Solve : Adware Threat - Help? – InterviewSolution

1.	Solve : Adware Threat - Help?
Answer» An Adware found in my system, currently running Windows XP. Cannot remove thru Microsoft Antisoftware, Lavasoft Ad-Adware Information about the threat location File Name: (DrPMon Print Monitor) Transponder.ABetterInternet.DrPMon Type: Adware File Path: c:\windows\system32\drpmon.dll Pubilisher: Direct Revenue File Size: 28160 bytes. Pls help me to remove and get rid of this adware. Thanx.. ohh....gee that rough. What kind of stuff is it doing? Have you tried deleting the file manually? Scan from safe mode. To start with I would like you to do this Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example C:\WINDOWS\Temp\ C:\Temp\ C:\Documents and Settings\username\Local Settings\Temp\ Also delete your Temporary Internet Files, be sure to also select delete all offline content. Do a virus scan good online scanner is at : http://housecall.trendmicro.com. If you get report of files that can’t be cleaned / deleted please write down the filenames and locations and post that in your reply. Then please do this since it’s better to use automated tools to get rid of the bad stuff use these 2 programs first before doing the final cleaning with HJT First use Spybot S&D. http://www.safer-networking.org/index.php Unzip, and update. Install the updates and run. Delete all that it marks in red. Reboot Then it’s time for Ad-Aware http://www.lavasoftusa.com/software/adaware/ Install and update by using the globe ICON. Restart your computer and run Ad-Aware. Press scan now and select drives and/or partitions to be scanned. When done select all and click next. Remove all checked items and then reboot your computer. Please go to this page and read the instructions for how to configure Spybot S&D & Ad-Aware www.zerosrealm.com/scanning.php and read up: How To Setup Spybot SD and Ad-Aware i'll come back later and CHECK up. globalpal_ooty....... Ok .....here's what to do ........reboot into safe mode ....... then shut down system restore . Go into contol panel .........folder options ....click on the view tab .... now mark show hidden files and folders ...click aply and ok . now run your scan with Ms antispyware .......... it should find it and remove it ...... let us know dl65 What does this spyware/adware does: First it shows an error msg as follows: "NOTICE: If your computer has errors in the registry database or file system, it could cause unpredictable or erratic behavior, freezes, and cratches. Would you like to install WinFixer 2005 to check your computer for free? (Recommended)" If we give OK or Cancel A Security Warning error showing "http://winfixer.com/pages/scanner/WinFixer2005Scannerinstall. signed on an unknown date/time and distributed by Vantage Software Inc. You should only instal view If I press Yes or No It autmatically installs Then ads pop up then and there as Aurora - part of ABI Network...... .......... Repair and protect ur PC with WinFixer....... I am ABLE to remove it completely, but it happens again and again when I open internet explorer.. Quote I am able to remove it completely, but it happens again and again when I open internet explorer Mozilla Firefox Use the following applications to completely clean your system: Virus scanners AVG Free -- Anti virus scanner Trend Micro Housecall -- Online anti virus scanner. Anti spy/malware Microsoft Antispyware -- Anti spyware scanner. Windows XP Home and Professional only. Spybot Search & Destroy -- Anti spyware scanner Adaware SE Personal -- Anti spyware scanner Firewalls Using only one firewall is advised. Dual firewalls may cause problems. Using a hardware firewall and a software firewall is even more adviced. ZoneAlarm Free -- Free firewall - more user friendly Sygate Personal -- Free firewall - more configuration options Removal tools The following files are not substitutes for the ones described above. They are either diagnostic tools or removal tools for malware of a certain kind HijackThis -- Manual malware remover. Post the HijackThis log generated only if requested! McAfee Stinger -- Virus removal tool. No substitute for a fully functional virus scanner! CWshredder -- CoolWebSearch removal tool. Widely known and persistant Hijacker.Logfile of HijackThis v1.99.1 Scan saved at 3:39:06 AM, on 07/30/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe c:\windows\system32\zrejjxq.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\System32\VTTimer.exe C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\MICROS~2\Office\WINWORD.EXE C:\Program Files\Scribe Aid\Scribe Aid.exe C:\Program Files\Microsoft Office\Office\EXCEL.EXE C:\WINDOWS\System32\SNDVOL32.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\DocNeT\Bin\Wc32.exe C:\DOCNET\BIN\DOCNETUPLOAD.EXE C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe Continued..... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oemji.com/side_search.html F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: OemjiSearchPlus - {D240DC29-C093-4388-B71F-A7103C796B0C} - C:\Program Files\Oemji\OemjiSearchPlus\OemjiPls.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Program Files\Oemji\Toolbar\OemjiSrc.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe O4 - HKLM\..\Run: [qvpmmac] c:\windows\system32\zrejjxq.exe r O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: autowave.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.maalaimalar.com/wfplayer/tdserver.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122039434500 O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.41optYplkOmji/SpySpotterCabInstall.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = condigi1.com O17 - HKLM\Software\..\Telephony: DomainName = condigi1.com O17 - HKLM\System\CCS\Services\Tcpip\..\{DFE7A3DA-73F1-44C0-8EF6-34A143E3ED07}: NameServer = 202.56.240.5,202.56.250.5 O17 - HKLM\System\CCS\Services\Tcpip\..\{ED6000F7-10DB-4DCF-897D-02D49DD2AA24}: NameServer = 192.168.200.252 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = condigi1.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ichart.com, O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = condigi1.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ichart.com, O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeTypical.......norton and msoft.........download this and run it>http://vil.nai.com/vil/stinger/.......disconnect from the net while scanning.....and disable system restore.....or download spysweeper.......you have a trojan!Use the tools described in my post. Quote C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. For this reason it cannot be run from a Zip file or from Temporary folders because the backups will be deleted. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process! 1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'. 2. Copy and paste HijackThis.exe to the new folder. 3. SCAN with HJT 4. POST the new log in this thread Aurora or ABI network removal help After trying SpySpotter, Webroot SpySweeper, Microsoft AntiSpyware, Ad-Aware SE Personal, and so other things, also tmas-web-scan.exe from http://www.trendmicro.com/spyware-scan/, finally still i cannot get a permanent solution. I am able to remove with all these, but cannot get a permanent solution. When I open internet explorer, it automatically gets installed. I have to run all these again and again. Anyone experienced this type of problem. Check out this blog too http://netrn.net/spywareblog/archives/2005/05/10/got-aurora-nailexe/ Pls. check for this link too. http://netrn.net/spywareblog/archives/2005/06/06/over-30000-search-engines-hits-for-nailexe-aurora/ I can provide what all things are needed. I am going mad Pls Help Antispyware log Started Scanning Internet Cookies Found 'cliks.org' in 'Internet Explorer Cache' Found 'btg.btgrab.com' in 'Internet Explorer Cache' Found 'as-us.falkag.net' in 'Internet Explorer Cache' Found 'abetterinternet.com' in 'Internet Explorer Cache' Found 'bannerspace.com' in 'Internet Explorer Cache' Found 'doubleclick.net' in 'Internet Explorer Cache' Found 'btg.btgrab.com' in 'Internet Explorer Cache' Found 'offeroptimizer.com' in 'Internet Explorer Cache' Programs in Memory Windows Registry Found '' in 'SOFTWARE\Wise Solutions\Wise Installation System\Repair\C:/Program Files/VBouncer/INSTALL.LOG' Found '' in 'SOFTWARE\Classes\Remove' Found '' in 'SYSTEM\ControlSet001\Control\Print\Monitors\ZepMon' Found '' in 'SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon' Internet URL Shortcuts Files and Directories Found '~DFD9F2.tmp' in 'C:\Documents and Settings\Administrator\Local Settings\Temp' Finished Scanning Started Backup Finished Backup Started Cleaning Checking for 'C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD9F2.tmp' in shortcut areas. Checking for 'C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD9F2.tmp' in startup areas. Cleaning 'C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD9F2.tmp' Finished Cleaning Started Scanning Internet Cookies Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Finished Scanning Disconnect from the net.........while doing scans.....while still atttached to the net.....is a waste of your time?And futile....has winxp backup files......held in the system file protection folder and the system restore folder and hidden from the user the recycler folder. and using another browser does not solve trojans!Have you downloaded or installed any files lately......!Do you have any psp programs.....kazza/limewire/bearshare/napster/blubster....etc.....

Solve : Adware Threat - Help?

Answer»

An Adware found in my system, currently running Windows XP. Cannot remove thru Microsoft Antisoftware, Lavasoft Ad-Adware

Information about the threat location

File Name: (DrPMon Print Monitor) Transponder.ABetterInternet.DrPMon
Type: Adware
File Path: c:\windows\system32\drpmon.dll
Pubilisher: Direct Revenue
File Size: 28160 bytes.

Pls help me to remove and get rid of this adware.
Thanx..
ohh....gee that rough. What kind of stuff is it doing? Have you tried deleting the file manually?

Scan from safe mode.

To start with I would like you to do this

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

Do a virus scan good online scanner is at : http://housecall.trendmicro.com.

If you get report of files that can’t be cleaned / deleted please write down the filenames and locations and post that in your reply.

Then please do this since it’s better to use automated tools to get rid of the bad stuff use these 2 programs first before doing the final cleaning with HJT

First use Spybot S&D.
http://www.safer-networking.org/index.php

Unzip, and update. Install the updates and run. Delete all that it marks in red.
Reboot

Then it’s time for Ad-Aware
http://www.lavasoftusa.com/software/adaware/

Install and update by using the globe ICON. Restart your computer and run Ad-Aware.
Press scan now and select drives and/or partitions to be scanned. When done select all and click next. Remove all checked items and then reboot your computer.

Please go to this page and read the instructions for how to configure Spybot S&D & Ad-Aware www.zerosrealm.com/scanning.php and read up: How To Setup Spybot SD and Ad-Aware

i'll come back later and CHECK up.
globalpal_ooty....... Ok .....here's what to do ........reboot into safe mode .......

then shut down system restore .

Go into contol panel .........folder options ....click on the view tab .... now mark show hidden files and folders ...click aply and ok .

now run your scan with Ms antispyware .......... it should find it and remove it ......

let us know

dl65 What does this spyware/adware does:

First it shows an error msg as follows:
"NOTICE: If your computer has errors in the registry database or file system, it could cause unpredictable or erratic behavior, freezes, and cratches.

Would you like to install WinFixer 2005 to check your computer for free? (Recommended)"

If we give OK or Cancel

A Security Warning error showing
"http://winfixer.com/pages/scanner/WinFixer2005Scannerinstall. signed on an unknown date/time and distributed by
Vantage Software Inc.
You should only instal view

If I press Yes or No
It autmatically installs

Then ads pop up then and there
as Aurora - part of ABI Network......
..........
Repair and protect ur PC with WinFixer.......

I am ABLE to remove it completely, but it happens again and again when I open internet explorer.. Quote

I am able to remove it completely, but it happens again and again when I open internet explorer

Mozilla Firefox

Use the following applications to completely clean your system:

Virus scanners
AVG Free
-- Anti virus scanner
Trend Micro Housecall
-- Online anti virus scanner.

Anti spy/malware
Microsoft Antispyware
-- Anti spyware scanner. Windows XP Home and Professional only.
Spybot Search & Destroy
-- Anti spyware scanner
Adaware SE Personal
-- Anti spyware scanner

Firewalls
Using only one firewall is advised. Dual firewalls may cause problems.
Using a hardware firewall and a software firewall is even more adviced.
ZoneAlarm Free
-- Free firewall - more user friendly
Sygate Personal
-- Free firewall - more configuration options

Removal tools
The following files are not substitutes for the ones described above.
They are either diagnostic tools or removal tools for malware of a certain kind

HijackThis
-- Manual malware remover. Post the HijackThis log generated only if requested!
McAfee Stinger
-- Virus removal tool. No substitute for a fully functional virus scanner!
CWshredder
-- CoolWebSearch removal tool. Widely known and persistant Hijacker.Logfile of HijackThis v1.99.1
Scan saved at 3:39:06 AM, on 07/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
c:\windows\system32\zrejjxq.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\MICROS~2\Office\WINWORD.EXE
C:\Program Files\Scribe Aid\Scribe Aid.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\WINDOWS\System32\SNDVOL32.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DocNeT\Bin\Wc32.exe
C:\DOCNET\BIN\DOCNETUPLOAD.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
Continued.....

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oemji.com/side_search.html
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: OemjiSearchPlus - {D240DC29-C093-4388-B71F-A7103C796B0C} - C:\Program Files\Oemji\OemjiSearchPlus\OemjiPls.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Program Files\Oemji\Toolbar\OemjiSrc.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [qvpmmac] c:\windows\system32\zrejjxq.exe r
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: autowave.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.maalaimalar.com/wfplayer/tdserver.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122039434500
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.41optYplkOmji/SpySpotterCabInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = condigi1.com
O17 - HKLM\Software\..\Telephony: DomainName = condigi1.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{DFE7A3DA-73F1-44C0-8EF6-34A143E3ED07}: NameServer = 202.56.240.5,202.56.250.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED6000F7-10DB-4DCF-897D-02D49DD2AA24}: NameServer = 192.168.200.252
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = condigi1.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ichart.com,
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = condigi1.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ichart.com,
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeTypical.......norton and msoft.........download this and run it>http://vil.nai.com/vil/stinger/.......disconnect from the net while scanning.....and disable system restore.....or download spysweeper.......you have a trojan!Use the tools described in my post. Quote

C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. For this reason it cannot be run from a Zip file or from Temporary folders because the backups will be deleted. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!

1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.

2. Copy and paste HijackThis.exe to the new folder.

3. SCAN with HJT

4. POST the new log in this thread

Aurora or ABI network removal help

After trying SpySpotter, Webroot SpySweeper, Microsoft AntiSpyware, Ad-Aware SE Personal, and so other things, also tmas-web-scan.exe from http://www.trendmicro.com/spyware-scan/, finally still i cannot get a permanent solution. I am able to remove with all these, but cannot get a permanent solution. When I open internet explorer, it automatically gets installed. I have to run all these again and again. Anyone experienced this type of problem.

Check out this blog too
http://netrn.net/spywareblog/archives/2005/05/10/got-aurora-nailexe/

Pls. check for this link too.
http://netrn.net/spywareblog/archives/2005/06/06/over-30000-search-engines-hits-for-nailexe-aurora/

I can provide what all things are needed. I am going mad Pls Help Antispyware log

Started Scanning
Internet Cookies
Found 'cliks.org' in 'Internet Explorer Cache'
Found 'btg.btgrab.com' in 'Internet Explorer Cache'
Found 'as-us.falkag.net' in 'Internet Explorer Cache'
Found 'abetterinternet.com' in 'Internet Explorer Cache'
Found 'bannerspace.com' in 'Internet Explorer Cache'
Found 'doubleclick.net' in 'Internet Explorer Cache'
Found 'btg.btgrab.com' in 'Internet Explorer Cache'
Found 'offeroptimizer.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\Wise Solutions\Wise Installation System\Repair\C:/Program Files/VBouncer/INSTALL.LOG'
Found '' in 'SOFTWARE\Classes\Remove'
Found '' in 'SYSTEM\ControlSet001\Control\Print\Monitors\ZepMon'
Found '' in 'SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon'
Internet URL Shortcuts
Files and Directories
Found '~DFD9F2.tmp' in 'C:\Documents and Settings\Administrator\Local Settings\Temp'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD9F2.tmp' in shortcut areas.
Checking for 'C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD9F2.tmp' in startup areas.
Cleaning 'C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD9F2.tmp'
Finished Cleaning
Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Finished Scanning
Disconnect from the net.........while doing scans.....while still atttached to the net.....is a waste of your time?And futile....has winxp backup files......held in the system file protection folder and the system restore folder and hidden from the user the recycler folder. and using another browser does not solve trojans!Have you downloaded or installed any files lately......!Do you have any psp programs.....kazza/limewire/bearshare/napster/blubster....etc.....

Solve : Adware Threat - Help?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment