PDA

View Full Version : Pop-Ups, Spyware and Viruses, THE WHOLE DEAL. HELP!!



bomby101
15-04-2008, 11:49 PM
I had a really bad infection on my computer, viruses etc so I wiped the computer and clean installed Windows XP, I put all my programs back on, all was well, THEN I went away and my brother had downloaded LimeWire Pro and downloaded a bunch of viruses thinking they were songs, mp3's etc. I now get CONSTANT Messenger Service pop-ups titles "Malware warning" I have disabled messenger service and un-installed msn messenger because I thought that associated with the problem, I have the full version of NOD32 3.650 Anti-Virus and Anti-Spy-ware, windows firewall and CCleaner (crap cleaner), I have a random app that every now and again pops up in the system tray, it's a black square (I assume a corrupt bit of spy-ware/virus) that warns me that I have spy-ware and need to scan immediately I click this and it goes away, I had 12 viruses after doing a scan with NOD32, all deleted but still having problems, and just general errors every now and again, can you guys help me out, I'm on Windows XP Service Pack 2 -

Here's my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:31 PM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\msiconf.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB ZP.EXE
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Documents and Settings\Timothy & Jackson\Desktop\HiJackThis.exe

O2 - BHO: (no name) - {AAF17B9E-7245-4CBB-A7B0-C44717CED179} - C:\WINDOWS\system32\d3d8th.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 2285 bytes

Speedy Gonzales
15-04-2008, 11:58 PM
Is that it?? It looks a bit short to me..

Make sure u copy and paste the WHOLE log.

Get rogueremover, trojan remover in my sig in the meantime.

Install and update both, then click on scan

See what they pick up

pctek
16-04-2008, 10:10 AM
I have the full version of NOD32 3.650 Anti-Virus and Anti-Spy-ware, windows firewall and CCleaner (crap cleaner),

Well no wonder you have malware then.
Nod is good as an AV.
CCleaner is a housekeeping program not a malware finder.

Get 2 more:

Superantispyware
Spyware Terminator
Spyware Doctor Starter Edition
Counterspy

whatever..........just have at least 2 stand alone anti-spyware programs in addition to your NOD.

bomby101
16-04-2008, 03:19 PM
Heres my Hijack This log again:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:18:45 PM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Timothy & Jackson\Desktop\HiJackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AAF17B9E-7245-4CBB-A7B0-C44717CED179} - C:\WINDOWS\system32\d3d8th.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 2507 bytes

pctek
16-04-2008, 03:24 PM
The filename is associated with the malware group Generic8.COD.Some files using the name D3D8TH.DLL are also associated with the malware groups:

* Trojan.DoS.Win32.Opdos
* SPYWARE.BZUB.NGP

Like I said.........get some anti-spyware.

Speedy Gonzales
16-04-2008, 03:30 PM
Are you sure, thats ALL of it?? It doesnt look like all of it

Put hijackthis in its own folder then run it again then tick this entry. Its the only entry that shouldn't be there

Disable system restore

O2 - BHO: (no name) - {AAF17B9E-7245-4CBB-A7B0-C44717CED179} - C:\WINDOWS\system32\d3d8th.dll <-- boot into safe mode after, and delete this file