 |
| Register | Login | |||||
 |
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
|
| | ||
|
| Register | Login | |||||
|
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
|
| | ||
| 0 user currently in Hardware/Software. |
| Acmlm's Board - I2 Archive - Hardware/Software - Wtf.... |
 |  |  |
| Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
| User | Post | ||
|
DarkSlaya POOOOOOOOOOOORN! Level: 88 Posts: 3595/4249 EXP: 6409254 For next: 241410 Since: 05-16-04 From: Montreal, Quebec, Canada Since last post: 8 hours Last activity: 5 hours |
| ||
| So, here's the deal: I'm browsing the web, then suddenly I my computer suddenly starts lagging. I do what I usually do (minimize all windows and just wait), then I just saw those icon's on my desktop (those "Free ONline Casino", "Free Cellphone...." blah, blah blah.), so I'm like "WTF?". I run Ad-Aware, update the definitions, and get rid of them. Then, I noticed my computer still action slow (but I thought it was because Windows Update was running). Then I opened the task manager, and there was 3 IEXPLORER.EXE (what's the deal with caps, anyway?) processes, which is said were opened by me (else it would say System, right?). I tried getting rid of them, no good. Anyway, will reboot and see if it does any good. Also, Spybot refuses to open (and I'm using Windows XP SP2) Edit: HijackThis log - Logfile of HijackThis v1.99.0 Scan saved at 19:13:38, on 2005-04-14 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\VIAudioi\SBADeck\ADeck.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe C:\Program Files\MSN Messenger\msnmsgr.exe c:\progra~1\intern~1\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Proxomitron Naoko-4\Proxomitron.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Documents and Settings\Philippe\Mes documents\Apps + Installers\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hvstbyrrxxhkujp.com/PfroMNIDY0WpBHDaXWRxEJyFXoXQTFlk8P0y3gp0fz7p2XHhbeptU0qHGeuMcbM_.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {8BB1C8AD-FCD9-835B-BDA3-BDFC874CC49E} - C:\DOCUME~1\Philippe\APPLIC~1\SAVEPA~1\inside up.exe O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [cdromstoproadbalm] C:\Documents and Settings\All Users\Application Data\LocksSupportCdromStop\tick bits.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized O4 - HKCU\..\Run: [Anti Ref] C:\DOCUME~1\Philippe\APPLIC~1\ThatFlag\Eq Sign Browse.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Pages li (edited by DarkSlaya on 04-14-05 11:11 AM) |
|||
FreeDOS Lava Lotus Wannabe-Mod :< Level: 59 Posts: 1377/1657 EXP: 1648646 For next: 24482 Since: 03-15-04 From: Seattle Since last post: 6 hours Last activity: 4 hours |
| ||
| Sounds like a serious case of spyware. The deal with IEXPLORE.EXE is because it's a relic of its old 16-bit name (FAT didn't save case in filenames). I'd recommend building BartPE (live CD of WinXPSP1+ or Windows 2003; you need an install disc of the OS (upgrade or full)) and installing the Ad-Aware plugin. |
|||
|
DarkSlaya POOOOOOOOOOOORN! Level: 88 Posts: 3596/4249 EXP: 6409254 For next: 241410 Since: 05-16-04 From: Montreal, Quebec, Canada Since last post: 8 hours Last activity: 5 hours |
| ||
| Meh. The HijackThis log is weird. Funny thing is that I did my weekly scan yesterday and nothing was found, and trust me, I haven't done anything that could've messed this up. Might as well delete those things with weird names.... ([cdromstoproadbalm] C:\Documents and Settings\All Users\Application Data\LocksSupportCdromStop\tick bits.exe , etc) Edit: Man, it's really asking for it.... Guess It's time to go Safe Mode, since every else pretty much failed. Else it's Restore time, which I don't want to use. Edit 2: Took care of them. But can someone explain me how the fuck those spywares got there (I haven't installed anything since forever, and I Never use IE, yet it was hijhacked.) (edited by DarkSlaya on 04-14-05 11:24 AM) (edited by DarkSlaya on 04-14-05 11:33 AM) |
|||
|
FreeDOS Lava Lotus Wannabe-Mod :< Level: 59 Posts: 1378/1657 EXP: 1648646 For next: 24482 Since: 03-15-04 From: Seattle Since last post: 6 hours Last activity: 4 hours |
| ||
| Anyway. Windows XP always has IE running, always. There's about 6 open ports for task scheduler and IE that allow worms to spread without user invocation. Booting with the same operating system that is infected doesn't help much, that's why I said to use BartPE  |
|||
|
tuna ... Level: 3 Posts: 308/2 EXP: 51 For next: 77 Since: 12-02-04 Since last post: 1 day Last activity: 1 day |
| ||
| One more thing, if you had IEXPLORER.EXE running, you should've found it and gotten rid of it -- the real one is IEXPLORE. |
| Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
| Acmlm's Board - I2 Archive - Hardware/Software - Wtf.... |
| | |
