More spyware problems
Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: More spyware problems

  1. #1
    Member
    Join Date
    Nov 2002
    Posts
    34

    More spyware problems

    Ok here is my problem some how when my brother was on my computer it got a ton of spyware on it. And maybe a few virus's now i have run my anti virus in safe mode as well as ad aware, mircosoft anti spyware and spybot. After doing this i couldnt connect to the internet open a browser or much else for that matter i got a error on boot up saying something about winnet.exe not being found. I ran the windows repair which fixed that problem now most of the spyware and what not is gone but now my computer is lacking in performance considering how it ran before all this. Ive ran my spyware stuff and found nothing. My IE keeps locking up on some pages but not other. I have taken a hijackthis log. Is there anything yall can tell me that might help?



    Logfile of HijackThis v1.99.1
    Scan saved at 6:40:25 PM, on 1/8/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\sachostx.exe
    C:\WINDOWS\System32\sachostc.exe
    C:\WINDOWS\System32\sachosts.exe
    C:\Program Files\ABC\abc.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Zippy\Local Settings\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.ev1.net/
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe
    O4 - HKLM\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe /s
    O4 - HKLM\..\Run: [HostSrv] C:\WINDOWS\sachostx.exe
    O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [dmpit.exe] C:\WINDOWS\System32\dmpit.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1129620561045
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

  2. #2
    Senior Member hesperus's Avatar
    Join Date
    Jan 2005
    Posts
    416
    This thing is still a mess. Any chance on a full format ? If not, here are a bunch to start with. Most are trojan related.

    C:\WINDOWS\sachostx.exe

    C:\WINDOWS\System32\sachostc.exe

    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll

    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll

    O4 - HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe

    O4 - HKLM\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe /s

    O4 - HKLM\..\Run: [HostSrv] C:\WINDOWS\sachostx.exe

    O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe

    O4 - HKCU\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe

    O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll (file missing

    Not sure :

    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Acti...iveLauncher.cab

    O4 - HKLM\..\Run: [dmpit.exe] C:\WINDOWS\System32\dmpit.exe
    .

  3. #3
    BIOS Bomber
    Join Date
    Jul 2003
    Location
    Michigan
    Posts
    357
    oh man you those pron sites ur bro looks at are killing you
    yea a reformat sounds good at this point unless hesperus helped you out a bit.
    "When in doubt, use Brute Force."

    Never argue with an idiot. They'll drag you down to their level, then beat you with experience.

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hmmm,

    winnet.exe please read this:

    http://www.auditmypc.com/process/winnet.asp

    You might also boot into safe mode and defragment your drive. I would also get Firefox, and use that rather than IE where possible. Get the script blocking and adblocking plug ins for it while you are at it.


    Also get these and run them in safe mode:

    http://www.emsisoft.com/en/software/free/
    http://www.ewido.net/en/


  5. #5
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Also...and some may disagree.....but when you have it all cleaned up, I strongly urge you to get the SP2 and security patches that have come out since SP2 was rolled out.(Aug 2004).


    Then read How Did I get Infected

    You can remove wildtangent through the Add/Remove function.

    With some patience this can be cleaned up without doing a complete re-install, and while your doing it, you can better understand some of what you are playing around with....

    Highjack This Log Tutorial
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    And give your brother a limited user account that does not permit installing software etc. Then if he gets hijacked, the malware will have relatively few authorities.


  7. #7
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Greeting's

    Somthing that seems to be missed out is the Windows (SP1) and Internet Explorer version (6.00.2800.1106) which is old. You must FIRST update your windows apply all patches.

    Then use malware removing software in the safe mode. Also you might want to chang few settings in Internet explorer.


    Go to Control Panel
    Network and Internet connections
    Internet Options
    General
    Temporary internet files
    Settings
    Set to: Every visit to page
    Days to keep pages in history
    Set to: 0
    Security
    Internet
    Custom level
    Reset to: High
    Reset (yes)
    Scroll down to "File download"
    Set to: Enable
    Local intranet
    Sites
    Make sure nothing is selected
    Trusted sites
    Sites (for using update and certain other feature's please add folowing site's
    add: *.microsoft.com
    Make sure "require server verification is not selected
    Move the tab to "Medium"
    Privacy
    Advanced
    Override automatic cookie handling
    First party cookies: Block
    Third-party cookies: Block
    Enable: Always allow session cookies
    Content
    Autocomplete
    Disable all
    Clear forms (yes)
    Clear passwords (yes)
    Programs
    Disable: Internet Explorer should check whether it is the default web browser
    Also now go to advance options and then
    UNCHECK : install on demand (others)
    UNCHECK : enable third party broweser extention's


    You might consider using firefox as a browser. But remember you system will never be secure TILL YOU DO NOT UPDATE YOUR OS (Windows)
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  8. #8
    Junior Member
    Join Date
    Jan 2006
    Posts
    8

    Spyware

    Originally posted here by nihil
    Hmmm,



    Also get these and run them in safe mode:

    http://www.emsisoft.com/en/software/free/
    http://www.ewido.net/en/

    Hey, Nihil. Thanks for the links to these tools. I was able to clean some major Spyware and malware from my personal computer and my 2003 server at work.

  9. #9
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    and my 2003 server at work.
    Servers should not be used to browse the internet.....or pickup mail........so there really should be no spyware on the server.....or malware for that fact.


    Unless of course it is not patched and firewalled.....

    If your server had malware\spyware on it...I would seriously think about reinstalling....never know what you missed....or what has been left behind....

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  10. #10
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    I was able to clean some major Spyware and malware from my personal computer and my 2003 server at work.
    WTF
    HOW did you get a server infected

    [edit]MLF types faster
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •