MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Re: Security pop-ups
November 17, 2019, 08:20:42 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 17, 2019, 08:20:42 AM

Login with username, password and session length
 Featured Sites:
News
Help us help you! Help us help you by helping out! The more people know about us, the more help will be available. Click here to find out how...
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Re: Security pop-ups  (Read 904 times)
Dude, formerly Dude
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 2


Bookmark and Share

View Profile
« on: July 24, 2006, 02:13:49 PM »

Similar problem, is there a similar solution?

These Security-Pop-Ups are also using some kind of so called "message-service". Also a tray-icon is indicating in 5 to 10 s period "SECURITY ALERT". Additional Note: I am not using Panda-Software, for it ran out of licence some time ago, instead I am using AntiVir.




Log-File:

Logfile of HijackThis v1.99.1
Scan saved at 15:36:38, on 24.07.2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ishost.exe
C:\WINDOWS\System32\isnotify.exe
C:\WINDOWS\System32\issearch.exe
C:\WINDOWS\System32\S3hotkey.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programme\AOL 7.0\aoltray.exe
C:\WINDOWS\System32\ismon.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AMD\PowerNow!\GemServ.exe
C:\Programme\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
C:\Programme\AMD\PowerNow!\gemback.exe
C:\WINDOWS\system32\rvs_cent.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\GetRight\getright.exe
C:\Programme\GetRight\getright.exe
C:\Programme\AOL 7.0\waol.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Besitzer\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programme\GetRight\xx2gr.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\System32\ixt0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Programme\Safety Bar\Safety Bar.dll
O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Erinnerungen in Microsoft Works-Kalender.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: AOL 7.0 Tray-Symbol.lnk = C:\Programme\AOL 7.0\aoltray.exe
O8 - Extra context menu item: Mit GetRight laden - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Mit GetRight-Browser
Logged
Dude, formerly Dude
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 2


Bookmark and Share

View Profile
« Reply #1 on: July 24, 2006, 03:09:18 PM »

Sorry: I almost forgot, though it is not set as a staring page, "sysnetsecurity.net"  is loading each time I run the explorer.
Logged
Geekgirl
Global Moderator
Hero Member
*****

Karma: +25/-1
Offline Offline

Gender: Female
Posts: 3175



Bookmark and Share

View Profile
« Reply #2 on: July 24, 2006, 05:20:55 PM »

    Hi Dude,formerly Dude Welcome to MyTechSupport.ca

    For future advise, plz do not ask for assistance in someone elses thread. I made you your own thread for now, keep all replies in this thread unitl your issue is resolved.

    Your system is out-of-date. You have not installed any service packs (SP1 or SP2) what is the reasoning for this? Plz do not attempt to install SP2 until we get your system clean, it will cause issues.

    You have 2 anti-virus programs running on your system, ( AntiVir PersonalEdition Classic, Panda Antivirus Titanium) plz uninstall one of them. Remove the one that you are not paying a subscription for.



    Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.



    You are running Hijack This from a temporary directory. It needs to be in a permanent folder. Please go into Windows Explorer, click on C:\ then click on File > New > Folder and call it 
HJT , or another name of your choice. The program creates backup files that we may need to use later. If the program is in a Temporary folder, files may be deleted by you or automatically if your system is set to empty temp files.



Download / Install / Update / and Run:
Adaware SE check for any updates before running it.
Get the plug-in for fixing VX2 variants. You can download it at this SITE
 To run this tool, install to the hard drive, then open Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection.



Download and install Spybot S&D . Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. Next click on the 'Check for Problems' button. Let it run the scan. If it finds something, check all those in RED and hit the Fix Selected Problems button. Exit Spybot. If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix and install it over the current Spybot installation.



Perform an online scan with Internet Explorer with  Panda ActiveScan

Click on the "Free To Use ActiveScan" located on the top right hand corner
  • Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  • Enter your e-mail address, country, and state & click Scan Now   * The download of the 8 MB Panda's ActiveX control will take place *
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on See report then click Save report
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan




Download and run SysProtect Remover.exe Once it is running click the "Remove Now" button and follow the on screen instructions.



Download and install  CleanUp! but do not run it yet.




Go to My Computer >Tools >View >Folder Options tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.




For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).




Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).




Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

Safety Bar




Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)


    O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\System32\ixt0.dll
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Programme\Safety Bar\Safety Bar.dll
O21 - SSODL: coursings - {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - C:\WINDOWS\System32\yephk.dll (file missing)



Please remember to close all other windows, including browsers then click Fix checked.




 Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\WINDOWS\System32\ixt0.dll
C:\Programme\Safety Bar\






*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
  • Click on the
Logged




Girlz Rule ...Boyz Drool
____________________________
ALWAYS BACKUP YOUR REGISTRY BEFORE EDITING
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page November 06, 2016, 02:14:43 AM