1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

spyware.cyberlog-x

Discussion in 'Virus & Other Malware Removal' started by seo, Jan 23, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. seo

    seo Thread Starter

    Joined:
    Dec 21, 2006
    Messages:
    75
    Recently I’ve come-up with a Security Alert showing the message:

    System detected virus activities. These may impact the performance of your computer. Please use antimalware software to cleane and protect your system from parasite programs.
    Click this balloon to get all available software.

    When I clicked on it a new window opened from anti-virus.com showing ANTIVERMINS. Another window poped-up showing that spyware.cyberlog-x has infected my PC.

    I’ve already scanned with spybot search and destroy and adware-se programs. Please help me in this regard.
     
  2. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Welcome to TSG :)

    Download SmitfraudFix (by S!Ri) to your Desktop.
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    [​IMG]
    Select option #1 - Search by typing 1 and press Enter
    [​IMG]
    This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm

    IMPORTANT: Do NOT run any other options until you are asked to do so!
     
  3. seo

    seo Thread Starter

    Joined:
    Dec 21, 2006
    Messages:
    75
    I've fixed the problem of ANTIVERMINS. With the suggestion of my colleague, i've installed the SUPER antispyware trial version program. When i scanned the PC using it, i've found about 35 critical objects and removed them. So now i'm not getting the pop-up security alert message. Hope the problem has been fixed.

    sjpritch25 ! Thanx a lot for the support.
     
  4. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Glad you fixed, but i would still like to see a Hijackthis log

    Please download HJT setup.exe Here
    Let it Place Hijackthis in C:\Program Files\Hijackthis
    Open Hijackthis.exe
    Click on Do a System Scan and Save log file
    Don't Fix any Items!!!
    Just copy and paste the contents of the log file to your reply.
     
  5. seo

    seo Thread Starter

    Joined:
    Dec 21, 2006
    Messages:
    75
    This is the log which was obtained after scan:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:49:13 AM, on 1/31/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    I:\WINDOWS\System32\smss.exe
    I:\WINDOWS\system32\csrss.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\WINDOWS\system32\services.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\System32\svchost.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\system32\spoolsv.exe
    I:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    I:\WINDOWS\Explorer.EXE
    I:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    I:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    I:\Program Files\Spyware Doctor\sdhelp.exe
    I:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    I:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    I:\WINDOWS\system32\wwSecure.exe
    I:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    I:\Program Files\Winamp\winampa.exe
    I:\Program Files\Common Files\Real\Update_OB\realsched.exe
    I:\Program Files\Messenger\msmsgs.exe
    I:\Program Files\Spyware Doctor\swdoctor.exe
    I:\Program Files\Google\Google Talk\googletalk.exe
    I:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    I:\Program Files\Rediff Bol\RediffMessenger.exe
    I:\Program Files\Webroot\Washer\wwDisp.exe
    I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    I:\WINDOWS\System32\alg.exe
    I:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    I:\Program Files\WordWeb\wweb32.exe
    I:\Program Files\Internet Explorer\iexplore.exe
    I:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    I:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    I:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    I:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://in.rediff.com/index.html
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - I:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar2.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - I:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: (no name) - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] I:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "I:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [AVG7_CC] I:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroCheck] I:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] I:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "charithasrinivas"
    O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O4 - HKCU\..\Run: [Spyware Doctor] "I:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [Yahoo! Pager] "I:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [googletalk] "I:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [FreeRAM XP] "I:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - HKCU\..\Run: [Bol IM] "I:\Program Files\Rediff Bol\RediffMessenger.exe"
    O4 - HKCU\..\Run: [Window Washer] I:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - HKCU\..\Run: [updateMgr] I:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = I:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Startup: WordWeb.lnk = I:\Program Files\WordWeb\wweb32.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &WordWeb... - res://I:\WINDOWS\wweb32.dll/lookup.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - I:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - I:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - I:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8112CA47-B174-43C8-8E81-0639BEE9D759}: NameServer = 202.88.174.6,202.88.130.67
    O20 - Winlogon Notify: !SASWinLogon - I:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - I:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - I:\WINDOWS\system32\wwSecure.exe
     
  6. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    log is clean!!!! How is everything running???
     
  7. seo

    seo Thread Starter

    Joined:
    Dec 21, 2006
    Messages:
    75
    Its ok now . As i said in my earlier post , i don't find the pop-up messages. Thanx a lot for your help.
     
  8. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

    To SET A NEW RESTORE POINT:
    1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
    2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    3. Then go to Start > Run and type: Cleanmgr
    4. Click "OK".
    5. Click the "More Options" Tab.
    6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

    Graphics for doing this are in the following links if you need them.
    How to Create a Restore Point.
    How to use Cleanmgr.

    ======================================

    Here is some useful information on keeping your computer clean:
    1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
    2. If you don't have a Firewall installed, please choose from the following:
      1. ZoneAlarm Free
      2. Kerio Personal Firewall
    3. Here are two great Preventive programs:
      • SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
      • IESpyads adds a long list of bad sites to your Restricted sites in Internet Explorer and protects against drive by downloads.
    4. Surf Safe with McAfee's SiteAdisor. SiteAdisor will work with Internet Explorer and Mozilla Firefox. SiteAdisor is a browser plugin that assigns a safety rating to domains listed in your search engine. SiteAdvisor uses the following color codes to indicate the safety level of each site.
      • Red for Warning
      • Yellow for Use Caution
      • Green for Safe
      • Grey for Unknown

      Here are the link to install SiteAdisor in Internet Explorer and Firefox
    5. Anti-Spyware Programs I Recommend:
      • Free Anti-Spyware Programs
      • Great Subscription Anti-Spyware Programs
    6. For Even More Information On Securing Your Computer read Tony Klein's So How Did I Get Infected In The First Place
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - spyware cyberlog
  1. dano_61
    Replies:
    14
    Views:
    688
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/537807

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice