Tech Support Forum - View Single Post

**amateur** · 06-11-2008, 10:48 PM

Hi,

I see that you are using LimeWire, which is a p2p file sharing program. I would like to warn you that the nature of P2P filesharing is so that even if one is using a "clean" program, many of the files downloaded from non-documented sources have the potential of being infected. So, regardless of whether one is using a "clean" program, one may still be prone to infection by malware because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. Also by default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple, file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft.
I recommend very strongly that you remove it from your system via Add/Remove Programs in Control Panel.

You may also wish to also uninstall Viewpoint. It is not malware but described as 'foistware'. It gets installed by AIM and you are not told about it. It can contribute to installation of adware programs.

If you update AIM this program will be installed again. Just uninstall it again.

Please go to Start>Control Panel>Add or Remove Programs and remove, if present:

Viewpoint
Limewire

========================================

Scan with HijackThis and put a checkmark against the following entries, if present:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: MyPoints Toolbar - {4E7BD74F-2B8D-469E-C1EA-F165BB85A330} - C:\PROGRA~1\mypoints\mypoints.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O3 - Toolbar: MyPoints Toolbar - {4E7BD74F-2B8D-469E-C1EA-F165BB85A330} - C:\PROGRA~1\mypoints\mypoints.dll (file missing)
O4 - HKLM\..\Run: [wa7pcw] "C:\PROGRA~1\COMMON~1\WINANT~1\wa7pcw.exe" -c
O4 - HKCU\..\Run: [wa7pcw] "C:\PROGRA~1\COMMON~1\WINANT~1\wa7pcw.exe" -c
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZJfox000
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://mypoints.worldwinner.com/game...amesLoader.cab
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - http://www.infospace.com/mypoints.ma...ointsSetup.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Close all windows and browsers other than HijackThis and click on "fix checked".

=====================================

Restart the computer for the changes to take place.

=====================================

Using Windows Explorer (right click on Start, click on Explore) locate and delete the following folders, if present:

C:\Documents and Settings\All Users\Application Data\Avira
C:\Program Files\Viewpoint
C:\Program Files\LimeWire
C:\WINDOWS\Tasks\McAfee.com

=====================================

Download Dr.WEB CureIt to your desktop from here:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

Double-click cureit.exe to start the program.
Press Start and then OK to start the Express scan
The Express scan takes just a few moments to finish, if something is found, click Yes to cure it
Once the short scan has finished, Click Options->Change settings
Choose the Scan tab and UN-CHECK Heuristic analysis
Choose the Actions tab and make these changes:
- Next to Infected objects select Report
- Next to Incurable objects select Report
- Next to Infected containers select Report
At the bottom-left, UN-CHECK Prompt on action, then press OK to close the settings box.
Note: These settings changes are IMPORTANT, please ensure you have made them before scanning
Then select Complete scan and press the green arrow to start the scan
When the scan is complete, click File-> Save report list, save the report to your desktop and close Dr Web CureIt

================================================

Please post back a fresh HijackThis log along with the DrWebCurit report. Also, please let me know how the computer is running now.

06-11-2008, 10:48 PM	#9 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,282 OS: XP SP3	Re: [SOLVED] HJT and COmboFix Logs Hi, I see that you are using LimeWire, which is a p2p file sharing program. I would like to warn you that the nature of P2P filesharing is so that even if one is using a "clean" program, many of the files downloaded from non-documented sources have the potential of being infected. So, regardless of whether one is using a "clean" program, one may still be prone to infection by malware because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. Also by default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple, file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. I recommend very strongly that you remove it from your system via Add/Remove Programs in Control Panel. You may also wish to also uninstall Viewpoint. It is not malware but described as 'foistware'. It gets installed by AIM and you are not told about it. It can contribute to installation of adware programs. If you update AIM this program will be installed again. Just uninstall it again. Please go to Start>Control Panel>Add or Remove Programs and remove, if present: Viewpoint Limewire ======================================== Scan with HijackThis and put a checkmark against the following entries, if present: R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O2 - BHO: MyPoints Toolbar - {4E7BD74F-2B8D-469E-C1EA-F165BB85A330} - C:\PROGRA~1\mypoints\mypoints.dll (file missing) O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing) O3 - Toolbar: MyPoints Toolbar - {4E7BD74F-2B8D-469E-C1EA-F165BB85A330} - C:\PROGRA~1\mypoints\mypoints.dll (file missing) O4 - HKLM\..\Run: [wa7pcw] "C:\PROGRA~1\COMMON~1\WINANT~1\wa7pcw.exe" -c O4 - HKCU\..\Run: [wa7pcw] "C:\PROGRA~1\COMMON~1\WINANT~1\wa7pcw.exe" -c O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZJfox000 O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://mypoints.worldwinner.com/game...amesLoader.cab O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - http://www.infospace.com/mypoints.ma...ointsSetup.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe Close all windows and browsers other than HijackThis and click on "fix checked". ===================================== Restart the computer for the changes to take place. ===================================== Using Windows Explorer (right click on Start, click on Explore) locate and delete the following folders, if present: C:\Documents and Settings\All Users\Application Data\Avira C:\Program Files\Viewpoint C:\Program Files\LimeWire C:\WINDOWS\Tasks\McAfee.com ===================================== Download Dr.WEB CureIt to your desktop from here: ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe Double-click cureit.exe to start the program. Press Start and then OK to start the Express scan The Express scan takes just a few moments to finish, if something is found, click Yes to cure it Once the short scan has finished, Click Options->Change settings Choose the Scan tab and UN-CHECK Heuristic analysis Choose the Actions tab and make these changes: Next to Infected objects select Report Next to Incurable objects select Report Next to Infected containers select Report At the bottom-left, UN-CHECK Prompt on action, then press OK to close the settings box. Note: These settings changes are IMPORTANT, please ensure you have made them before scanning Then select Complete scan and press the green arrow to start the scan When the scan is complete, click File-> Save report list, save the report to your desktop and close Dr Web CureIt ================================================ Please post back a fresh HijackThis log along with the DrWebCurit report. Also, please let me know how the computer is running now. __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006