1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unwanted porn links

Discussion in 'Virus & Other Malware Removal' started by Sludgeman, Feb 10, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Sludgeman

    Sludgeman Thread Starter

    Joined:
    Feb 10, 2003
    Messages:
    2
    I have an icon appearing on my starup menu, my desktop & my lower toolbar. It sends me to a porn sight called Adult_Chat. It appears on all users sights of my computer. Efforts to delete it or uninstall it have failed as it reappears whenever the pc is rebooted. I have found it deep in my Windows directory. I tried to remove it but it is somehow read only. When attempting to change its properties, I am told that access is denied. While there are no children using this pc, I would like to get rid of this. I have no idea where it came from or how it accessed my computer. If someone can tell me how to permnently remove it, I would appreciate it. Thank you!
     
  2. steamwiz

    steamwiz

    Joined:
    Oct 4, 2002
    Messages:
    2,773
    Hi Sludgeman

    If you post your startup list we may be able to spot something

    Please post your startup list by doing the following :-

    Please go here and download startuplist 1.51 :-

    http://www.lurkhere.com/~nicefiles/

    Download to any folder or your desktop
    Unzip the zipfile
    Double click the exe file
    go to Edit - select all - copy - and paste the results in a new post here

    steam
     
  3. Sludgeman

    Sludgeman Thread Starter

    Joined:
    Feb 10, 2003
    Messages:
    2
    StartupList report, 13/02/2003, 10:59:07 AM
    StartupList version: 1.51
    Started from : C:\Documents and Settings\Reg Lister\My Documents\StartupList.EXE
    Detected: Windows XP SP1 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\AOL 7.0\aoltray.exe
    C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
    C:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Documents and Settings\Reg Lister\My Documents\StartupList.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
    Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
    Microsoft Works Calendar Reminders.lnk = ?

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    UpdReg = C:\WINDOWS\Updreg.exe
    AHQInit = C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    Microsoft Works Update Detection = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
    (no name) - C:\Program Files\Microsoft Money\System\mnyviewer.dll - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Norton AntiVirus - Scan my computer.job
    Symantec NetDetect.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Symantec AntiVirus scanner]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
    CODEBASE = http://security1.norton.com/SSC/SharedContent/vc/bin/AvSniff.cab

    [OPUCatalog Class]
    InProcServer32 = C:\WINDOWS\System32\opuc.dll
    CODEBASE = http://office.microsoft.com/productupdates/content/opuc.cab

    [{7A32634B-029C-4836-A023-528983982A49}]
    CODEBASE = http://fdl.msn.com/public/chat/msnchat42.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\System32\iuctl.dll
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37563.4785069444

    [Symantec RuFSI Registry Information Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
    CODEBASE = http://security1.norton.com/SSC/SharedContent/sc/bin/cabsa.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [MSN Chat Control 4.5]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
    CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab

    --------------------------------------------------
    End of report, 4,972 bytes
    Report generated in 0.062 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only


    Hope you can make something of this, it's all greek to me!
    Thanks steamwiz
     
  4. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    hi sludge man.....welcome to T.S.G.
    i cant see any problems in your startups.

    could you give us a few details about the icon and its exact location and name in windows.

    and do you have nero installed?(nothing to do with your problem but it might help)
     
  5. Miz

    Miz

    Joined:
    Jul 1, 2002
    Messages:
    2,146
    Download, install and run Spybot which is quite effective in removing the sort of thing you're having problems with.
     
  6. steamwiz

    steamwiz

    Joined:
    Oct 4, 2002
    Messages:
    2,773
    Hi Sludgeman

    Miz has nailed this one for you - spybot does take out Adult_Chat

    here's a few tips on how to run it

    After downloading

    click the online tab to search for and download the updates, then shut down and relaunch SpyBot.

    Go to the Settings tab > File Sets, and uncheck 'System Internals' and 'Tracks' .
    These aren't needed for our present purpose, and you can always experiment with them later on.

    Finally, after closing down Internet Explorer, click 'Check for problems', and have SpyBot remove all it finds 'Fix selected problems'

    you may have to run spybot more than once to clear everything

    Remove everything pre-ticked in Red

    you'll probably be surprised at what else it finds and removes

    steam
     
  7. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    nothing in the s.u.l that i can see relates to any spy/adware,but your right to run spybot,if there is anything it should find it.

    post back with the results.


    edit: re.... adult_chat(relativly new)was included in spybots 02/02/03 update.

    :)
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Unwanted porn links
  1. Harry32
    Replies:
    18
    Views:
    1,431
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/118039

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice