Dan

Members
  • Content Count

    742
  • Joined

  • Last visited

Everything posted by Dan

  1. Dan

    Hj This Log

    Hi murtu52, Please download HijackThis 1.99.0 (Or post a note if it crashes so we know to use this log.) from http://dknoppix.com/Downloads/HijackThis.exe. Put it into the current folder that you have HijackThis in now. Post a new please. dk
  2. WOAH!!! I was thinkin Jesus right when I saw that.....wow
  3. Hi all, I would like to inform you about Microsofts Antispyware Beta version. This is a great program which caught things that I have missed in the HijackThis Scan. Here is a log from a "clean" comp (Alot of registry stuff has been edited out. To see the full log visit http://dknoppix.com/Personal%20Files/Micro...are%20Log.txt ): Spyware Scan Details Start Date: 1/22/2005 12:51:36 AM End Date: 1/22/2005 12:54:59 AM Total Time: 3 mins 23 secs Detected Threats VX2.Transponder Browser Plug-in more information... Details: VX2 is an Internet Explorer browser helper object that monitors Web page requests and data entered into forms. It sends this information to its remote server, and displays pop-up advertisements. VX2 also collects and sends personal information. Status: Removed Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected files detected C:\Documents and Settings\Owner\Local Settings\Temp\THI400A.tmp\polall1m.exe C:\WINDOWS\system32\polall1m.exe ================= Bridge/WinFavorites Spyware more information... Details: Bridge monitors your Internet browsing activities. It logs keystrokes and displays pop-up advertising. Status: Removed Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected files detected c:\windows\downloaded program files\bridge.inf ======================= AvenueMedia.DyFuCA Browser Plug-in more information... Details: AvenueMedia DyFuCA Internet Optimizer is adware that changes your browser error page. It periodically displays pop-up advertisements from its remote sites and may update itself. Status: Removed Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. ============================== Twain Tech Adware more information... Details: Twain Tech is an adware based Internet Explorer browser helper object that displays targeted advertisements based on your browsing patterns. Status: Removed High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected files detected c:\documents and settings\owner\local settings\temp\mxtarget.dll C:\WINDOWS\preInsMt.exe c:\windows\inf\alchem.inf c:\windows\inf\twaintec.inf C:\Documents and Settings\Owner\Local Settings\Temp\THI2849.tmp\mxTarget.dll C:\Documents and Settings\Owner\Local Settings\Temp\THI9ED.tmp\mxTarget.dll C:\Documents and Settings\Owner\Local Settings\Temp\preInsMt.exe C:\Documents and Settings\Owner\Local Settings\Temp\THI2849.tmp\preInsMt.exe C:\Documents and Settings\Owner\Local Settings\Temp\THI7AAC.tmp\preInsMt.exe C:\Documents and Settings\Owner\Local Settings\Temp\THI9ED.tmp\preInsMt.exe ================================ VX2.ABetterInternet Adware more information... Details: ABetterInternet displays advertisements based on the Web sites you visit. Status: Removed High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected files detected c:\documents and settings\owner\local settings\temp\polmx3.cab c:\documents and settings\owner\local settings\temp\polmx3.inf ========================== eXact.CashBack Adware more information... Details: CashBack is part of BargainBuddy adware that displays pop-up advertisements. Status: Removed High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. ======================= eXact.NaviSearch Adware more information... Details: NaviSearch 404 displays pop-up advertisements and redirects the Internet Explorers search error page. Status: Removed High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. ====================== eXact.BargainBuddy Adware more information... Details: BargainBuddy is a Browser Helper Object that watches the pages your browser requests and the terms you enter into a search engine web form. If a term matches a preset list of sites or keywords, BargainBuddy will display an ad. Status: Removed High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected files detected c:\temp\bb_auto_wider.swf c:\temp\bb_click_wider.swf c:\temp\bb_welcome.html c:\temp\bb_welcome1.swf C:\WINDOWS\bbchk.exe ================ DownloadWare Adware more information... Details: DownloadWare downloads and installs software from advertisers. It runs at Windows startup, and, if a network connection is available, it connects to its servers. It can be installed through an ActiveX control. Status: Removed High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. ==================== EUniverse Updater Browser Hijacker more information... Details: EUniverse is adware that runs at Windows startup. EUniverse generates pop-up advertisements, and performs a number of spyware related functions such as transmitting personal information and redirecting Internet Explorer. Status: Removed High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. ======================= IEPlugin Spyware more information... Details: IEPlugin is an Internet Explorer browser helper object that monitors URLs, content entered into forms, and local filenames and displays pops-up advertisements. Status: Removed High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected files detected C:\Documents and Settings\Owner\Local Settings\Temp\wupdt.exe ================ SearchSquire Adware more information... Details: SearchSquire is an Internet Explorer sidebar containing paid links that open when you use search engines. Status: Removed Elevated threat - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge. ================================ Detected Spyware Cookies No spyware cookies were found during this scan. ----------------------------------- So before running HijackThis, I would recommend the user to download this program and use it before running HijackThis. This will get rid of alot of junk that will be there. Run it along with Adaware and Spybot. BUT be aware this is a BETA program. So be careful when running it. Download the file from http://www.microsoft.com/downloads/details...&displaylang=en. Will have updates posted soon about this. dk
  4. Hi kRaZyPsYkO, Close all windows except HijackThis, and check the following items: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 3.120.88.*;3.120.92.*;3.120.96.*;3.120.196.*;3.120.252.*;3.58.248.*;*.capital.ge .com;localhost O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O23 - Service: ZESOFT - Unknown - C:\WINNT\zeta.exe (file missing) These should not be here except if your administrator set them on purpose or if you used Spybots Home Page and Option Lock down features in the Immunize section of Spybot. O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present Close all windows except HijackThis and click the "Fix Checked" button. Reboot and go to this site: http://www.kaspersky.com/scanforvirus. Where it says "Browse" find the following file: C:\WINNT\System32\internat.exe Tell me if it says that the file is legit or malware. Post back with an answer to that and a new HijackThis log. dk
  5. Can you please post a new HijackThis log! Sorry about the messy instructions. dk
  6. Have you ran AdAware SE? If not download it from: http://www.lavasoftusa.com/support/download/ Open it up, and most likely it will ask to search for updates. If it does not, click the globe in the upper-right corner and download them. Run it, and delete all of the critical objects found. Post a new log for me. dk
  7. Hi! I am looking at your log and will post a responce soon! dk
  8. If that does not work, read "Posting a Correct HijackThis Log" from http://www.besttechie.net/forums/index.php?showtopic=1455, and post a log in the forums. Thanks, dk
  9. It didn't work for a while on my comp either. I suggest restarting thunderbird a couple of times....
  10. I've heard that it has false-positives. There is another topic on the forums with more info. http://www.besttechie.net/forums/index.php?showtopic=1410 dk
  11. Ok, It worked...but a tip...In the gmail settings, don't make it do all mail. Now I have 500some emails which are taking a loooooong time to d/l....
  12. Well, I just tried it, and I'm having problems. It is connecting to the server, asking for my pass, but my inbox isn't loading....Any ideas?
  13. Give suggestions for tictoc's baby's name!! Remember it's a girl. Mine is: Kate
  14. A secret...Gmail tells you that...hehe
  15. psssst...psssst...No firewall...Im on my AOL RED account...should I try the admin account?
  16. Ok, so I'm on my friends comp right with an AOL internet connection....so I want to run MSN...can't do it....and If I try an irc client, it gives me this message So, I'm wondering whats up with AOL...it doesn't let me open Java stuff either.. dk
  17. Dan

    About U?

    I love being an exeption!!
  18. Dirt Bike (Vroooom Vrooom!) Son or Daughter?
  19. And some stuff they don't want to admit....(See: Come on: Admit it!)
  20. Why don't you host it on your comp?