How to clear up after-effects of Antivirus 2008 removal

Posted 7/13/2008 6:28 PM
#63550
User avatar

mystikaal Member

Date Joined Nov 2016
Total Posts: 4
Hello there,



While using a friend's laptop, I inadvertently installed Antivirus 2008 (no spyware or antivirus software was installed). At long last, I have been able to get rid of most of the effects through AVG & Spyhunter. However, there are still a few lingering problems:



While surfing, I keep getting directed to their website when clicking links for other things. Every once in a while I will get a popup for some virus program site as well. The wallpaper on the desktop doesn't show because the desktop is trying to load C:\Windows\privacy_danger\index.htm - which I have already deleted. Everywhere there should be an "a.m." or "p.m.", there is a "VIRUS ALERT!" instead.



I can't seem to do definitions updates for either AVG or Spyhunter - even though web pages load just fine. I suspect that one of the changes Antivirus 2008 made to the system is preventing it.



I have tried the remedies posted here, but the computer won't run the install files for either Smitfraudfix.exe, HJTInstall.exe or mbam-setup.exe - which I gather are all meant to clear up the problems caused by Antivirus 2008. I double click on the files, a little hourglass appears, disappears, and absolutely nothing happens. I also suspect they are being blocked by some change made by this virus.



The laptop is running Windows XP. I already deleted all the relevant registry keys, and deleted the folder containing the files for Antivirus 2008. It's the just the after-effects left now. How can I be sure to remove all the system changes if I can't run the recommended programs?



Any help you can give me would be greatly appreciated.
Posted 7/15/2008 1:18 PM
#63637
User avatar

mystikaal Member

Date Joined Nov 2016
Total Posts: 4
Anyone? I have found a fix for the VIRUS ALERT! thing in the time, everything else is still pending no matter what I try. What can I do?
Posted 7/15/2008 5:45 PM
#63649
User avatar

Emilio (SVK) Advanced member

Date Joined Nov 2016
Total Posts: 1162
Hi,

Download:

RogueRemoverFree
https://www.malwarebytes.org/rogueremover/free/rr-free-setup.exe

AntiMalware
https://www.malwaresupport.com/mbam/program/mbam-setup.exe

AntiMalware latest database
https://malwarebytes.gt500.org/mbam-rules.exe

Hijackthis
https://www.bullguard.com/support/tech-guides/how-to-use-hijackthis.aspx
(this link is for download hijackthis and also how to use and create a log file)

1./ Install RogueRemoverFree (dont forget check for updates)
2./ Install AntiMalware (dont forget install latest database)
3./ Install Hijackthis
4./ Reboot to the Safe Mode
5./ Scan with AntiMlaware and than with RogueRemoverFree (after scan save log files)
6./ Remove any threat which will be found
7./ Restart PC to Normal mode
8./ Create a log file in Hijackthis and post to this topic
9./ Post logs from RogueRemover and AntiMalware to this topic
10./ Report if problem still persist
Emilio[sup]29[/sup]

>Hijackthis<>FireFox<
Posted 7/16/2008 5:15 AM
#63664
User avatar

mystikaal Member

Date Joined Nov 2016
Total Posts: 4
Okay, thanks to someone's post here, I found that I could install the programs by running them instead of saving them. Unfortunately, I couldn't do the updates - something is still blocking that. Everything seems to be fixed except for the registydefender.com popup. Here are the logs:







Malwarebytes' Anti-Malware 1.20
Database version: 938
Windows 5.1.2600 Service Pack 2

11:38:36 PM 7/15/2008
mbam-log-7-15-2008 (23-38-22).txt

Scan type: Full Scan (C:\|)
Objects scanned: 139058
Time elapsed: 4 hour(s), 31 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 31
Registry Values Infected: 5
Registry Data Items Infected: 8
Folders Infected: 44
Files Infected: 100

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\geBuSiiF.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\byXOfgGA.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e1a86497-71ed-4e43-aee4-1cda4e647cf9} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e1a86497-71ed-4e43-aee4-1cda4e647cf9} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{70f17c8c-1744-41b6-9d07-575db448dcc5} (Rogue.Multiple) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{035c1836-0d78-dabc-f4a7-d5d0517ee1f9} (Rogue.MalwareWiped) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{96e6b1c3-b5d0-89cc-4909-92d85a48b1a0} (Rogue.SpyHeal) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{dc71a335-f233-4012-b8a4-97f4b534f813} (Rogue.Spy.Heal) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1fc9f3ea-a44e-4a31-b30c-bbde943356cd} (Rogue.SystemDoctor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\alot (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\MalwareWipe.EXE (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6cf0a05e-7d6b-4e00-b836-b3f23513657c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cf0a05e-7d6b-4e00-b836-b3f23513657c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxofgga (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8f6978cd-20af-41f2-abfa-c3c7c7caab73} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f6818e71-d7b7-4dad-9596-215dda7f76f9} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{b7414275-c725-4450-8db7-0d97e6cb415e} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c03d1e0a-412d-4a38-8097-774cf2652612} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c03d1e0a-412d-4a38-8097-774cf2652612} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\sqvgnrpx.bqgp (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\videoaccessactivex.Chl (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a4c1f431 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6cf0a05e-7d6b-4e00-b836-b3f23513657c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f6818e71-d7b7-4dad-9596-215dda7f76f9} (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebusiif -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebusiif -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\SH (Rogue.Spy.Heal) -> No action taken.
C:\Program Files\SH\SpyHeal 2.6 (Rogue.Spy.Heal) -> No action taken.
C:\Program Files\Common Files\SystemDoctor 2006 (Rogue.SystemDoctor) -> No action taken.
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\LBT\Application Data\SystemDoctor 2006 (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\LBT\Application Data\SystemDoctor 2006\Logs (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\Ellie\Application Data\SystemDoctor 2006 (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\Ellie\Application Data\SystemDoctor 2006\Logs (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\SystemDoctor 2006 (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\SystemDoctor 2006\Logs (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\BM\Application Data\SystemDoctor 2006 (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\BM\Application Data\SystemDoctor 2006\Logs (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\Ellie\Application Data\alot (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\BrowserSearch (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\configurator (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\ErrorSearch (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\postInstallLayout (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\products (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Product_0 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Product_1 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Product_2 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Product_3 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Product_4 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Product_5 (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Resources (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Resources\Images (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\TimerManager (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\ToolbarSearch (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Updater (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\rhcr0rj0e3cj (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\rhcr0rj0e3cj\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\rhcr0rj0e3cj\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\rhcr0rj0e3cj\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\rhcr0rj0e3cj\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\rhcr0rj0e3cj\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\rhcr0rj0e3cj\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\rhcr0rj0e3cj\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\rhcr0rj0e3cj\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\rhcr0rj0e3cj\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\rhcr0rj0e3cj\Quarantine\Packages (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Start Menu\Programs\Antispyware 2008 (Rogue.Antispyware) -> No action taken.

Files Infected:
C:\WINDOWS\system32\geBuSiiF.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\FiiSuBeg.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\FiiSuBeg.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hbpadnei.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\iendapbh.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kxxrsayp.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pyasrxxk.ini (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Local Settings\Temp\e098f406-4f27-453c-84c2-fbe64fc5c068.tmp (Worm.P2P) -> No action taken.
C:\Program Files\outlook\v.tmp (Worm.P2P) -> No action taken.
C:\Program Files\The Weather Channel FW\Framework\wxfw.dll (Adware.Hotbar) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP239\A0069247.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP240\A0069295.dll (Rogue.AntivirusXP2008) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP240\A0069301.exe (Worm.Alcra) -> No action taken.
C:\WINDOWS\ebvs.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\SH\SpyHeal 2.6\SpyHeal 2.6.exe (Rogue.Spy.Heal) -> No action taken.
C:\Program Files\SH\SpyHeal 2.6\sq.ini (Rogue.Spy.Heal) -> No action taken.
C:\Program Files\Common Files\SystemDoctor 2006\err.log (Rogue.SystemDoctor) -> No action taken.
C:\Program Files\Common Files\SystemDoctor 2006\order.dll (Rogue.SystemDoctor) -> No action taken.
C:\Program Files\Common Files\SystemDoctor 2006\SDR6cw.exe (Rogue.SystemDoctor) -> No action taken.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\LBT\Application Data\SystemDoctor 2006\Logs\update.log (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\Ellie\Application Data\SystemDoctor 2006\Logs\update.log (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\SystemDoctor 2006\activator_info.txt (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\SystemDoctor 2006\Logs\update.log (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\BM\Application Data\SystemDoctor 2006\Logs\update.log (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\toolbar.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\BrowserSearch\BrowserSearch.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\configurator\configurator.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\configurator\configurator.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\ErrorSearch\ErrorSearch.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\postInstallLayout\postInstallLayout.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\products\products.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\products\products.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Product_0\Product_0.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Product_0\Product_0.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Product_1\Product_1.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Product_1\Product_1.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Product_2\Product_2.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Product_2\Product_2.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Product_3\Product_3.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Product_3\Product_3.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Product_4\Product_4.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Product_4\Product_4.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Product_5\Product_5.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Product_5\Product_5.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Resources\Images\alot_brand.png (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Resources\Images\alot_icon_35x16.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Resources\Images\alot_search_24x16.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Resources\Images\default_226_alot_videos_videosearch.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Resources\Images\default_227_alot_videos_videovault.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Resources\Images\default_228_alot_videos_videoedit.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Resources\Images\default_229_alot_mrkt_tv_webcaster.bmp (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\TimerManager\TimerManager.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\TimerManager\TimerManager.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\ToolbarSearch\ToolbarSearch.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Updater\Updater.xml (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\alot\Updater\Updater.xml.backup (Adware.BHO) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Start Menu\Programs\Antispyware 2008\Antispyware-2008.lnk (Rogue.Antispyware) -> No action taken.
C:\WINDOWS\system32\clbdll.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\clbdriver.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\cmd.com (Worm.Alcra) -> No action taken.
C:\WINDOWS\system32\netstat.com (Worm.Alcra) -> No action taken.
C:\WINDOWS\system32\ping.com (Worm.Alcra) -> No action taken.
C:\WINDOWS\system32\regedit.com (Worm.Alcra) -> No action taken.
C:\WINDOWS\system32\tasklist.com (Worm.Alcra) -> No action taken.
C:\WINDOWS\system32\tracert.com (Worm.Alcra) -> No action taken.
C:\WINDOWS\system32\byXOfgGA.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fcccbXoL.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\fdxbameg.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\fsrpknov.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\gpefaowr.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\sqvgnrpx.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\wbxdpgfelor.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\blphcv0rj0e3cj.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\lphcv0rj0e3cj.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\Microsoft\Internet Explorer\Quick Launch\Antispyware-2008.lnk (Rogue.Antispyware) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Ellie\Favorites\Online Security Test.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Desktop\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Desktop\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Favorites\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Favorites\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Carmen Ashe\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.



**********************************










Malwarebytes' RogueRemover
Malwarebytes ©2007 https://www.malwarebytes.org
6526 total fingerprints loaded.

Loading database ...
Expanding environmental variables ...

Scanning files ... [ 100% ].
Scanning folders ... [ 100% ].
Scanning registry keys ... [ 100% ].
Scanning registry values ... [ 100% ].

RogueRemover has detected rogue antispyware components! Results below...

Type: File
Vendor: MalwareWiped
Location: C:\Program Files\MWD\MalwareWiped 5.5\malwarewipe.ini
Selected for removal: Yes

Type: Folder
Vendor: MalwareWiped
Location: C:\Program Files\MWD\MalwareWiped 5.5
Selected for removal: Yes

Type: Folder
Vendor: SpyDawn
Location: C:\Program Files\SpyDawn
Selected for removal: Yes

Type: Folder
Vendor: MalwaresWipeds
Location: C:\Program Files\MalwaresWipeds
Selected for removal: Yes

Type: Registry Key
Vendor: MalwaresWipeds
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DDBC9CF-30B8-8733-7445-754FC2F405F2}
Selected for removal: Yes

Type: Registry Key
Vendor: MalwaresWipeds
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07F8DED2-2140-400E-86F3-6C6E5AD2B002}
Selected for removal: Yes

Type: Registry Key
Vendor: MalwaresWipeds
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23BFD4B1-C4EA-453A-89BD-EC9D536891B3}
Selected for removal: Yes

Type: Registry Key
Vendor: MalwaresWipeds
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D5B03F2-3D12-4BC2-8A89-8D40AFE15190}
Selected for removal: Yes

Type: Registry Key
Vendor: MalwaresWipeds
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2E699B22-FC07-4A9B-B98C-E9B965BFFE7C}
Selected for removal: Yes

Type: Registry Key
Vendor: MalwaresWipeds
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{32C42863-E65F-453C-A8FF-60A8F035F57D}
Selected for removal: Yes

Type: Registry Key
Vendor: MalwaresWipeds
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{350C54AD-E069-454C-A613-CA8154149E7A}
Selected for removal: Yes

Type: Registry Key
Vendor: MalwaresWipeds
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{404A6E3F-1747-4D1B-8285-2C4B8A4B21D4}
Selected for removal: Yes

Type: Registry Key
Vendor: MalwaresWipeds
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{776E27AE-419C-4529-9B18-4E71A5EA64A2}
Selected for removal: Yes

Type: Registry Key
Vendor: MalwaresWipeds
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BC72975-C801-4534-B103-476EF5D0D17D}
Selected for removal: Yes

Type: Registry Key
Vendor: MalwaresWipeds
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BF1461E-228F-4509-8C58-4EB1FBFC19F3}
Selected for removal: Yes

Type: Registry Key
Vendor: MalwaresWipeds
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9ECD20CF-AF6D-40E1-A1B8-7B6BEABB793E}
Selected for removal: Yes

Type: Registry Key
Vendor: MalwaresWipeds
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BC158F0C-319D-42A9-8532-134D746D136D}
Selected for removal: Yes

Type: Registry Key
Vendor: MalwaresWipeds
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BF1A0A91-ABFB-4717-B7B9-D88647EA2529}
Selected for removal: Yes

Type: Registry Key
Vendor: MalwaresWipeds
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C492F812-B194-4C72-81EF-B17D9D973777}
Selected for removal: Yes

Type: Registry Key
Vendor: MalwaresWipeds
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D57FD11F-52DA-42F6-B12E-2447593B402B}
Selected for removal: Yes

Type: Registry Key
Vendor: MalwaresWipeds
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1B13777-B021-41E1-BFE6-896E5C1CF163}
Selected for removal: Yes

Type: Registry Key
Vendor: MalwaresWipeds
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A366DE26-3628-46F9-9ABA-0BD450247999}
Selected for removal: Yes

RogueRemover has found the objects above.



************************************













Logfile of HijackThis v1.99.1
Scan saved at 11:52:59 PM, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Carmen Ashe\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url=https://us.rd.yahoo.com/customize/ycomp/defaults/sp/*https://www.yahoo.com]https://us.rd.yahoo.com/customize/ycomp/defaults/sp/*https://www.yahoo.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://search.alot.com/sidebar?pr=asst&client_id=C9F7811001C858A800239DEB&install_time=16-01-2008:19:32&src_id=11063&tb_version=1.0.3.158&q=&url=https://www.google.com/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url=https://us.rd.yahoo.com/customize/ycomp/defaults/su/*https://www.yahoo.com]https://us.rd.yahoo.com/customize/ycomp/defaults/su/*https://www.yahoo.com[/url]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215476519062
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Posted 7/16/2008 9:42 AM
#63671
User avatar

mystikaal Member

Date Joined Nov 2016
Total Posts: 4
Just an update - everything seems to be fine now. No more pop-ups, and I can now run updates on all programs. Thanks so much for your help! Do the logs show a clean bill of health?
Posted 7/16/2008 1:57 PM
#63680
User avatar

Emilio (SVK) Advanced member

Date Joined Nov 2016
Total Posts: 1162
I expected that after scan with AntiMlaware and RogueRemoverFree you checked all founded threats and pressed Remove Selected...

..so if you are able to update antispyware soft which I suggest you...do that....

Log looks clean....but I recommended to remove Viewpoint

I suggest you check again also with this utility VundoFix 7.00
https://www.atribune.org/ccount/click.php?id=4

1./ Go to Start -> Run -> type taskmgr
2./ Find these processes:
ViewpointService.exe
ViewMgr.exe

3./ Highlight them and than press End Task
4./ Go to Start -> Run -> type services.msc
5./ Find the service called Viewpoint Manager Service -> double-click on it -> in the Properties Window -> General Tab -> press Stop
also change Startup Type -> Disabled -> press Apply -> press OK
6./ Go to Start -> Settings -> Control Panel -> Add/Remove Programs > Remove all soft associated to Viewpoint (Viewpoint, Viewpoint Manager, Viewpoint Media Player)
7./ At the end delete this highlighted folder if exist -> C:\Program Files\Viewpoint
8./ Run VundoFix -> press Scan for Vundo -> after that Fix Vundo
9./ Scan again with RogueRemoverFree and AntiMalware (dont forget for check and remove all threats which will be found)
10./ Restart
11./ Post fresh log from Hijackthis (for sure :) )

I think it will be everything OK after that....
Emilio[sup]29[/sup]

>Hijackthis<>FireFox<
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, December 1, 2022, 11:16 AM (GMT +1)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
89 Guest(s), 0 Registered Member(s) are currently online.