Tech Support banner

Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter #1
I am trying to help clean up a laptop runnung Win 98. Ads keep on popping upI've run Ad Aware and SpyBot, followed by Hijack This and the Hijack This Analyzer program. There were several trajan horses and other files that were cleaned, but a few small ads continue to appear when Windows opens. Here is the log file after using the Hijack This Analyzer Program (thanks for your help!):


***Security Programs Detected***

C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 12:33:27 PM, on 09/25/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\YOURMONITOR.EXE
C:\WINDOWS\SYS034369187134.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft
Money\System\mnyviewer.dll (file missing)
O2 - BHO: (no name) - {15FCC487-5F64-52E8-1697-56A028FFAEC3} - C:\WINDOWS\SYSTEM\ERE.DLL (file
missing)
O3 - Toolbar: Search - {11709DEA-86E5-F671-60FF-D0840752C805} - C:\WINDOWS\Dprnyjjd.dll (file
missing)
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\Run: [YourMonitor] C:\WINDOWS\YOURMONITOR
O4 - HKLM\..\Run: [sys034369187134] C:\WINDOWS\sys034369187134.exe
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft
Money\System\mnyviewer.dll (file missing)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cab


End of KRC HijackThis Analyzer Log.
====================================================================
 

·
Registered
Joined
·
3 Posts
Discussion Starter #3
results of virusscan.jotti

"Kaspersky Anti-Virus" found: "Trojan.Win32.VB.tg"

The status line says: :INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)

The "Status" line reads: 8e0227737dd17214986e12406d0ea02c
 

·
Registered
Joined
·
3 Posts
Discussion Starter #4
turned off 2 start-up files - with good results

I just disabled two start-up items and the pop-ups have stopped. The items were:

YourMonitor (c:\WINDOWS\YOUR MONITOR)

and:

sys034369187134 (C:\WINDOWS\sys034369187134.exe)

I suppose now I have to see what works to permanently get rid of these two files.
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
If you had disabled them using msconfig, please re-enable them.

Then have HijackThis fix these entries:

O4 - HKLM\..\Run: [YourMonitor] C:\WINDOWS\YOURMONITOR
O4 - HKLM\..\Run: [sys034369187134] C:\WINDOWS\sys034369187134.exe



= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
  • Tick - Show all files and folder
Click Yes to confirm & then click OK

Locate and delete the following files:
  • C:\WINDOWS\YOURMONITOR.exe
    C:\WINDOWS\sys034369187134.exe
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Download & Install CleanUp!
Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
    [*]Delete Newsgroup Subscriptions
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


You do not appear to have an anti-virus application installed on this machine. Let's start off by getting you a free but yet effective antivirus program. Please choose one from any of these 3 programs which are free for home use:
After you have installed the antivirus program, update to the latest virus definitions & do a full system scan of your system. If it finds any threats which it fails to autommatically disinfect, note down the filepaths/names & post them in your next reply.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan



= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).
  • Double-click the tmas-web-scan.exe icon
  • It will say "Loading TrendMicro definitions".
  • Click "Start Scan"
After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

In your next post, please include fresh logs from:
  1. HiJackThis
    [*] Online scan
    [*] Antispyware.log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top