1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Html/virus?

Discussion in 'Virus & Other Malware Removal' started by barncat, Feb 11, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. barncat

    barncat Thread Starter

    Joined:
    Jan 11, 2005
    Messages:
    253
    NO emergency, butTrend online scan found : HTML ADVER.A (a hoax security website) in -win\system32\security...trend
    could not fix it...

    avg and avast do not find this html as a virus within -\sys32 folder.....

    in that folder is a folder named "drivers" which contains Ms files and avg7 files....

    also in the -sys32\ folder are three files , search.html, searchbar.html, and securityID=816093-MS03-011&privacyAPI32=x401.html all created in sep 03...the last , securityID is the only thing there that refers to "security"....are these the html adver.a that trend found? can i delete these three files?

    thank you...here is hjt log too....

    Logfile of HijackThis v1.99.0
    Scan saved at 8:36:31 AM, on 2/11/05
    Platform: Windows 95 B (Win9x 4.00.1111)
    MSIE: Internet Explorer v4.70 SP1 (4.70.0000.1155)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\NOTEPAD.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\tapiexe.exe
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = {BROWSER_HOMEPAGE}
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://spyzerotest.ahnlab.com/cyworld/plugin/myfirewall20.cab
    O16 - DPF: {11111111-1111-1111-2222-111111111157} -
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
    O16 - DPF: {11111111-1111-1111-2222-111111111157} -

    Close all applications and browser windows before you click "fix checked".
     
  3. barncat

    barncat Thread Starter

    Joined:
    Jan 11, 2005
    Messages:
    253
    Thank you.....i have deleted these several times..... in the -sys32\ folder are three files , search.html, searchbar.html, and securityID=816093-MS03-011&privacyAPI32=x401.html all created in sep 03...,,,,the last , securityID is the only thing there that refers to "security"..,,,..are these the html adver.a that trend found? ...,,,,...can i delete these three files?
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    I think you can remove them, but if you want to be sure put them in a folder for a few days and then delete them.
     
  5. barncat

    barncat Thread Starter

    Joined:
    Jan 11, 2005
    Messages:
    253
    Thank You very much......will do that....
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Html virus
  1. bsacco
    Replies:
    5
    Views:
    546
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/329248

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice