[Trojan-Clicker.win32.tiny.h] Fake Windows Alert (Hijackthis Included)

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Gruesomehusam

Thread Starter
Joined
Oct 7, 2008
Messages
1
Hello, I am new to this forum and came across it whilst trying to solve a problem my computer had. I keep receiving fake windows security messages warning me that i have Trojan-Clicker.win32.tiny.h in my computer and telling me to click on a link which takes me to websites offering to sell me antivirus software.

I have windows xp.

I found someone else who i think has the same problem but couldn't really understand the solution. His query is here: http://forums.techguy.org/malware-r.../756233-popup-virus-alert-trojan-clicker.html

This is what it looks like: http://i364.photobucket.com/albums/oo82/gruesomehusam/untitled.png

I read the guide, downloaded hijackthis and ran a scan, and here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:09:14, on 07/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\vudgbsny\rgpkhwpq.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\dcxubwnq.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Husam\Start Menu\Programs\Startup\PowerMenu.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\dcxubwnq.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 527631 helper - {54160F28-994B-48DD-8D83-1B2F6B9EB054} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EzOff] C:\Program Files\IT Works\Ez OFF\EzOff.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\DAEMON Tools SearchBar\whse.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CfgMsgMon] C:\WINDOWS\system32\dcxubwnq.exe
O4 - HKLM\..\Policies\Explorer\Run: [t4vo3sd0qp] C:\Documents and Settings\All Users\Application Data\vudgbsny\rgpkhwpq.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-789336058-1644491937-839522115-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Abdul')
O4 - HKUS\S-1-5-21-789336058-1644491937-839522115-1003\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Abdul')
O4 - HKUS\S-1-5-21-789336058-1644491937-839522115-1003\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User 'Abdul')
O4 - HKUS\S-1-5-21-789336058-1644491937-839522115-1003\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all (User 'Abdul')
O4 - HKUS\S-1-5-21-789336058-1644491937-839522115-1003\..\Run: [HlpCom] C:\Documents and Settings\All Users\Application Data\HlpCom\vyvcxmva.exe (User 'Abdul')
O4 - HKUS\S-1-5-21-789336058-1644491937-839522115-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Rianne')
O4 - HKUS\S-1-5-21-789336058-1644491937-839522115-1011\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Rahman')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-789336058-1644491937-839522115-1011 Startup: New Folder (User 'Rahman')
O4 - S-1-5-21-789336058-1644491937-839522115-1011 Startup: New Folder (2) (User 'Rahman')
O4 - S-1-5-21-789336058-1644491937-839522115-1011 User Startup: New Folder (User 'Rahman')
O4 - S-1-5-21-789336058-1644491937-839522115-1011 User Startup: New Folder (2) (User 'Rahman')
O4 - Startup: PowerMenu.exe
O4 - Startup: PowerMenuHook.dll
O4 - Startup: readme.htm
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O21 - SSODL: aplwin - {44BF99A1-D96E-D1A8-165F-093B09B4FCA3} - C:\Program Files\vdicmyc\aplwin.dll
O22 - SharedTaskScheduler: communa - {af73a174-ea1b-4f0b-b0b1-fe1486a6719c} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - c:\windows\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Security Services Internet (winmech) - Unknown owner - C:\WINDOWS\winmech\NTSERV~1\srunner.exe (file missing)

--
End of file - 11682 bytes

I hope this helps you help me!

Thanks in advance for your time and help.


 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi, Welcome to TSG!!


Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re-enable the protection again afterwards before connecting to the Internet.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
  • Instead of Windows loading as normal, the Advanced Options Menu should appear
  • Select the first option, to run Windows in Safe Mode, then press Enter
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to the clipboard ready for posting back on the forum).
  • Paste the contents of the Report.txt back here with a new HijackThis log
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top