Author Topic: Just a Question x) (Read 5555 times)

Infernhell · « **on:** August 23, 2007, 12:41:39 AM »

Hi there...well I don't know where to post this, so I do it here

Since a few days I got this on my desktop...appear just few minutes and then it's gone, and appear again etc:

sorry for the size hum...

Question: What the hell is this ??
Is this "thing" the "because" of my high Ping ?? I'm a gamer (Pr3ds multi-gaming clan) and since few days my ping is always around 200 !!

I hope you guys can help me...I never had any problems with Avast, so I don't understand what's happening.

ps: I tried the Forum'Faq but it gaves me a 404 Not found

thx, and sorry if this is a stupid question ( who knows =x)

DavidR · « **Reply #1 on:** August 23, 2007, 01:40:28 AM »

This is the avast Internet Mail provider checking email (see image icon arrowed), which I assume is being sent (or possibly received though I doubt that).

Do you have your email periodically check for email ?
Does the IP address or domain look familiar, your ISP for instance ?
I assume that you weren't sending any email at the time ?

If not you may have an undetected email spambot running on your system.

Infernhell · « **Reply #2 on:** August 23, 2007, 02:20:30 AM »

Hi thx for your answer !
For sure I'm not sending mails...just sometimes through Hotmail that all !
And no, the adresse doesn't look familiar...I scaned my computer with Hijack this...nothing !
Should I try a "reboot avast scan" ??

I don't know, how can I find this email spambot

Try to scan with hijackthis when I see the avast icon ??
What the hell is avast doing ? I mean it knows that's a email spambot does it ? Weird :'(

Lisandro · « **Reply #3 on:** August 23, 2007, 03:16:20 AM »

Quote from: Infernhell on August 23, 2007, 02:20:30 AM

For sure I'm not sending mails...
And no, the adresse doesn't look familiar...I scaned my computer with Hijack this...nothing !

Hmm... you're seem infected... what do you mean that HijackThis showed nothing?
Can you post its log here (maybe dividing it into pieces to fit in forum)?

Quote from: Infernhell on August 23, 2007, 02:20:30 AM

Should I try a "reboot avast scan" ??
I don't know, how can I find this email spambot
Try to scan with hijackthis when I see the avast icon ??
What the hell is avast doing ? I mean it knows that's a email spambot does it ? Weird :'(

Maybe this infection is being 'shown' but not detected by avast.
I suggest you to follow the general cleaning procedure:

1. Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After boot you can enable System Restore again after step 3.

2. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

4. It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

5. If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest AVG, Panda and/or F-Secure BlackLight.

6. Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.

7. After you're clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

8. Finally, when you're clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.

DavidR · « **Reply #4 on:** August 23, 2007, 04:07:59 AM »

HiJackThis doesn't detect, it is an analysis tool and just reports what is running on your system, which needs to be analysed. So we will need to see the log, as Tech mentions, paste the contents of the log here, it may take more than one post depending on the size.

CharleyO · « **Reply #5 on:** August 23, 2007, 05:33:03 AM »

***

Does any of the information below seem familiar to you?

Name: 121-79-4-90-dsl.ispone.net.au
IP Address: 121.79.4.90
Location: 38.567S, 146.667E
Network: APNIC-121

Registrant: Data Consulting Group
Registrant ID: OTHER B1727312P

Eligibility Type: Registered Business

Registrant ROID: C1434543-AR
Registrant Contact Name: Chris Monching
Registrant Email: Visit whois.ausregistry.com.au for Web based WhoIs

This IP address is located in southeastern Australia.

***

Infernhell · « **Reply #6 on:** August 23, 2007, 01:38:36 PM »

Waouw thx guys for your answers ; great job ^^ !
OK:
-This guy in Australia, I don't know him, total unknow !
-Secunia told me :

Detection Statistics:
11 Applications Detected in Total
0 Insecure Versions Detected
11 Secure Versions Detected

Running For:
0 Minutes, 17 Seconds

Errors Detected:
0 Errors Detected

-I always used Ad-adware, but this monring a have downloaded a freee trial version from Avg anti spy...
Conclusion ? Ad aware sucks Oh My God !!!
Avg found 150 tracking cookies and on thing located on my second hard disk, a data called downlad.small.bgv, Avg gave him "high rank priority dangerous"...

Well I Destroye everthing, and I will try my ping...hope it will be ok now...

Oh yes when I said hijackthis "found" nothing, I mean I posted the Log on the hijackthis website, and it told me everthing is "green"

Infernhell · « **Reply #7 on:** August 23, 2007, 01:41:12 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34:52, on 23/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Analog Devices\SoundMAX\Smax4.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
F:\Program Files\Analog Devices\Core\smax4pnp.exe
F:\Program Files\DAEMON Tools\daemon.exe
F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\podXP\podXP.exe
F:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
F:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
F:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
F:\Program Files\CyberLink\Shared files\RichVideo.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Program Files\Azureus\Azureus.exe
F:\Program Files\Winamp\winamp.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\typhus\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMAX] "F:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] F:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "F:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = F:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = F:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: podXP.lnk = F:\Program Files\podXP\podXP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Infernhell · « **Reply #8 on:** August 23, 2007, 01:41:48 PM »

O18 - Protocol: bw00s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Infernhell · « **Reply #9 on:** August 23, 2007, 01:44:53 PM »

O18 - Protocol: bwm0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {4BC4C106-EAEA-457E-8C83-2717E083B99E} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 17786 bytes

Lisandro · « **Reply #10 on:** August 23, 2007, 02:33:28 PM »

Your HijackThis seems ok.
http://www.wikifortio.com/446888/Infernhell.html

DavidR · « **Reply #11 on:** August 23, 2007, 03:35:34 PM »

Quote from: Infernhell

Avg found 150 tracking cookies and on thing located on my second hard disk, a data called downlad.small.bgv, Avg gave him "high rank priority dangerous"...

Tracking cookies are common as muck almost every cookie could be considered a tracking cookie and there is no way I would consider it a "high rank priority dangerous" to my mind they over inflate the ranking of tracking cookies which I would consider low risk. AdAware also finds tracking cookies (depends on what your settings are) and they deem to call them critical, cr*p a cookie is a simple text file that contains data usually about visits to that site and that one alone.

You are best served by something like cookiesafe, a firefox extension where you can determine who is allow to set cookies, etc. There are other cookie functions which can be set like not allowing third party cookies (not from the site domain you are visiting) and other cookie tools to keep those on your system to a minimum. This is called treating the disease and not the symptom, the cookie on your system detected by avg-as or adaware.

Infernhell · « **Reply #12 on:** August 23, 2007, 04:25:56 PM »

Right cookies are not dangerous !
I was speaking about the data download.small.bgv, this was the High rank dangerous !!!
Avg found this cookies, Ad adware didnt...
I will try tonight to play with my team mate, wait see ( there is a God of ping right ?

)

DavidR · « **Reply #13 on:** August 23, 2007, 04:41:10 PM »

But you didn't say what the file name or location of this was, it is often hard to keep calm when the dark brown stuff hits the fan after a detection and you should always analyse what is set in front of you.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 30 different scanners.

Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can't do this with the file in the chest, you will need to move it out.

Because if this download.small.bgv was serious, not only did adaware miss it so did avast, the multi-engine scanners above confirm or deny detections. If it is a god detection you need to send a sample to avast for it to analyse and update the VPS signatures.

Author Topic: Just a Question x) (Read 5555 times)

Infernhell

Just a Question x)

DavidR

Re: Just a Question x)

Infernhell

Re: Just a Question x)

Lisandro

Re: Just a Question x)

DavidR

Re: Just a Question x)

CharleyO

Re: Just a Question x)

Infernhell

Re: Just a Question x)

Infernhell

Re: Just a Question x)

Infernhell

Re: Just a Question x)

Infernhell

Re: Just a Question x)

Lisandro

Re: Just a Question x)

DavidR

Re: Just a Question x)

Infernhell

Re: Just a Question x)

DavidR

Re: Just a Question x)