Problems removing Linkoptimizer
| Author |
Message |
pipe30
Joined: 29 Oct 2006
Posts: 10
|
 Post subject: Problems removing Linkoptimizer |
 |
|
Hello,
I tried removing manually the Linkoptimizer following your instructions.
When I arrive to the step where I have to download the GMER or the Rootkit Revealer I get trouble.
The file will download, but when it starts executing ir simply stops. I don´t get any instalation wizard or nothing.
Please help!
Perhaps it will be better to reinstall??
Thanks[/i] |
|
Sun Oct 29, 2006 1:29 pm
 |
|
 |
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
Hi pipe30. Welcome to the 2-Spyware.com forums!
Here is a news post dated to September 2, 2006:
| Quote: |
Automatic Gromozon (LinkOptimizer) removal tool is now available. It's a small, but yet highly effective application capable of completely removing the infamous infection.
A week ago, we have published Gromozon and LinkOptimizer Removal Guide providing mostly manual removal instructions. This guide can still be useful. However, we understand that manual removal of such sophisticated, complex threat as Gromozon (LinkOptimizer) is a very difficult task for most users, so we highly recommend using the automatic removal tool instead.
Gromozon Rootkit Removal Tool is made by the Prevx company well-known for its advanced security product Prevx1.
Download automatic removal tool |
And here is a quote from the removal guide:
| Quote: |
| 1. Download the Gromozon Rootkit Removal Tool by Prevx. Run the downloaded file. Gromozon Rootkit Removal Tool will scan your system and remove the main parts of Gromozon (LinkOptimizer) infection. |
As you can see, using the automatic removal tool is highly recommended. I suggest downloading and running it now. Manual removal sure is difficult, especially when the process involves using third-party tools like GMER, which have some own problems preventing them from running on any possible setup. |
|
Sun Oct 29, 2006 2:25 pm
|
|
|
pipe30
Joined: 29 Oct 2006
Posts: 10
|
| Post subject: |
|
|
Thanks for the reply
I already tried downloading the Prevx in my infected computer. The problem is that somehow the site is blocked (yours is also blocked) and i can not enter it. A sign of "page not available" will show. I checked many sites os anti spyware and they are all blocked.
I am using my laptop now, and they all work properly from here. I tried copying the prevx in a cd, but then i can not make it run in my infected computer.
Thank you |
|
Sun Oct 29, 2006 2:44 pm
|
|
|
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
Hi pipe30.
What operating system are you using? If it is Windows XP, use Notepad to open the file C:\WINDOWS\System32\Drivers\etc\hosts. Delete all the lines except for 127.0.0.1 localhost. Save it. Now download the Prevx tool and the HijackThis program. Run the tool once again. Then use HijackThis to scan your system. HijackThis will generate the scan log. Please save it and post here. |
|
Sun Oct 29, 2006 4:02 pm
|
|
|
pipe30
Joined: 29 Oct 2006
Posts: 10
|
| Post subject: |
|
|
Hi GTO, thanks for the reply:
I deleted the files you told me using notepad, and I saved it.
But I still can´t get into the prevx site. They redirect me to the MSN search. Funny, but the e sign in the internet explorer bar is not there (up left). Also a popup opens (systemdoctor 2006).
I can´t get acces to your site as well (also redirect to msn search).
Thanks for your help |
|
Mon Oct 30, 2006 10:02 am
|
|
|
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
Hi pipe30.
Try this:
Download and install the Mozilla Firefox web browser. Use it to access the Prevx site and download the removal tool. If you still cannot get there, use another computer to download that tool, the HijackThis program and a spyware remover such as Spy Sweeper or AVG Anti-Spyware. Transfer all the programs to the infected computer and install them. Then restart your system in Safe Mode and use installed anti-spyware to remove parasites it finds. Then reboot your computer and try running the Prevx tool.
Also, please post your HijackThis log here. |
|
Tue Oct 31, 2006 7:54 am
|
|
|
pipe30
Joined: 29 Oct 2006
Posts: 10
|
| Post subject: |
|
|
Hi GTO, this thing is driving me crazy.
The Mozilla trick didn´t worked out.
I could install the AVG program.
I downloaded the whole prevx programe in a cd. I copied it into the prgramme files, but i don´t know how to make it run. I tried by clicking the install.exe, and prevxcontrol.exe, with no results.
I went to the safe mode, used the AVG cleaned a lot of stuff, but then i could not run the prevx.
i attach you the hijackthis log, and the avg report.
thank you very much for your help.
Logfile of HijackThis v1.99.1
Scan saved at 11:42:00, on 31.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\OfficeScan NT\ntrtscan.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe
C:\OfficeScan NT\pccntmon.exe
C:\OfficeScan NT\RAUAgent.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\vsnpmi03.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\FRITZ!DSL\FwebProt.exe
C:\Programme\Hardcopy\hardcopy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {43E1494A-3447-75AC-0734-85A57C67F5C0} - C:\WINDOWS\wclht1.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [RemoteAgent] C:\OfficeScan NT\RAUAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SNPMI03] C:\WINDOWS\vsnpmi03.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe
O4 - Startup: Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O15 - Trusted Zone: *.ao-z.de (HKLM)
O15 - Trusted Zone: *.aodh.de (HKLM)
O15 - Trusted Zone: *.bonnfinanz-vertrieb.de (HKLM)
O15 - Trusted Zone: *.dgvonline.de (HKLM)
O15 - Trusted Zone: *.herold-vertrieb.de (HKLM)
O15 - Trusted Zone: *.orgam.de (HKLM)
O15 - Trusted Zone: *.zuerich.de (HKLM)
O15 - Trusted Zone: *.zurich.com (HKLM)
O15 - Trusted IP range: http://127.0.0.1 (HKLM)
O16 - DPF: {5A8DA9A9-1DCE-4A91-8537-3F5BACE2D886} - http://mufxggfi.com/9b745929/sm/55000/1/xp/UltraAdult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156672340000
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) -
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: OfficeScanNT Echtzeitsuche (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe
---------------------------------------------------------
AVG Anti-Spyware - Informe del análisis
---------------------------------------------------------
+ Creado en: 11:37:21 31.10.2006
+ Resultado del análisis:
C:\Dokumente und Einstellungen\Anwender0\Cookies\anwender0@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Limpios.
C:\Dokumente und Einstellungen\Anwender0\Cookies\anwender0@adtech[2].txt -> TrackingCookie.Adtech : Limpios.
C:\Dokumente und Einstellungen\Anwender0\Cookies\anwender0@atdmt[1].txt -> TrackingCookie.Atdmt : Limpios.
C:\Dokumente und Einstellungen\Anwender0\Cookies\anwender0@burstnet[2].txt -> TrackingCookie.Burstnet : Limpios.
C:\Dokumente und Einstellungen\Anwender0\Cookies\anwender0@www.burstnet[1].txt -> TrackingCookie.Burstnet : Limpios.
C:\Dokumente und Einstellungen\Anwender0\Cookies\anwender0@com[1].txt -> TrackingCookie.Com : Limpios.
C:\Dokumente und Einstellungen\Anwender0\Cookies\anwender0@doubleclick[2].txt -> TrackingCookie.Doubleclick : Limpios.
C:\Dokumente und Einstellungen\Anwender0\Cookies\anwender0@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Limpios.
C:\Dokumente und Einstellungen\Anwender0\Cookies\anwender0@as1.falkag[1].txt -> TrackingCookie.Falkag : Limpios.
C:\Dokumente und Einstellungen\Anwender0\Cookies\anwender0@ivwbox[2].txt -> TrackingCookie.Ivwbox : Limpios.
C:\Dokumente und Einstellungen\Anwender0\Cookies\anwender0@komtrack[2].txt -> TrackingCookie.Komtrack : Limpios.
C:\Dokumente und Einstellungen\Anwender0\Cookies\anwender0@mediaplex[1].txt -> TrackingCookie.Mediaplex : Limpios.
C:\Dokumente und Einstellungen\Anwender0\Cookies\anwender0@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Limpios.
C:\Dokumente und Einstellungen\Anwender0\Cookies\anwender0@overture[1].txt -> TrackingCookie.Overture : Limpios.
C:\Dokumente und Einstellungen\Anwender0\Cookies\anwender0@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Limpios.
C:\Dokumente und Einstellungen\Anwender0\Cookies\anwender0@statcounter[1].txt -> TrackingCookie.Statcounter : Limpios.
C:\System Volume Information\_restore{ED73103C-9866-4720-998A-5748260B568E}\RP8\A0000424.dll -> Trojan.Pakes : Limpios.
C:\WINDOWS\Downloaded Program Files\RFY.0CX -> Trojan.Pakes : Limpios.
C:\WINDOWS\system32\ECRW.0LL -> Trojan.Pakes : Limpios.
::Fin del informe |
|
Tue Oct 31, 2006 11:06 am
|
|
|
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
Hi pipe30.
Please do this:
1. Download Pocket KillBox or KillBox utility.
2. Use HijackThis to fix the following entries:
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {43E1494A-3447-75AC-0734-85A57C67F5C0} - C:\WINDOWS\wclht1.dll (file missing)
O4 - HKLM\..\Run: [SNPMI03] C:\WINDOWS\vsnpmi03.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {5A8DA9A9-1DCE-4A91-8537-3F5BACE2D886} - http:/ /mufxggfi.com/9b745929/sm/55000/1/xp/UltraAdult.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) -
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
3. Now restart your system in Safe Mode. This step is very important!
4. Once in Safe Mode, use either Pocket KillBox or KillBox to delete the following file:
C:\WINDOWS\vsnpmi03.exe
5. While in Safe Mode, try running Gromozon Rootkit Removal Tool by Prevx.
6. After you get done, restart your computer, run new HijackThis scan and post a fresh log here. |
|
Tue Oct 31, 2006 5:20 pm
|
|
|
pipe30
Joined: 29 Oct 2006
Posts: 10
|
| Post subject: |
|
|
Ok, I did everything you said. I could not enter the site of prevx while in safe mode. Thank you
Here´s the log:
Logfile of HijackThis v1.99.1
Scan saved at 18:48:16, on 31.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\OfficeScan NT\ntrtscan.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe
C:\OfficeScan NT\pccntmon.exe
C:\OfficeScan NT\RAUAgent.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\FRITZ!DSL\FwebProt.exe
C:\Programme\Hardcopy\hardcopy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [RemoteAgent] C:\OfficeScan NT\RAUAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe
O4 - Startup: Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O15 - Trusted Zone: *.ao-z.de (HKLM)
O15 - Trusted Zone: *.aodh.de (HKLM)
O15 - Trusted Zone: *.bonnfinanz-vertrieb.de (HKLM)
O15 - Trusted Zone: *.dgvonline.de (HKLM)
O15 - Trusted Zone: *.herold-vertrieb.de (HKLM)
O15 - Trusted Zone: *.orgam.de (HKLM)
O15 - Trusted Zone: *.zuerich.de (HKLM)
O15 - Trusted Zone: *.zurich.com (HKLM)
O15 - Trusted IP range: http://127.0.0.1 (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156672340000
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: OfficeScanNT Echtzeitsuche (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe |
|
Tue Oct 31, 2006 5:50 pm
|
|
|
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
Hi pipe30.
Use another computer to download Gromozon Rootkit Removal Tool by Prevx. Copy the installation file you downloaded from the Internet (not an already installed program) to a floppy disk and transfer it to the infected system. Try running it in Safe Mode once again.
If this doesn't work, download the trial version of Spy Sweeper (use clean computer also). Install the program to your system, update its definitions and run a complete system scan. Remove all the threats the application will find. |
|
Tue Oct 31, 2006 8:30 pm
|
|
|
pipe30
Joined: 29 Oct 2006
Posts: 10
|
| Post subject: |
|
|
Hi GTO
The Gromozon Rootkit Removal Tool trick didn´t worked out.
I tried downloading in my clean computer the spy Sweeper, but I get this message:
Setup has detected a system file that may be incompatible with spy sweeper.
Details:
Product name: F-Secure Anti Virus Internet Shield
The following shields may be unavailable
Spy Communication Shield
The FSecure is my syste anti virus
Next step??
Thank you |
|
Wed Nov 01, 2006 8:18 am
|
|
|
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
Hi pipe30.
Download the free version of SUPERAntiSpyware. Install this program and update its definitions. Then disconnect your computer from the Internet and disable real-time protection of your F-Secure Anti-Virus. Then run full spyware scan with SUPERAntiSpyware. After it's done, turn on F-Secure real-time protection. |
|
Thu Nov 02, 2006 6:07 pm
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
Recommended software:
Spyware Doctor
 (91/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...
SUPERAntiSpyware
 (89/100)
SUPERAntiSpyware is a powerful, highly effective spyware remover introducing advanced parasite detection and removal features along with reliable real-time protection. The program is not...
CounterSpy
 (85/100)
CounterSpy is a powerful spyware remover based on revolutionary hybrid engine, which incorporates traditional anti-spyware and advanced antivirus engines. Such combination allows CounterSpy...
Malwarebytes Anti Malware
 (75/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...
Windows Defender
(75/100)
Windows Defender is a free anti-spyware program made by the leading software company to add native spyware protection to its most popular product - the Microsoft Windows operating...
Encyclopedia of parasites:
|
