Not disinfected F:\Documents and Settings\Administrator.MATT.000\Cookies\[email protected][1].txt
    Spyware:Cookie/Cgi-bin Not disinfected F:\RECYCLED\DC13.TXT
    Spyware:Cookie/Maxserving Not disinfected F:\RECYCLED\DC27.TXT
    Spyware:Cookie/Zedo Not disinfected F:\RECYCLED\DC3.TXT
    Spyware:Cookie/Tickle Not disinfected F:\RECYCLED\DC38.TXT
    Spyware:Cookie/MyWay Not disinfected F:\RECYCLED\DC58.TXT
    Spyware:Cookie/RealMedia Not disinfected F:\RECYCLED\DC63.TXT
    Spyware:Cookie/BurstBeacon Not disinfected F:\RECYCLED\DC64.TXT
    Adware:Adware/WUpd Not disinfected G:\My Documents\Hijackthis\backup-20040728-140841-255.inf
    Adware:Adware/DollarRevenue Not disinfected G:\My Documents\Programs\RegCureSetup_46-4vwf.exe[²ÜÇ\System.dll]
    Adware:Adware/Adsmart Not disinfected G:\My Documents\Programs\UltraISO.7.6.6.1308_CRKEXE-FFF.exe[run.exe]
    Adware:Adware/DollarRevenue Not disinfected G:\My Documents\Zips\nfsmw.rar[install.exe]
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires, it becomes freeware with reduced functions but still worth keeping.


    • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run Ewido and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
    • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

    Close Ewido Anti-Spyware, DO NOT run a scan yet. We will do that later in Safe Mode.


    • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
      IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • Ewido will now begin the scanning process. Be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close Ewido and reboot your system back into Normal Mode.

    Post a new Hijack This log and the results of the Ewido scan.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/486738

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice