Thread: Constant Pop-ups, three different programs on Desktop, comes back after cleaning
View Single Post
Old 08-09-2007, 06:34 PM   #1 (permalink)
katsumoto
Registered User
 
Join Date: Aug 2007
Posts: 7
OS: XP


Constant Pop-ups, three different programs on Desktop, comes back after cleaning
Hey, this is my first post here, though I've been searching through the forums for a solution to my problem. It seems many other people have already had the same problem anways, however after going through the safe-mode processes of running smitfraudfix, ccleaner, and superantispyware, this virus still seems to be coming back...I guess I should start by posting my Notepad logs from smitfraudfix and superantispyware, which at the end detected no more corrupted or infected files or applications on my computer.
Smitfraudfix:

SmitFraudFix v2.209

Scan done at 19:38:43.46, Thu 08/09/2007
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\privacy_danger\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A009281B-8236-4E0E-9BAE-FD571FD20F93}: DhcpNameServer=167.206.245.77 167.206.245.76
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A009281B-8236-4E0E-9BAE-FD571FD20F93}: DhcpNameServer=167.206.245.77 167.206.245.76
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A009281B-8236-4E0E-9BAE-FD571FD20F93}: DhcpNameServer=167.206.245.77 167.206.245.76
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=167.206.245.77 167.206.245.76
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=167.206.245.77 167.206.245.76
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=167.206.245.77 167.206.245.76


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


Then I ran Ccleaner following the instructions i saw....
Then I ran Superantispyware and saved the log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/09/2007 at 08:18 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 00:35:10

Memory items scanned : 160
Memory threats detected : 0
Registry items scanned : 4212
Registry threats detected : 0
File items scanned : 25672
File threats detected : 0

So, basically, after I rebooted, I logged in, and the desktop is taking an unusual amount of time to load up, and then it read an error as follows:
"Could not find '///C:/Windows/privacy_danger/index.htm'. Make sure the path or internet address is correct."

Can anyone lead me in the right direction here? Any help would be much appreciated.
katsumoto is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here