1. DDz Quorum DD_Fenrir Posted April 26, 2011 1. DDz Quorum Report Share Posted April 26, 2011 AVG 11 free spotted the lil' fucker in my Sun Java folder, but I think it's nested down in my root Firefox somewhere, as every time I fire up Firefox I get directed to all sorts of (Ahem!) educational sites. Bugger! Sufficed to say nowt seems to be an issue when surfing with on Chrome - which I'm quite enjoying btw - but I don't like the idea of this lil' bastard sitting anywhere on my harddrive. Any suggestions for a good seek-and-destroy program i can get to smite this sumbitch out? Cheers, Fen Quote Link to comment Share on other sites More sharing options...
BluBear Posted April 26, 2011 Report Share Posted April 26, 2011 Tools i've used in the past mate: - Hijackthis (purely to identify and delete nasty registry entries etc) If you have any queries, send me your hijackthis logfile and I should be able to decifer what is good and what is bad because this tool can cripple your system if used incorrectly! - Spybot Search & Destroy - Adaware These all apply well to XP, but I confess since running Win7, I'm pretty happy with MSE (Microsoft Security Essentials). It's relatively lightweight, simple to use and regularly updated. Quote Link to comment Share on other sites More sharing options...
Jediteo Posted April 26, 2011 Report Share Posted April 26, 2011 I agree Adaware is great, but really, Firefox guides you to porno? I punch that into my calculator and it makes a happy face. Quote Link to comment Share on other sites More sharing options...
PropNut Posted April 26, 2011 Report Share Posted April 26, 2011 Malwarebytes is a very good utility for finding and fixing issues such as this. This is in addition to those that BluBear mentioned. Quote Link to comment Share on other sites More sharing options...
2. Administrators fruitbat Posted April 26, 2011 2. Administrators Report Share Posted April 26, 2011 Malwarebytes is a very good utility for finding and fixing issues such as this. its what i use to. Quote Link to comment Share on other sites More sharing options...
1. DDz Quorum Pooka Posted April 26, 2011 1. DDz Quorum Report Share Posted April 26, 2011 I've had the best luck fixing friends computers, since I never visit those sites, ughm... Malwarebytes and SpyBot and sometimes I've had to go to Safe Mode and then run them, but these two have always found the culpert. Quote Link to comment Share on other sites More sharing options...
Mayhem Posted April 26, 2011 Report Share Posted April 26, 2011 Agreed about the safe mode. This is why I have a Smoothwall I made out of an older computer http://www.smoothwall.org/. I also use it as a proxy/webfilter. Its Linux based so it practically impervious to viruses, especially those that are Windows based and stripped down to the bone for added security. It has a antivirus built in and the firewall has pretty nice logging you can check for all internal and external activities. You'd be surprised at the number of time your network will get hit up by probes and potential attacks. There are mods available for it so you can tailor it to your person needs. It handles all my routing and connects directly to my ISP so no need for a cable modem anymore. I can honestly say I love it. After that I use either Zonealarm or Comodo software firewall, Avast free edition and Spybot. I can honestly say I have not had a virus in a very very long time and running scheduled scans never comes up with anything anymore. My systems stay pretty fast and clean with minimal maintenance. Setting up the Smoothwall was a great project and I learned a lot about networking and security. I'd be happy to help anyone get started. All you need is an old PC and two NICs. It is an excellent addition to any home network. Quote Link to comment Share on other sites More sharing options...
gec Posted April 27, 2011 Report Share Posted April 27, 2011 Malwarebytes is a very good utility for finding and fixing issues such as this. This is in addition to those that BluBear mentioned. also http://www.bleepingcomputer.com/ is very good place to search for answers. Quote Link to comment Share on other sites More sharing options...
DD_Brando Posted April 28, 2011 Report Share Posted April 28, 2011 You need to get this sucker out, root and branch, and eradicate it. The trouble with the browser hijack bit is that it can send you anywhere and keep infecting your drive. It's one of the reasons I use either a partition or a separate drive for Windows and the basic apps. If necessary, I can do a format and reinstall without affecting the other partitions and/or drives that carry my games and so on. Worms usually spread their tentacles through Windows and the associated directories and it's not always clear what their full threat actually is. That said, I would download Hijack This! and run a scan AND follow it up by sending the logfile to the specified forum. They are a bunch of dedicated geeks there who will advise you on what to delete and so on. Once you have cleaned up I recommend a good back-up service like Acronis. B Quote Link to comment Share on other sites More sharing options...
1. DDz Quorum DD_Fenrir Posted May 7, 2011 Author 1. DDz Quorum Report Share Posted May 7, 2011 Ok, so i ran both Adaware and Malwarebytes and AVG 11 in safe mode, full system scans; the first two caught something but AVG didn't. All seemed to be ok, but know my PC seems to be having trouble shutting down and just 10 mins ago I' lost sound through my onboard sound card. That and Chrome is locking up. Ghey. Thought i'd nailed the lil bastard but now, I ain't so sure. Got a Hijack this logfile: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 14:55:41, on 07/05/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17096) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\AVG\AVG10\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\avgemcx.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\NaturalPoint\TrackIR4\TrackIR.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Steam\steam.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: (no name) - {792da46f-a4c4-1404-f065-361c34b23609} - C:\WINDOWS\ubohacafofoc.dll (file missing) O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [bCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe" O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033 O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Wnocatebicog] rundll32.exe "C:\WINDOWS\ubohacafofoc.dll",Startup O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 7382 bytes Quote Link to comment Share on other sites More sharing options...
2. Administrators Jabo Posted May 7, 2011 2. Administrators Report Share Posted May 7, 2011 Try this, on a clean machine, go here and download ComboFix. Copy it to a memory stick. Boot your machine to safe mode, and run the exe. This little utility has saved many a customers PC from a rebuild. I think it's fab. Jabo Quote Link to comment Share on other sites More sharing options...
1. DDz Quorum DD_Fenrir Posted May 7, 2011 Author 1. DDz Quorum Report Share Posted May 7, 2011 Hi Nick, thanks muchly, i shall give it go... Quote Link to comment Share on other sites More sharing options...
2. Administrators Jabo Posted May 8, 2011 2. Administrators Report Share Posted May 8, 2011 Keep us posted Tom, I'd completely forgotten about ComboFix since I left P*****d in November but we used to use it all the time. It's regularly updated too so it's a good idea to download it fresh when you want to use it. Jabo Quote Link to comment Share on other sites More sharing options...
1. DDz Quorum DD_Fenrir Posted May 8, 2011 Author 1. DDz Quorum Report Share Posted May 8, 2011 Not much improvement alas... Gonna bite the bullet and reformat. However, on a plus: I've got a shiny new copy of Windows 7! I don't feel so bad as a reformat was something i would have had to do to upgrade anyway. Cheers for all your assistance gents! Quote Link to comment Share on other sites More sharing options...
DD_Brando Posted May 8, 2011 Report Share Posted May 8, 2011 Not much improvement alas... Gonna bite the bullet and reformat. However, on a plus: I've got a shiny new copy of Windows 7! I don't feel so bad as a reformat was something i would have had to do to upgrade anyway. Cheers for all your assistance gents! You'll be pleased you have Win 7..... For one thing it seems to be the best OS for the new sim (CLoD) - plus it supports DX11 and previous viz DX10.1, DX10, and DX9 Quote Link to comment Share on other sites More sharing options...
2. Administrators Jabo Posted May 8, 2011 2. Administrators Report Share Posted May 8, 2011 Yes, Windows 7 is the way to go, and a reformat will (likely) solve the problem Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.