Get off my AIM!

page: 1
0

log in

join

posted on Jun, 24 2004 @ 09:30 PM
link   
Yes I know that I already talked about this problem in my spyware post but this is becoming a major problem.

Everytime I minimize AIM to the task bar and then click it to open my buddy list out pops pop ups telling me about how my computer has spyware on it.

Ive ran Spy bot and Adawere, nothing helps or notices anything

This is getting old. Heres my Hijack this log:

Logfile of HijackThis v1.97.7
Scan saved at 9:35:15 PM, on 6/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Tweak-XP Pro\AdBlocker.exe
C:\Program Files\Tweak-XP Pro\tranicon.exe
C:\Program Files\Tweak-XP Pro\popup.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\instant messenger\aim.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\unzipped\hijackthis1977\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ROSSCO~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ROSSCO~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ROSSCO~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ROSSCO~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ROSSCO~1\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ROSSCO~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8C2CED55-06B6-485B-B057-00AAB42274B4} - C:\WINDOWS\System32\epnpala.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [UpdateMgr.exe] "C:\Program Files\EarthLink 5.0\updatemgr.exe" /NOCM
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [BlockAds] "C:\Program Files\Tweak-XP Pro\AdBlocker.exe"
O4 - HKCU\..\Run: [TransparentIcons] "C:\Program Files\Tweak-XP Pro\tranicon.exe" -ex
O4 - HKCU\..\Run: [Pop-Up-Blocker] "C:\Program Files\Tweak-XP Pro\popup.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Trace (HKLM)
O9 - Extra 'Tools' menuitem: VisualRoute Trace (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - download.macromedia.com...
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - launch.gamespyarcade.com...
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - games-dl.real.com...
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - images.fotki.com...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - download.macromedia.com...
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - www.gamespot.com...




posted on Jun, 24 2004 @ 09:41 PM
link   
I picked up a nice little series of trojans yesterday when I was looking for a cursor for my blog. I ran Adaware and Spybot but there was still something there ... when I then ran AVG, it picked up a virus.
Bastards !!!



posted on Jun, 24 2004 @ 09:47 PM
link   

Originally posted by Pisky
when I then ran AVG, it picked up a virus.
Bastards !!!


Do you think you can link to AVG for me, I might need it.



posted on Jun, 24 2004 @ 09:49 PM
link   

Originally posted by Agent47

Originally posted by Pisky
when I then ran AVG, it picked up a virus.
Bastards !!!


Do you think you can link to AVG for me, I might need it.


Screw AVG...Avast is better.

Ill look at your log and post in a few minutes.



posted on Jun, 24 2004 @ 10:01 PM
link   
First fix these.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ROSSCO~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ROSSCO~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ROSSCO~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ROSSCO~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ROSSCO~1\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ROSSCO~1\LOCALS~1\Temp\sp.html

This is causing your homepage hijacking...
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll

Also fix these:
O2 - BHO: (no name) - {8C2CED55-06B6-485B-B057-00AAB42274B4} - C:\WINDOWS\System32\epnpala.dll
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - launch.gamespyarcade.com...



posted on Jun, 24 2004 @ 11:23 PM
link   
Well DLM I ran Avast and deleted those files, came up with a lot of hits for the Win32 Trj and I deleted all of them. Took a metallica kill them all approach and it seems to have payed off. I got back IE and AIM. Thanks for the help.,





 
0

log in

join