Author Topic: Spyware trouble  (Read 6742 times)

0 Members and 1 Guest are viewing this topic.

AJones

  • Guest
Spyware trouble
« on: February 01, 2006, 07:58:40 PM »
Here is HijackThis log, Please help,

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Spyware trouble
« Reply #1 on: February 01, 2006, 10:26:55 PM »
Hi AJones,
You are using the latest version of HijackThis.
You are using the latest version of Internet Explorer.
Your OS seems to be up to date.
Software firewall detected.
================================================================================

Using Eddy's program HiLoA3.b1 to analyze your HJTLog, indicates that the following items are
Definetly bad ones. Fix/remove them.
c:\program files\viewpoint\viewpoint manager\viewmgr.exe
o2 - bho: realbar - {4e7bd74f-2b8d-469e-c0ff-fd60b590a87d} - c:\progra~1\common~1\real\toolbar\realbar.dll
o3 - toolbar: realbar - {4e7bd74f-2b8d-469e-c0ff-fd60b590a87d} - c:\progra~1\common~1\real\toolbar\realbar.dll
o4 - hklm\..\run: [viewmgr] c:\program files\viewpoint\viewpoint manager\viewmgr.exe
o4 - hkcu\..\run: [shell] "c:\program files\common files\microsoft shared\web folders\ibm00001.exe"

Use Google to search for the various dll and exe files if you want to see exactly what nasties are hiding on your computer.

Hope this helps :)



P.S.
Sorry Eddy but I couldn't find the link to your download site so I used the link in MySharedFiles.... :'(
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

doc_esb

  • Guest
Re: Spyware trouble
« Reply #2 on: February 01, 2006, 11:50:44 PM »
Hi AJones,

I would be happy to review your HJT log for you.  I have to work tonight.  If you want to check back tomorrow night, I could have a handling worked out.


doc_esb

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Spyware trouble
« Reply #3 on: February 02, 2006, 12:08:53 AM »
Advice here. More cleaning tools to try; Sysclean, CureIT!, Sophos scanner.

http://www.bleepingcomputer.com/forums/lofiversion/index.php/t39913.html
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Spyware trouble
« Reply #4 on: February 02, 2006, 02:06:42 AM »
I would also suggest an anti-spyware solution for a spyware problem. A little information about your problem wouldn't go amiss.

If you haven't already got this software (freeware), download, install, update and run it.
1. Ad-Aware
2. Spybot Search and Destroy
3. Spywareblaster Don't install this until you are clean.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

AJones

  • Guest
Re: Spyware trouble
« Reply #5 on: February 02, 2006, 02:43:37 AM »
Thanks all for your help.

Ewido, MS Spywatcher were useful as Spybot S&D, as I found a lot of spyware, but the real culprit was Zone Alarm hogging the resources, I downloaded Tiny Firewall, all seems to work for now as far as resources are concerned, but I get an error with Ewido resident shield as it crashes, and I upgraded Avast to 4.703 since then I get error 87 cannot start SMTP Incoming & Outgoing e-mail , and NNTP news protection from Avast

Any Leads,

Thanks,
AJ

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Spyware trouble
« Reply #6 on: February 02, 2006, 02:47:48 AM »
4.6.763 I believe you mean.

Ensure that your firewall allows ashMaiSv.exe (avast email scanner) internet access.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Spyware trouble
« Reply #7 on: February 02, 2006, 09:58:01 AM »
Hi AJones,

ibm00001.exe is your real problem: it's a Trojan process.

Has one of the programs I mentioned deleted it?

[AJones mentioned in another post malware running as winlogon.exe, which is a feature of this Trojan.]
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

doc_esb

  • Guest
Re: Spyware trouble
« Reply #8 on: February 02, 2006, 11:23:49 AM »
OK, AJones, I have burned a little midnight oil here and gone over your HijackThis log.  There are a few issues that need to be dealt with.
A couple of basics first:

1.  You have two antivirus programs running -- not a good idea as they will tend to interfere with one another.  How about going to Add/Remove Programs in the Control Panel, finding any instances of Norton, and removing them.  I am not saying this because I am partial to Avast, though I do use it as my own antivirus utility; it really is up to you as to which one to keep, but one of them needs to go.  If you chose to remove Norton, after you remove it from Add/Remove Programs, go to C:\Program Files and delete any Norton and/or Symantec folders.

2. As we will need to be using HijackThis to fix some items, HijackThis.exe needs to be moved from the desktop into it's own folder so it will have a place to store the backups that it makes.  So, open up "My Computer", click on "C:" drive, click on "File" > "New" > "Folder", and name that folder something like HJT so you can readily identify it.  Then move HijackThis.exe into that folder.  Run it from there from now on.

Let's take the rest one step at a time.  First, I need to know if your or your administrator has installed a program to control the computer by remote access, namely "LogMeIn\ragui.exe".  I'm assuming that it was installed intentionally to control the computer through a network, but I'd to make sure.  Also, I need to know if you or your administrator has set restrictions on internet and the Control Panel or if Spybot's Home Page and Option Lock Down feature in the Immunize section of Spybot S&D was used to set them.  Please let me know.

Now, let's do some cleaning up.

First, you will need to disable Spybot's "TeaTimer" function as it will probably try to block the HijackThis fixes.  Here's how:

Open Spybot and click on "Mode" and check "Advanced Mode"
Check "yes" to next window
Click on "Tools" in bottom left hand corner
Click on "Resident" icon
Uncheck Teatimer box and SDHelper (if installed)
Click "Allow Change" box
Important! Reboot to make these changes take effect.

AFTER you have moved HijackThis into it's own folder, open it up again and click on "Do a system scan only", when it finishes, put a check before the following lines:

F2 - REG:system.ini: Shell=explorer.exe
"C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O4 - HKLM\..\Run: [Force Shutdown] C:\Program Files\ForceShutdown\fsd.exe

O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"


Optional fix:

O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt --

   (May not be malicious, but has been known to cause problems.)


Now close ALL windows except HijackThis and hit the "Fix checked" button.

Next, you will need to set XP to show all hidden files:

To enable the viewing of Hidden files follow these steps:

   1. Close all programs so that you are at your desktop.
   2. Double-click on the "My Computer" icon.
   3. Select the "Tools" menu and click "Folder Options".
   4. After the new window appears select the "View" tab.
   5. Put a checkmark in the checkbox labeled "Display the contents of system folders".
   6. Under the Hidden files and folders section select the radio button labeled "Show hidden files and folders".
   7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
   8. Remove the checkmark from the checkbox labeled "Hide protected operating system files".
   9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
  10. Now your computer is configured to show all hidden files.

Because XP will not always show you hidden files and folders by default,
Go to Start > Search and under "More advanced search options", make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"


You will want to print out the rest of these instructions or copy them to Notepad as you will not have internet access from Safe Mode.

Reboot into Safe Mode.  If you're not sure how, click the link below.
http://www.bleepingcomputer.com/tutorials/tutorial61.html

Using Windows Explorer and/or search function, navigate to and delete the following files marked in bold if they are found to exist -- delete ONLY the part in bold:

C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe

Next, using Windows Explorer and/or search function, navigate to and delete the following folders marked in bold if they are found to exist -- delete ONLY the part in bold:

C:\Program Files\ForceShutdown

C:\Program Files\Ad Muncher    (If you have chosen to do without it.)

Empty the Recycle Bin.

Now, reboot back into normal mode and post a fresh HijackThis log.



doc_esb

AJones

  • Guest
Re: Spyware trouble
« Reply #9 on: February 03, 2006, 06:49:40 AM »
Thanks All Very Much :

I found that the Virus/Spyware whatever had infected Zone Alarm, So my CPU was over-clocking becoz of that. I uninstalled ZoneAlarm on that Laptop and installed Tiny Firewall for now. The present computer that I am usinng right now has Zone Alarm and seems to be working correctly. I used Ewido, MS AntiSyware, Spybot S&D, Ad-aware and was able to catch a few,

paytime, C:/Winstall, ibm000.exe, RealVNC infected (MS antispyware found that), SPybot found (severalTrojans)

doc_es I will follow your advice, Norton was present on that Laptop before I got it from my uncle. He had no firewall before and was using RealVNC etc. I guess many virues/spyware may have been infected already. In any case it is working smoothly now. I noticed teh moment the computer got infected. ZA mentioned program settings changed. I dont believe a spyware can disable ZA and make it go haywire. I use IDM for downloadinng Tiny Firewall states that IDM is behaving badly by changing extra settings and getting token ring previliges. I guess Tiny Firewall is better. and also is easy on resources.

Force Shut down is a fast shut down utility I had installed, Ad Muncher is a Ad reoval software I had installed. I now have Ewido active , MS antispyware, AVAST active scans so I think I am safe for the moment. Yu never know if one clicks something from a infected CD.

Thanks all vey much for your help, doc_es I will follow up and post new HijackThis log later.

Thanks
AJ

doc_esb

  • Guest
Re: Spyware trouble
« Reply #10 on: February 03, 2006, 08:14:05 AM »
I am glad that it's running okay now, AJ.  Thanks for letting us know.  I am happy to help anytime if I can.


doc_esb