Amaena Anti-virus pop up, plus random others
| Author |
Message |
Ithlinae
Joined: 04 Apr 2006
Posts: 3
|
 Post subject: Amaena Anti-virus pop up, plus random others |
 |
|
Dear Knowledgable Folk,
I've been following instructions fro your site for the past two days, I tried removing the Blackworm (Symantec Blackworm removal tool says it's not there); I tried removing geeby.dll, it's not in the registry in safe mode; and finally, I found some .dll's that I can't remove, can't rename, because "the file is locked or is being used by another program." I managed to locate them thanks to Spyware Doctor. It also showed some registry values that never come up in HijackThis logs. I deleted/fixed/renamed/modified everything I could find that was considered dangerous, but still the pop ups abound. I remember seeing a post that said that even a format did not manage to get rid of this stuff. I can't post a new hjt log at the moment, but as it doesn't display the files considered malicious by Spyware Doctor, I thought you guys might be able to suggest something else. Thanks for all your help and time in advance. Cheers |
|
Tue Apr 04, 2006 8:32 am
 |
|
 |
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
Hi, lthlinae. Welcome to the 2-Spyware.com forums!
I have to see your HijackThis log. I cannot help you without it. It is quite difficult and ineffective to try eliminating the infection without knowing what it actually is. |
|
Wed Apr 05, 2006 8:43 am
|
|
|
admin13
Site Admin
Joined: 27 Sep 2005
Posts: 17
|
| Post subject: |
|
|
[ADDED BY THE ADMINISTRATOR]
Logfile of HijackThis v1.99.1
Scan saved at 8:00:26 PM, on 4/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Lucyna\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\irl2l53o1.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
This is the latest htj log. I dunno what else to do, I still have that pop up, and others! HEEEEEEEEEEELPPP!!!!!! |
|
Wed Apr 05, 2006 8:51 am
|
|
|
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
Please follow these steps:
1. Download the l2mfix tool and unpack it to a chosen folder.
2. Run the l2mfix tool by executing the l2mfix.bat file.
3. After you get done, run a new HijackThis scan and post a fresh log here. |
|
Wed Apr 05, 2006 9:01 am
|
|
|
Ithlinae
Joined: 04 Apr 2006
Posts: 3
|
| Post subject: I think someone is doing voodoo on me.... |
|
|
Logfile of HijackThis v1.99.1
Scan saved at 7:01:22 PM, on 4/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Lucyna\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Above please find the newest, freshest hjt log. After I ran l2mfix and restarted, there was yet ANOTHER pop up window..... I want to cry. Is there NO way to get rid of this sh**? :'( |
|
Wed Apr 05, 2006 4:06 pm
|
|
|
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
Hi, lthlinae.
Please download a trial version of the ewido anti-malware program. Install it, run a complete system scan and remove all the threats the program will find. |
|
Thu Apr 06, 2006 9:12 am
|
|
|
Ithlinae
Joined: 04 Apr 2006
Posts: 3
|
| Post subject: No pop ups so far.... |
|
|
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 7:21:20 PM, 4/6/2006
+ Report-Checksum: FF6C0306
+ Scan result:
HKU\S-1-5-21-472685443-1950939147-3198043977-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
C:\Config.Msi\52ee14.rbf -> Logger.Agent.gk : Cleaned with backup
C:\Documents and Settings\Lucyna\Desktop\l2mfix\backup.zip/dlls/dn4401hqe.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Lucyna\Desktop\l2mfix\backup.zip/dlls/enr8l19u1.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Lucyna\Desktop\l2mfix\backup.zip/dlls/ikrtrmgr.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Lucyna\Desktop\l2mfix\backup.zip/dlls/is50_32.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Lucyna\Desktop\l2mfix\backup.zip/dlls/j8l40i3qe8.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Lucyna\Desktop\l2mfix\backup.zip/dlls/jt8407lqe.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Lucyna\Desktop\l2mfix\backup.zip/dlls/ktp0l77m1.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Lucyna\Desktop\l2mfix\backup.zip/dlls/nqtui0.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Lucyna\Desktop\l2mfix\backup.zip/dlls/nvj0291mg.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Lucyna\Desktop\l2mfix\backup.zip/dlls/sqgina.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Lucyna\Desktop\l2mfix\backup.zip/dlls/tormmgr.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Lucyna\Desktop\l2mfix\dlls\dn4401hqe.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Lucyna\Desktop\l2mfix\dlls\enr8l19u1.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Lucyna\Desktop\l2mfix\dlls\ikrtrmgr.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Lucyna\Desktop\l2mfix\dlls\is50_32.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Lucyna\Desktop\l2mfix\dlls\j8l40i3qe8.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Lucyna\Desktop\l2mfix\dlls\jt8407lqe.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Lucyna\Desktop\l2mfix\dlls\ktp0l77m1.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Lucyna\Desktop\l2mfix\dlls\nqtui0.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Lucyna\Desktop\l2mfix\dlls\nvj0291mg.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Lucyna\Desktop\l2mfix\dlls\sqgina.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Lucyna\Desktop\l2mfix\dlls\tormmgr.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Lucyna\Local Settings\Temp\Cookies\lucyna@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Lucyna\Local Settings\Temp\Cookies\lucyna@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\system32\guard.vir -> Adware.Look2Me : Cleaned with backup
::Report End
This is a report from ewido. So far so good, no pop ups have appeared since I turned my laptop on. GTO, you might have performed a miracle  If you don't mind, I'll be recommending this site to all my friends, who happen to have a similar problem. Many thanks, man....  |
|
Thu Apr 06, 2006 4:23 pm
|
|
|
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
I'm glad I could help you .
Good Luck |
|
Fri Apr 07, 2006 8:51 am
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
Recommended software:
Spyware Doctor
 (91/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...
Malwarebytes Anti Malware
 (89/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...
Spy Sweeper
 (85/100)
Spy Sweeper is one of the most powerful and effective spyware removers available today. This Webroot Software's product uses unique, patent-pending parasite detection and removal...
Windows Defender
 (80/100)
Windows Defender is a free anti-spyware program made by the leading software company to add native spyware protection to its most popular product - the Microsoft Windows operating...
SUPERAntiSpyware
 (75/100)
SUPERAntiSpyware is a powerful, highly effective spyware remover introducing advanced parasite detection and removal features along with reliable real-time protection. The program is not...
Encyclopedia of parasites:
|
