TeenHelp
Support Forums Today's Posts

Get Advice Connect with TeenHelp Resources
HelpLINK Facebook     Twitter     Tumblr     Instagram    Hotlines    Safety Zone    Alternatives

You are not registered or have not logged in

Hello guest! (Not a guest? Log in above!)

As a guest on TeenHelp you are only able to use some of our site's features. By registering an account you will be able to enjoy unlimited access to our site, and will be able to:

  • Connect with thousands of teenagers worldwide by actively taking part in our Support Forums and Chat Room.
  • Find others with similar interests in our Social Groups.
  • Express yourself through our Blogs, Picture Albums and User Profiles.
  • And much much more!

Signing up is free, anonymous and will only take a few moments, so click here to register now!


Technology and Gaming This forum is for discussions about your hardware, software, game or anything Web-related.

Closed Thread
 
Thread Tools Search this Thread
  (#1 (permalink)) Old
Adam Offline
Stand in the rain...
Senior TeenHelper
*******
 
Adam's Avatar
 
Name: Adam
Age: 27
Gender: Male
Location: England

Posts: 941
Blog Entries: 1
Join Date: January 6th 2009

Adware, Spyware, Browser Hijack, Trojans and Viruses. - June 17th 2009, 02:30 PM

Hey, So I feel like I have ALOT of viruses, or just one big one to be honest. I'll list some symptoms below then post my HJT Log, hopefully somebody can help me ASAP

- Spybot won't load
- HOSTS File randomly gets filled with antivirus websites etc.
- AVG Randomly has ALL components disabled
- Java won't run
- FireFox 3.5 Preview (3.5b99) gets randomly redirected to websites such as "Livetosearch.co.uk", "ads.right-ads.com", "search-tracker.net" etc. every time I click a link in google.
- I have 10 svchost.exe processes in my Task Mgr
- No processes in the tast manager have a User Name. (The usually say SYSTEM / Adam, but are all blank)
- I have processes such as searchindexer.exe and Core.exe which take up alot of CPU.
- Computer runs REALLY slow and gets hot REALLY fast.
- I had to rename HijackThis.exe to Hijack2222This.exe for it to run.

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:25:09, on 17/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\HijacksThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\oembios.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {DF74C1A9-3D7E-468D-BA21-A63B0F38489C} - C:\WINDOWS\system32\apphel.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1227046129578
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.7,85.255.112.88
O17 - HKLM\System\CS8\Services\Tcpip\Parameters: NameServer = 85.255.112.7,85.255.112.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.7,85.255.112.88
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - C:\MySQL\MySQL.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE



Katrina's NERD.
[/color] [/b][/color] [/right]
   
  (#2 (permalink)) Old
Deep Brown Eyes Offline
Hic Sunt Dracones
Experienced TeenHelper
******
 
Deep Brown Eyes's Avatar
 
Age: 27
Gender: Male

Posts: 513
Blog Entries: 8
Join Date: January 6th 2009

Re: Adware, Spyware, Browser Hijack, Trojans and Viruses. - June 17th 2009, 08:19 PM

I'd put money on it being this:
Quote:
C:\WINDOWS\Explorer.EXE
You see, the original by Microsoft is C:\WINDOWS\explorer.exe.
The capital E makes all the difference. I'd say you actually have only one or two viruses and most of the problem lies in this one.
Open up C:\WINDOWS and see if you have both Explorer.exe and explorer.exe. If you have both, then I'm certain the Explorer.exe is viral.
If you have just the one, it's possible that the virus deleted the original, or I'm just wrong.

If you have both, there's a registry key that is telling Windows to load Explorer.exe, as opposed to the original. Unfortunately, I can't seem to locate it for Windows Vista. If you're using XP, it's "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon".

So to test if I'm right, first make sure you have a copy of explorer.exe. If you have the original, you're fine. Otherwise, you'll need to download the original from somewhere. If you need XP SP3, Vista Home Premium (32-bit) or Vista Ultimate (64-bit), I can send you those if you can't find it on the net.
Then open the start menu, press and hold the CTRL + Shift and right click in a blank spot on start menu. The rightclick menu that comes up will allow you to exit Explorer.exe. Once it's close, press the Windows key and R which will open the Run dialog. Type in explorer.exe (the real one).
Then try running your anti-virus.

Other than that, safest bet would be to format and reinstall Windows.

EDIT: Just saw that you're on XP SP3. Ignore references to Windows Vista.


   
  (#3 (permalink)) Old
freelancertex78 Offline
Resident Neuro Nerd
Regular TeenHelper
*****
 
freelancertex78's Avatar
 
Name: Steph
Age: 28
Gender: Female
Location: Red, red, white, yellow, green.

Posts: 451
Join Date: January 8th 2009

Re: Adware, Spyware, Browser Hijack, Trojans and Viruses. - June 17th 2009, 08:33 PM

Hey there is a stickie with this, if you'd like to post your virus problems in there, that would be great. Here it is: http://forums.teenhelp.org/f24-techn...s-malware-etc/


I'd sing you a song, but I'm feeling quite off
in my heart; it's occupied,

and now's not the time.

   
  (#4 (permalink)) Old
Union Of V Offline
Scepticism With A Tail
I can't get enough
*********
 
Union Of V's Avatar
 
Name: Basil!!!
Age: 27
Gender: Male
Location: Cork, Ireland

Posts: 2,017
Blog Entries: 22
Join Date: January 31st 2009

Re: Adware, Spyware, Browser Hijack, Trojans and Viruses. - June 17th 2009, 08:33 PM

Silver you're a GENIUS!

Tell me, how can I tap into your unlimited wisdom?
  Send a message via MSN to Union Of V  
  (#5 (permalink)) Old
Deep Brown Eyes Offline
Hic Sunt Dracones
Experienced TeenHelper
******
 
Deep Brown Eyes's Avatar
 
Age: 27
Gender: Male

Posts: 513
Blog Entries: 8
Join Date: January 6th 2009

Re: Adware, Spyware, Browser Hijack, Trojans and Viruses. - June 18th 2009, 10:43 AM

Thanks!
Take back the last 5 years of your life and spend it at a computer...worked for me


   
  (#6 (permalink)) Old
MetaIce Offline
Member
Average Joe
***
 
MetaIce's Avatar
 
Age: 27
Gender: Male

Posts: 162
Join Date: January 6th 2009

Re: Adware, Spyware, Browser Hijack, Trojans and Viruses. - June 18th 2009, 01:34 PM

Here's an automated log analysis of the rest of it.

http://www.buyanainphysics.com/Hijac...auswertung.pdf

Anywho, Explorer.exe info:
Advertising Spyware: DLDER.EXE, Explorer.exe trojan (ClickTillUWin)

If you can't run spybot as an administrator, run in safe mode without networking. It'll stop all unnecessary stuff from starting, thus most likely shutting off your malware, allowing you to launch and remove. I'd also recommend running Ad-Aware and Windows Defender. When you get it removed, I'd recommend running immunization in Spybot and then installing Spyware Blaster. Both the immunize function in Spybot and Spyware blaster work on the same principle of using the HOST file to block bad sites.
   
  (#7 (permalink)) Old
Adam Offline
Stand in the rain...
Senior TeenHelper
*******
 
Adam's Avatar
 
Name: Adam
Age: 27
Gender: Male
Location: England

Posts: 941
Blog Entries: 1
Join Date: January 6th 2009

Re: Adware, Spyware, Browser Hijack, Trojans and Viruses. - June 20th 2009, 11:28 PM

Well I tried a few things (like spybot in safemode) but that wouldn't even run, and I ended up scanning with AVG through CMD. That found about 50 viruses, (One called IVAXjkrmmsi245ksxdfjs.dll or something similar). I removed them all, restarted and bang they were on again. Then something weird happened

- My XP theme went to that of Windows Classic.
- My Computer / My documents etc. was disabled
- 90% of the startup items dissapeared
- After 3 minutes it all froze. I restarted and got "The file C:\WINDOWS\Config\system is corrupt" etc. So I figured it must have destroyed the registry. Then I copied the one from windows\repair across to it, but realised I overwrote it. Then it got onto the log in screen and just went blank.

I figured I was too lazy to sort it all out from there, and went onto Ubuntu (and after realising my external HDDs were in NTFS) I bakced up most of my important data (and outlook.pst's onto a series of SD cards, and did a clean install.

My problem now is (That after installing ALL of the latest drivers from the DELL website), the wireless is nowhere near as strong as it was. I will be sat in the same room as the 54mpbs router, and only get an 11mbps connection at "good" and downstairs (Where it is usally "very good" i get a "very low" and 1.1mbps connection). This is annoying because when in my room, or anywhere in the hosue the wireless will just cut out. (About every 30 minutes). This is causing multiple problems like trying to download all my purchases again from itunes, and I am waiting for a 257mb Ipod Touch OS3 to be installed.

I can't log onto LiveHelp or anything until I fix this problem, because It will cut out in the middle of a call. So I kinda need help ASAP :/

Adam.



Katrina's NERD.
[/color] [/b][/color] [/right]
   
  (#8 (permalink)) Old
Deep Brown Eyes Offline
Hic Sunt Dracones
Experienced TeenHelper
******
 
Deep Brown Eyes's Avatar
 
Age: 27
Gender: Male

Posts: 513
Blog Entries: 8
Join Date: January 6th 2009

Re: Adware, Spyware, Browser Hijack, Trojans and Viruses. - June 21st 2009, 02:41 PM

Uninstall the WLAN drivers, reboot and then reinstall.
If that fails, go into your device properties (Device Manager > Network Adapters) and check the "Advanced" tab. There should be a list of things you can tweak the settings for.
I can't remember all of them, but there's a few things you should check for -
(Enhanced) / Power save - Off
Channel Width - 20/40GHz - make sure it matches your router settings.
Network connection - aggressive mode.
There's a bunch of other stuff I can't remember, so just use your best judgement to see what works.
Also, make sure your network security settings are correct - I usually get poor connectivity if there's something wrong in my settings.


   
  (#9 (permalink)) Old
Power Cosmic Offline
Member
Outside, huh?
**********
 
Power Cosmic's Avatar
 
Name: Janos
Age: 29
Gender: Male
Location: Dundee, Scotland

Posts: 3,922
Blog Entries: 225
Join Date: January 6th 2009

Re: Adware, Spyware, Browser Hijack, Trojans and Viruses. - June 21st 2009, 02:42 PM

Glad to see you got rid of the viruses.
Now regarding the wireless.
Before you reinstaled, did you have a third party program controlling your wireless adapter?
Also, go into the Device Manager (right click on My Computer and click on the Device Manager tab) and tell me what your wireless adapter is called.
Also make sure there's no errors showing on that tab.




"My one desire is for peace -- peace for everyone"

  Send a message via MSN to Power Cosmic  
Closed Thread

Bookmarks

Tags
adware, browser, hijack, spyware, trojans, viruses

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




All material copyright ©1998-2019, TeenHelp.
Terms | Legal | Privacy | Conduct | Complaints

Powered by vBulletin®.
Copyright ©2000-2019, Jelsoft Enterprises Ltd.
Search engine optimization by vBSEO.
Theme developed in association with vBStyles.