MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Internet & Email arrow Topic: popups from http://4bf65.ilxt.info and about:blank
September 18, 2019, 10:30:53 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
September 18, 2019, 10:30:53 PM

Login with username, password and session length
 
News
Article Writers We are looking for quality, informational articles to add to our Computer Articles
Please contact us if you are interested in submitting some....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: popups from http://4bf65.ilxt.info and about:blank  (Read 3638 times)
schneider
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 6


Bookmark and Share

View Profile
« on: July 18, 2004, 06:17:06 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Windows ME
Problem Application Name & Version: Iexplorer 5.5
Problem Hardware Make & Model: Compaq presario 7463
Error Messages: none



recently my AVG antivirus detected three trojans, one dialer and one downloader, the program says it fixed all, but since then I have this popups from "4bf65.ilxt.info" everytime I use my Internet explorer, and my about:blank page is modified, sorry about my english, I am mexican, hope i can understand your advices, y have downloaded hijackthis.exe and this is my log:

Logfile of HijackThis v1.98.0
Scan saved at 01:39:21 a.m., on 18/07/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG6\AVGCC32.EXE
C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\PING.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\ESCRITORIO\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: July 18, 2004, 08:09:50 AM »

Hello schneider. Let's see if we can do some cleaning up of your log

But first download these tools...
CWShredder---Save to desktop
Run this later
Download from here
http://www.spywareinfo.com/~merijn/files/CWShredder.exe
or here
http://www.softpedia.com/public/scripts/downloadhero/10-17-150/

Next download and Install the free version of Ad-Aware
Run this later

Disconnect from the NET
Do another Scan with Hijackthis and put a check next to these entries and then FIX CHECKED when ALL other windows are closed

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - C:\WINDOWS\IEHR.DLL (file missing)
O2 - BHO: (no name) - {10C8894A-3C13-4AD4-8FDA-943FCA072897} - C:\WINDOWS\MADOPEW.DLL

O18 - Filter: text/html - {AC20A970-A102-4AF3-AEAF-4F7F1704CC1F} - C:\WINDOWS\MADOPEW.DLL
O18 - Filter: text/plain - {AC20A970-A102-4AF3-AEAF-4F7F1704CC1F} - C:\WINDOWS\MADOPEW.DLL

Next with CWShredder open let it FIX all problems

RESTART your computer in Safe Mode

Set windows to Show hidden files and folders

Find and delete this file if it exists
C:\WINDOWS\MADOPEW.DLL <--this file

Also navigate to your Temp folder and delete the Whole contents
C:\WINDOWS\TEMP <--delete the contents

Restart back in Normal Mode
Don't open a browser yet, instead access Internet Options via Control
Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page

Open Ad-Aware----CHECK FOR UPDATES
Set additional options for a custom scan
===================================================
click the gear wheel at the top and check these options:

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"

Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry", "Scan my IE Favorites for banned sites" and "Scan my Hosts file"

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

Click "Proceed" to save your settings, then click "Start", make sure "Activate in-depth scan" is ticked green then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?".
=============================================================
RESTART your computer

Could you also
Download STARTDRECK
http://members.blackbox.net/hp_links/21/nikolaus.rameis/_data/startdreck.zip
Unzip it to it's own folder

run StartDreck.exe:
Hit: -config
hit: -Unmark all
Check these boxes only:
*Registry->run keys
*Registry->Browser helper objects
*System/drivers> Running processes
hit >ok.

Use the "save" tab, to save, name and post the log! Or use the "Insert
File Attachment" and upload the log after you have it saved....

Could you also post a fresh hijackthis log, but first, you are controlling startup items with msconfig, not that there's anything
wrong with it but you may be hiding other malware your not aware of...
Could you enter msconfig and do a Normal startup and Restart your computer and then post back a hijackthis log
« Last Edit: July 18, 2004, 08:12:42 AM by benditup » Logged

 
schneider
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 6


Bookmark and Share

View Profile
« Reply #2 on: July 18, 2004, 01:19:02 PM »

All done, thanks, thanks, thanks a lot, here is the log from startdreck:

StartDreck (build 2.1.5 public BETA)  -  2004-07-18 @ 08:34:46
Platform: Windows ME (Win 4.90.3000 )

Logged

 
schneider
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 6


Bookmark and Share

View Profile
« Reply #3 on: July 18, 2004, 01:33:58 PM »

Here is the fresh log from hijackthis with a normal startup from msconfig:

Logfile of HijackThis v1.98.0
Scan saved at 08:49:19 a.m., on 18/07/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\ESCRITORIO\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #4 on: July 18, 2004, 05:21:28 PM »

Hi again schneider, log looks good---and Startdreck looks clean
I see that you were controlling a few entries on startup, but nothing bad
You can have hijackthis fix these entries too
It won't disable the programs, just stops them from starting up

O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE

You should install these 2 apps., they add extra security while
silently protecting you without running in the background
 
SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
http://www.bleepingcomputer.com/forums/index.php?showtutorial=53

With both, check for updates every couple of weeks

READ THIS
How did I get Infected

Don't delete the backups that hijackthis made for about a week or so
when you know everything is running good
You may want to make a folder on the desktop and put hijackthis and
the backups into that new folder

Is this desktop>>>>>ESCRITORIO Embarrassed Smiley

Regards, benditup
Logged

 
schneider
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 6


Bookmark and Share

View Profile
« Reply #5 on: July 19, 2004, 01:25:44 AM »

;)Hi benditup
Well, I am reading now the post how did I get infected, and then start download of the IESPYAD and spywareblaster...

Yes, Escritorio=Desktop and Archivos de Programa=Program Files Grin

I have a few questions:

1.- Can I keep my mscongif configuration just the way it was? there is still some programs I feel I don't need.
2.- It is ok that I keep my resident shield of AVG antivirus or is there any antivirus better?
3.- The windows restore program use too much precious space of my hard disk drive, can I keep it disabled?
4.- Wich of the programs I download during this log cleaning I must keep?
and finally
5.- Does the spywareblaster and IE-spyad use too much system resources?

well, I guess that's all for now benditup, forums like this make me think that there are still good people oute there in the world;D, thank you
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page September 15, 2019, 02:31:37 PM