|
Forum |
|
|||||||
| Software Q&A Having trouble with software? Find solutions here |
 |
|
|
LinkBack | Thread Tools | Display Modes |
12-12-2005, 03:01 PM
|
#1 (permalink) |
|
Right Off the Assembly Line
Join Date: Oct 2005
Location: In this Universe
Posts: 38
|
Spyware cons
__________________
Sometimes, a zero is better than nothing |
|
| Advertisements. Register and be a member of the community to get rid of them. | |
|
Advertisement
|
|
|
12-12-2005, 03:08 PM
|
#2 (permalink) |
|
Commander in Chief
Join Date: Jul 2005
Posts: 6,657
|
Post your HijackThis Log here Hijack This
try finding the adware in "msconfig"'s startup tab... and uncheck it. |
|
|
|
12-12-2005, 05:51 PM
|
#3 (permalink) |
|
Distinguished Member
Join Date: Mar 2005
Location: Pune
Posts: 3,783
|
y dont u schedule a boot-time scan of spybot ? there is such an option in the settings.
usually, in such cases (when a spyware ir running in memory) u shud run ur antivirus/antispy in safe mode. else try to remove it from startups. reboot and then run ur scans.  along with spybot, i recommened that u use an addl freeware anti-spy like spywaredoctor 3.1 or ms anti-spyware or adware. if this fails, then post ur hijackthis logfile here.
__________________
> www.TheWindowsClub.com < = www.WinVistaClub.com = Microsoft® MVP |
|
|
|
12-12-2005, 11:40 PM
|
#5 (permalink) |
|
Human Spambot
Join Date: Nov 2004
Location: Madurai
Posts: 2,338
|
Look at http://www.scanspyware.net/info/SurfSideKick.htm or http://securityresponse.symantec.com...fsidekick.html for manual removal instructions
Also, after ensuring that you have completely remove it, make sure to remove all old system restore points and create a new one so that you dont go back to a time when it was there... Arun |
|
|
|
13-12-2005, 12:06 PM
|
#6 (permalink) |
|
Right Off the Assembly Line
Join Date: Oct 2005
Location: In this Universe
Posts: 38
|
Here's the HIJACK it log
heres the log file u gys asked
and i use only firefox 1.5 Logfile of HijackThis v1.99.1 Scan saved at 12:05:29 PM, on 12/13/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe D:\Program Files\Norton Internet Security\NISUM.EXE D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Norton Internet Security\ccPxySvc.exe D:\Program Files\Norton AntiVirus\navapsvc.exe D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe D:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Common Files\Symantec Shared\ccApp.exe E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Stardock\ObjectDock\ObjectDock.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Program Files\FLASHGET\flashget.exe D:\PROGRA~1\MOZILL~2\THUNDE~1.EXE D:\Program Files\DU Meter\DUMeter.exe D:\Program Files\Winamp\winamp.exe C:\Downloads\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CoolSwitch] D:\WINDOWS\System32\taskswitch.exe O4 - HKLM\..\Run: [Cooling] C:\Program Files\ASUS\Probe\Cooling.exe O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [winupdate] D:\Program Files\winupdate\winupdate.exe /auto O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe O4 - HKLM\..\Run: [ccRegVfy] D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [CursorXP] D:\Program Files\CursorXP\CursorXP.exe O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: Download All by FlashGet - E:\Program Files\FLASHGET\jc_all.htm O8 - Extra context menu item: Download using FlashGet - E:\Program Files\FLASHGET\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open Link Target in Firefox - file://D:\Documents and Settings\ShadeMe.TALOS.000\Application Data\Mozilla\Firefox\Profiles\t02kkgyc.default\ext ensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html O8 - Extra context menu item: View This Page in Firefox - file://D:\Documents and Settings\ShadeMe.TALOS.000\Application Data\Mozilla\Firefox\Profiles\t02kkgyc.default\ext ensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip\..\{7120F671-9DD5-4C72-8F6A-496FC5F99D85}: NameServer = 61.1.192.65 61.0.0.5 O20 - Winlogon Notify: MCPClient - D:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\ccPxySvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - D:\Program Files\Norton Internet Security\NISUM.EXE O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
__________________
Sometimes, a zero is better than nothing |
|
|
|
13-12-2005, 03:22 PM
|
#7 (permalink) |
|
Distinguished Member
Join Date: Mar 2005
Location: Pune
Posts: 3,783
|
u have been infected by winupdate virus.
it must be in D:\Program Files\winupdate\winupdate.exe  first disable it or remove it from the startups list u also have a p2p infection. P2P Networking.exe is an advertising program by Joltid. it monitors your browsing habits and distributes the data back to the author's servers for analysis. it also prompts advertising popups. u also appear to have been infected with a BHO coolwebsearch spyware variant BHO msacmx.dll. :roll: i would recommend u run ur antivirus and atleast 2 anti-spyware (microsoft anti-spy and adware/spywaredoctor), in safe mode/boot-time.
__________________
> www.TheWindowsClub.com < = www.WinVistaClub.com = Microsoft® MVP |
|
|
|
13-12-2005, 11:30 PM
|
#8 (permalink) |
|
Human Spambot
Join Date: Mar 2004
Location: India
Posts: 2,033
|
Re: Here's the HIJACK it log
Hi,
First boot in Safe Mode and run HijackThis. Then click the button "Do only a system scan". Then select these entries: O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O4 - HKLM\..\Run: [winupdate] D:\Program Files\winupdate\winupdate.exe /auto O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe Close all other programs, and click "Fix Checked" in HijackThis. Next, delete this folder:- D:\Program Files\winupdate And this file (Use Search feature to find this file):- p2pnetworking.exe Next, to remove SurfSideKick, follow the procedures given here.
__________________
http://swatrant.blogspot.com/ |
|
|
|
16-12-2005, 10:28 AM
|
#9 (permalink) |
|
Right Off the Assembly Line
Join Date: Oct 2005
Location: In this Universe
Posts: 38
|
Using ad-aware pro 1.06 with latest defs.
i'l do as u say. actually, i had deleted the p2pnetworking file and its entries i think SSK is downloading these stuff
__________________
Sometimes, a zero is better than nothing |
|
|
|
| Bookmarks |
| Thread Tools | |
| Display Modes | |
|
|
Copyright © 2007-12 Nine Dot Nine Mediaworx Pvt. Ltd. All Rights Reserved. Designed by 9.9 Media Design
Linear Mode
