HJT Log and Screenie

Discussion in 'System Security & Infection Support' started by xishiro, Mar 28, 2006.

  1. xishiro

    xishiro

    Joined:
    Nov 24, 2003
    Messages:
    30
    Likes Received:
    1
    Location:
    Toronto, Canada
    Alright so here we go...

    There seemed to be a new spyware, and I ran spybot and Ad-Aware and they don't seem to catch it.

    Basically it was a spyware that redirected me to this website:

    http://www.securitysafeguards.net/

    It basically says a spyware was found and that people were accessing my computer prompting me to download some anti-spyware program. After closer inspection I found this was just a website and some cruel attempt to make me download some program. Initially I thought it was a windows message but if you look closely it looks very much similar to windows messages (security centre) but there are no microsoft tags anywhere on the website.

    Basically its a spyware website.

    I think it is in someway related to this little thing running on my toolbar. Which I cannot exit or delete or see on my task manager. Its on the bottom right corner the little handicap thing. It says "Virus Alert!" and flashes. I cannot right click, but if i do click it it will open a window which links me to a website advertising "spyguard". Please refer to Screenshot 2

    I also think its some way related to this program highlighted in my add/remove controls. For some reason I cannot uninstall it, as it is all in weird symbols. I folllow the directions but i think some error stops it. Refer to Screenshot 1.

    Help please.

    Thanks

    HJT Log:

    Logfile of HijackThis v1.97.7
    Scan saved at 6:21:04 PM, on 27/03/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    D:\Downloads\HijackThis.exe

    O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139187735443
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
     

    Attached Files:

    xishiro, Mar 28, 2006
    #1
    1. Advertisements

  2. xishiro

    Codex85 Mouse Potato VIP Member

    Joined:
    Apr 19, 2005
    Messages:
    776
    Likes Received:
    18
    Location:
    US
    O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file) is the TROJ_PUPER.BI trojan, and is likely responsible for hijacking your browser. Removal instructions can be found here.
     
    Codex85, Mar 28, 2006
    #2
    1. Advertisements

  3. xishiro

    Goober THQ's Jester Moderator

    Joined:
    Jul 26, 2004
    Messages:
    2,864
    Likes Received:
    35
    Location:
    Colorado
    If that doesnt get rid of the program, then try booting up in safe mode and see if you can uninstal it that way.
     
    Goober, Mar 28, 2006
    #3
  4. xishiro

    xishiro

    Joined:
    Nov 24, 2003
    Messages:
    30
    Likes Received:
    1
    Location:
    Toronto, Canada
    hmm can i get any more help?

    The safe mode uninstallation does not work, i think its missing an uninstall file. and the other tip on removing the trojan seems unclear to me....

    thanks.

    the little thing on the bottom right is still there.
     
    xishiro, Mar 28, 2006
    #4
  5. xishiro

    James Photojournalist

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    Remove CCCleaner, and any other anti-spyware app that you have. Install Microsoft Defender, run it and remove whatever it finds. If this does not help, try the TrendMicro suggestion.

    Before you start any of the steps at TrendMicro, disable the System Restore service by going to Start | Run | services.msc | and look for the service I listed | double click the service | Click Stop and than disable.

    Since you have Windows XP, follow the instructions for XP. First, stop the service running for this spyware app which is explained in the first step and than proceed to remove the registry entires.
     
    James, Mar 28, 2006
    #5
  6. xishiro

    xishiro

    Joined:
    Nov 24, 2003
    Messages:
    30
    Likes Received:
    1
    Location:
    Toronto, Canada
    can i reinstall them after with new installation files downlaoded from their website?
     
    xishiro, Mar 29, 2006
    #6
  7. xishiro

    xishiro

    Joined:
    Nov 24, 2003
    Messages:
    30
    Likes Received:
    1
    Location:
    Toronto, Canada
    wow the situation just increased a whole different level. I come home to my computer and I find this Spyware Quake installed. I'm like wtf. I didn't do anything. I don'tk now if its a hacker or if its something I have no clue. But for sure its related to that **** parasite program that was shown o nmy first screenies.

    So yea if anyone can help me out some more. I'm going to try that trend micro thing... but windows defender didn't do anything.

    screenie attached. I tried uninstalling and disabling, deleting the folder, etc. And when i restart it just reinstalls itself.

    This spyware/virus is starting to piss me off. thanks.

    ps. the trend micro doesn't seem to find the trojan. There is something about a pattern needed. How do I implement the pattern onto the trend micro anti-spyware program (trial version?)
     

    Attached Files:

    Last edited: Mar 29, 2006
    xishiro, Mar 29, 2006
    #7
  8. xishiro

    xishiro

    Joined:
    Nov 24, 2003
    Messages:
    30
    Likes Received:
    1
    Location:
    Toronto, Canada
    after trying. nothing worked. ....
     
    xishiro, Mar 29, 2006
    #8
  9. xishiro

    Codex85 Mouse Potato VIP Member

    Joined:
    Apr 19, 2005
    Messages:
    776
    Likes Received:
    18
    Location:
    US
    Personally, I like the NOD32 antivirus solution. It's fast and has a low overhead. You can download a free trial here.
     
    Codex85, Mar 29, 2006
    #9
  10. xishiro

    xishiro

    Joined:
    Nov 24, 2003
    Messages:
    30
    Likes Received:
    1
    Location:
    Toronto, Canada
    well the nod32 seems to have worked. Is it reliable as a way for anti-spyware and anti-virus. Would I be able to rely on this as my only anti-spyware/anti virus?
     
    xishiro, Mar 29, 2006
    #10
  11. xishiro

    Codex85 Mouse Potato VIP Member

    Joined:
    Apr 19, 2005
    Messages:
    776
    Likes Received:
    18
    Location:
    US
    As far as I can tell, NOD32's detection rate is top-notch for both viruses and spyware/adware. However, if I were you I'd keep at least Spybot S&D around.
     
    Codex85, Mar 29, 2006
    #11
  12. xishiro

    Goober THQ's Jester Moderator

    Joined:
    Jul 26, 2004
    Messages:
    2,864
    Likes Received:
    35
    Location:
    Colorado
    I personaly would suggest Spyware Blaster and Spyware Guard. Blaster prevents known websites from downloading onto your computer, and Guard will notify you of any changes that were made to internet explorer (home page change, new buttons, etc.)
     
    Goober, Mar 29, 2006
    #12
  13. xishiro

    xishiro

    Joined:
    Nov 24, 2003
    Messages:
    30
    Likes Received:
    1
    Location:
    Toronto, Canada
    alright... can i install CC cleaner or will the spyware write it self into that also? (I noticed that the spyware wrote it iself into ad-aware.... )
     
    xishiro, Mar 29, 2006
    #13
  14. xishiro

    Nickweb Resident Filmaker Moderator

    Joined:
    Nov 7, 2003
    Messages:
    2,532
    Likes Received:
    27
    Location:
    North Wales, Britain
    sorry to but in here, but are any of those free by any chance? and i mean not just free trail periods
     
    Nickweb, Mar 29, 2006
    #14
  15. xishiro

    James Photojournalist

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    I know that a lot of people have their favorite anti-spyware apps, I do, Goober does, etc, so what I would do is try them, figure out what you like and what works best for you and use only that application. I'll have to try this NOD program.
     
    James, Mar 29, 2006
    #15
  16. xishiro

    Goober THQ's Jester Moderator

    Joined:
    Jul 26, 2004
    Messages:
    2,864
    Likes Received:
    35
    Location:
    Colorado
    Yes, I would agree to that too. The only reason why I suggest Spyware xxxxx because its like an internet condom.
     
    Goober, Mar 29, 2006
    #16
  17. xishiro

    Nickweb Resident Filmaker Moderator

    Joined:
    Nov 7, 2003
    Messages:
    2,532
    Likes Received:
    27
    Location:
    North Wales, Britain
    A lovely description indeed Goober
     
    Nickweb, Mar 30, 2006
    #17
  18. xishiro

    Goober THQ's Jester Moderator

    Joined:
    Jul 26, 2004
    Messages:
    2,864
    Likes Received:
    35
    Location:
    Colorado
    Ger... thats what everyone says when I say that. But when you look at everything in life there is almost always a safty barrier between you and whatever you are doing (i.e. riding a bike most wear a healmet, rock climbers normally have a harness and rope) why should the internet be any different? No matter how safe you try to be, there is always that chance that you get redirected a problem site, and imo i would rather be safe than sorry about this. </:rant>
     
    Goober, Mar 30, 2006
    #18
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.