Other > Viruses and worms

virus-massive pop-ups HELP

<< < (2/2)

lee16:
Hi

--------------------------------------------------------------------------------
THESE ITEMS ARE EITHER HARMFULL OR A SECURITY RISK
WE STRONGLY RECOMMEND TO FIX THEM :
--------------------------------------------------------------------------------
r0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
o1 - hosts: 69.20.16.183 auto.search.msn.com
o1 - hosts: 69.20.16.183 search.netscape.com
o1 - hosts: 69.20.16.183 ieautosearch
o4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
o9 - extra button: weatherbug - {af6cabab-61f9-4f12-a198-b7d41ef1cb52} - c:\program files\aws\weatherbug\weather.exe (file missing) (hkcu)

Run CW-shredder: http://cwshredder.net/bin/CWShredder.exe

Uninstall Media Access from control panel.

Open Task Manager (Alt + Ctrl + Delete), click the processes tab at the top and kill these processes: (if there)

MediaAccK.exe
MediaAccess.exe

Then delete this Folder:

C:\Program Files\Media Access

Then clean all your temp files, there is alot so i suggest you use ccleaner to do this for you: http://www.filehippo.com/download_ccleaner.html

Then reboot your machine

Also there is no active firewall on your system, if you don't use a hardware one (usually in a router) then i suggest you download a free software one called Zonealarm: http://download.zonelabs.com/bin/free/1012_zl/zlsSetup_55_062_011.exe

Then reboot your machine and redo and repost your hijackthis log so we can confirm your clean.

--lee

supersssweety:
thank yo for your help

Logfile of HijackThis v1.99.1
Scan saved at 11:09:08 PM, on 3/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Documents and Settings\Kacie Houser\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Uninstall_WinTools] C:\WINDOWS\Temp\WTuninst.exe /remove
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

galooma:
Your log looks better but if you are still having problems you have to say so. if nothings wrong then  we cant help you fix it.
perhaps the 3 hosts entries should have gone as well
I see you have installed registry mechanic. I suggest a little caution with that program because it has some drawbacks that go hand in hand with some good useful tools. The spyware detector incorporated into the program is actually spyhunter which has a reputation of being loaded with more spyware than it could ever detect. As long as you dont update the definitions then the program wont activate. If you already have then you may find nasties creeping back into your system. At that point i reccommend you uninstall it. Adaware and spybot should be all you need for this.
good luck

lee16:
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com

Should be gone, best thing do now then is to download hoster: http://members.aol.com/toadbee/hoster.zip
When it opens, click on the Restore Original Hosts button and then exit Hoster.
Then redo and repost your hijackthis log.

--lee

Navigation

[0] Message Index

[*] Previous page

Go to full version