AOA Forums AOA Forums AOA Forums Folding For Team 45 AOA Files Home Front Page Become an AOA Subscriber! UserCP Calendar Memberlist FAQ Search Forum Home


Go Back   AOA Forums > Software > Data Security

Data Security Viruses, Firewalls and Safe computing


Reply
 
LinkBack Thread Tools Rate Thread
  #1 (permalink)  
Old 1st November, 2006, 10:31 AM
Chaz's Avatar
Member
 
Join Date: March 2005
Location: England
Posts: 208

Adware Problem

I've found myself infected with adware. I ran full Kaspersky and Ad-Aware scans but they don't detect anything, I also ran both scans in safe mode.

When using Internet Explorer full screen popups pop up once every 10 minutes or so, and every so often explorer closes and then re-opens, at least thats what it looks like because the start bar and desktop disappear and then reappear a few seconds later.

Does anyone have any suggestions?
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 1st November, 2006, 11:29 AM
danrok's Avatar
AOA Staff
 
Join Date: March 2003
Location: Great Britain
Posts: 18,917

Have you looked through the folders on your disk? See if there are any programs there which you didn't install.

Also, check what processes are running. Google the names to find out more about any suspicious looking processes.

Run Hijackthis:
http://files.aoaforums.com/I1842-hijackthis.zip.html

See what that throws up.
__________________
Desktop PC: AMD FX-8370E / Asus M5A99X Evo R2.0 Motherboard / 16GB DDR3 RAM / GeForce GTX 970
AOA Team fah
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 1st November, 2006, 01:20 PM
Samuknow's Avatar
Member
 
Join Date: September 2001
Location: Indianapolis, Indiana
Posts: 8,941
Send a message via MSN to Samuknow

I have had to restore to a point before it all started in XP before. Ran cleaner after cleaner and it would not stop. Restored back a day or two and all was well.
__________________
Quote:
Originally Posted by Daniel ~ View Post
It's OKAY WE accept you as you think you are here! ":O}
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 1st November, 2006, 04:09 PM
Gizmo's Avatar
Chief BBS Administrator
BassTeroids Champion, Global Player Champion, Aim & Fire Champion, Puzzle Maniax Champion, Othello Champion, Canyon Glider Champion, Unicycle Challenge Champion, YetiSports 9: Final Spit Champion, Zed Champion
 
Join Date: May 2003
Location: Webb City, Mo
Posts: 16,178
Send a message via ICQ to Gizmo Send a message via AIM to Gizmo Send a message via MSN to Gizmo Send a message via Yahoo to Gizmo Send a message via Skype™ to Gizmo

It sounds like you've got a browser hijacker that has installed a Browser Helper Object. Try running Spybot Search and Destroy. I've had good luck with it. You can download it here.

Last edited by Gizmo; 1st November, 2006 at 04:10 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 1st November, 2006, 05:49 PM
Necorum's Avatar
Member
 
Join Date: January 2005
Location: Indianapolis,Indiana,United States
Posts: 1,803
Send a message via AIM to Necorum Send a message via MSN to Necorum Send a message via Yahoo to Necorum

Also try these more than one program should always be used. Each one detects different ones.

Online based one X-Cleaner
http://www.spywareguide.com/onlinescan.php

Ewido - 30 day trial but finds things others dont.
http://www.ewido.net/en/

CounterSpy - 30 day trial also but meh free at first
http://www.sunbelt-software.com/

and just in case run this Anti_virus online scan
http://www.bitdefender.com/scan8/ie.html

System performance scan if you want (we need to get something like this on AOA)
http://www.pcpitstop.com/pcpitstop/default.asp

I have found that the online scans usually find things more often than software based ones (my opinion).Also BEFORE you remove any spyware or virus turn off your system restore. System restore can keep the spyware on your system. So system restore isnt always a good idea.

Here are a few good sites to read.
http://www.spywarewarrior.com/
http://www.spywareguide.com

And just in case test your firewall here
http://www.grc.com/intro.htm
__________________
AOA Team fah


3dMark 11: P7023
3dMark Vantage: P31097

Last edited by Necorum; 1st November, 2006 at 05:57 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 1st November, 2006, 09:47 PM
Chaz's Avatar
Member
 
Join Date: March 2005
Location: England
Posts: 208

I tried Spybot S&D, it only found a few 'tracker cookies', removing them hasn't helped.

I tried system restore three times, and each time it told me after rebooting it could not restore, didn't give a reason.

Here's my hijackthis log:


Logfile of HijackThis v1.99.1
Scan saved at 21:01:52, on 01/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\General Utilities\Daemon Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\General Utilities\Netmeter\NetMeter.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\hijackthis2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\General Utilities\Daemon Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [C:\General Utilities\Netmeter\NetMeter.exe] C:\General Utilities\Netmeter\NetMeter.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1162152894882
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
__________________

Last edited by Chaz; 1st November, 2006 at 10:03 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 1st November, 2006, 11:49 PM
Samuknow's Avatar
Member
 
Join Date: September 2001
Location: Indianapolis, Indiana
Posts: 8,941
Send a message via MSN to Samuknow

Look for things running under msconfig.

Look for new things installed in ADD/Remove programs....
__________________
Quote:
Originally Posted by Daniel ~ View Post
It's OKAY WE accept you as you think you are here! ":O}
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 2nd November, 2006, 01:03 AM
danrok's Avatar
AOA Staff
 
Join Date: March 2003
Location: Great Britain
Posts: 18,917

I can't see anything bad in your hijackthis log.

Sounds like the malware has screwed with your system restore. Unfortunately alot of malware does this.

Tried repairing or uninstalling IE6?
http://www.techspot.com/tweaks/ie6/index.shtml

You may need to disable the system restore to prevent the malware from reappearing when you reboot.
__________________
Desktop PC: AMD FX-8370E / Asus M5A99X Evo R2.0 Motherboard / 16GB DDR3 RAM / GeForce GTX 970
AOA Team fah

Last edited by danrok; 2nd November, 2006 at 01:04 AM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 2nd November, 2006, 04:31 AM
Necorum's Avatar
Member
 
Join Date: January 2005
Location: Indianapolis,Indiana,United States
Posts: 1,803
Send a message via AIM to Necorum Send a message via MSN to Necorum Send a message via Yahoo to Necorum

Try upgrading to IE7 lol? Man glad I never get any bugs,but tracking cookies.
__________________
AOA Team fah


3dMark 11: P7023
3dMark Vantage: P31097
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 2nd November, 2006, 05:43 AM
Chernobyl's Avatar
Projector Wizard
 
Join Date: November 2004
Location: UK
Posts: 594

Do the popups only happen when running messenger or other apps?
ie if you boot and do nothing do they appear?
If you load only IE do they appear?

Check what loads on startup, msconfig tells you only part of the story.
Goto http://www.sysinternals.com/Utilities/Autoruns.html
and download Autoruns (its free).

This will show you many more places where things autoload on startup.
Go careful disabling stuff as you can bork Windows!

If you see a blank entry, disable it.
Same with an entry that has a funny name.
Use common sense to disable anything you dont like the look of.
__________________
2.9m DIY home made LCD PC projector !
Venice 3000+ (1.8GHz) @ 2.7GHz, 1.4V
Stock air cooler
X1800XT clocked to PE
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #11 (permalink)  
Old 2nd November, 2006, 10:00 AM
Chaz's Avatar
Member
 
Join Date: March 2005
Location: England
Posts: 208

I only get the popups if internet explorer is running. Just using firefox solves the problem entirely but I'd rather not leave this thing on my machine. I'll try what danrok said.
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #12 (permalink)  
Old 2nd November, 2006, 11:36 PM
danrok's Avatar
AOA Staff
 
Join Date: March 2003
Location: Great Britain
Posts: 18,917

Trouble with having a broken IE, is that you have to use it for Windows Update. Firefox is no good for that.
__________________
Desktop PC: AMD FX-8370E / Asus M5A99X Evo R2.0 Motherboard / 16GB DDR3 RAM / GeForce GTX 970
AOA Team fah
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #13 (permalink)  
Old 2nd November, 2006, 11:47 PM
Necorum's Avatar
Member
 
Join Date: January 2005
Location: Indianapolis,Indiana,United States
Posts: 1,803
Send a message via AIM to Necorum Send a message via MSN to Necorum Send a message via Yahoo to Necorum

Hey here is a plugin to use windows update in firefox

http://windowsupdate.62nds.com/
__________________
AOA Team fah


3dMark 11: P7023
3dMark Vantage: P31097

Last edited by Necorum; 2nd November, 2006 at 11:48 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #14 (permalink)  
Old 3rd November, 2006, 01:57 AM
Samuknow's Avatar
Member
 
Join Date: September 2001
Location: Indianapolis, Indiana
Posts: 8,941
Send a message via MSN to Samuknow

Dude...that is totally sweet....using it now....
__________________
Quote:
Originally Posted by Daniel ~ View Post
It's OKAY WE accept you as you think you are here! ":O}
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Adware ,Spyware,Virus and Firewall Info Necorum Data Security 20 9th September, 2010 10:35 AM
Company fined $3m for adware use danrok Random Nonsense! 16 11th November, 2006 08:41 PM
Problem running 1T, Possible bios problem? Jay T EPoX MotherBoards 9 7th August, 2005 11:23 PM
8rda+ problem? or cpu problem? m1ke101 EPoX MotherBoards 4 15th May, 2003 09:58 AM
Big problem with 8k5a2+ new problem Raedon EPoX MotherBoards 17 8th November, 2002 06:34 PM


All times are GMT +1. The time now is 05:23 AM.


Copyright ©2001 - 2010, AOA Forums
Don't Click Here Don't Click Here Either

Search Engine Friendly URLs by vBSEO 3.3.0