help!! warning: spyware threat has been detected on your pc

Discussion in 'OT Technology' started by misha720, Mar 24, 2008.

  1. misha720

    misha720 New Member

    Joined:
    Sep 25, 2007
    Messages:
    12,083
    Likes Received:
    0
    please help!! this is on my daughters computer and i cant get rid of it. any suggestions? :x:
     
  2. Doomsday

    Doomsday XXX

    Joined:
    Mar 14, 2000
    Messages:
    14,902
    Likes Received:
    0
    Location:
    Minnesota
    use ad-aware, spybot, hijackthis
    if all else fail, post pics of daughter, then format
     
  3. misha720

    misha720 New Member

    Joined:
    Sep 25, 2007
    Messages:
    12,083
    Likes Received:
    0
    i dont understand hijackthis :wtc:
     
  4. retorq

    retorq What up bitch??

    Joined:
    Dec 14, 2006
    Messages:
    6,061
    Likes Received:
    0
    Location:
    Mohave Desert
    Run the first two, then worry about hijack this ...
     
  5. misha720

    misha720 New Member

    Joined:
    Sep 25, 2007
    Messages:
    12,083
    Likes Received:
    0

    i have and its still there
     
  6. Doomsday

    Doomsday XXX

    Joined:
    Mar 14, 2000
    Messages:
    14,902
    Likes Received:
    0
    Location:
    Minnesota
    run hijackthis, scan and save a logfile.
    copy paste the log here in OT.

    also scan for viruses. some are classified as trojans.
     
  7. CodeX

    CodeX Guest

    you are doomed, it's all over, you might as well go down to walmart to replace that computer of yours, the hackers win.
     
  8. misha720

    misha720 New Member

    Joined:
    Sep 25, 2007
    Messages:
    12,083
    Likes Received:
    0
    :slap:
     
  9. misha720

    misha720 New Member

    Joined:
    Sep 25, 2007
    Messages:
    12,083
    Likes Received:
    0
    i bought that computer used for my daughter so im not really surprised is has issues. heres the log.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:04:57 PM, on 3/24/2008
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\sbwltbxa.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
    C:\WINDOWS\System32\regsvr32.exe
    C:\Program Files\TrojanHunter 5.0\THGuard.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\WINDOWS\System32\snmp.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\McAfee\MSC\mcshell.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Program Files\Spybot - Search & Destroy\Updates\sbsd152upd.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\DOCUME~1\home\LOCALS~1\Temp\is-E9IJ7.tmp\sbsd152upd.tmp
    C:\WINDOWS\System32\service.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
    O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
    O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
    O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
    O2 - BHO: (no name) - {3C8D9FDC-9268-453F-9E04-FAECFFCD26E2} - C:\Program Files\Common Files\wogeC:\DOCUME~1\home\LOCALS~1\Temp\CEMG555077.exe.dll (file missing)
    O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
    O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
    O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
    O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
    O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
    O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {b646a38e-1dd1-11b2-8eb6-db4d02c22a5f} - C:\WINDOWS\afwtspap.dll
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
    O2 - BHO: (no name) - {E81A7771-5CC7-4527-831E-158CE88C72BE} - C:\Program Files\Common Files\wogeC:\DOCUME~1\home\LOCALS~1\Temp\CEMG555077.exe.dll (file missing)
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"
    O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\System32\service.exe
    O4 - HKLM\..\Run: [mbqnipqv] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\mbqnipqv.dll"
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
    O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
    O21 - SSODL: DrvWin - {7e8c5467-197a-44be-96c4-0c03f289b0bc} - C:\WINDOWS\Installer\{7e8c5467-197a-44be-96c4-0c03f289b0bc}\DrvWin.dll (file missing)
    O21 - SSODL: DrvChk - {0005c005-fc0a-4bb2-9166-c9c1406a14cd} - C:\WINDOWS\Installer\{0005c005-fc0a-4bb2-9166-c9c1406a14cd}\DrvChk.dll (file missing)
    O21 - SSODL: zip - {3bec1d98-afeb-4ac5-8111-636905437cf9} - C:\WINDOWS\Installer\{3bec1d98-afeb-4ac5-8111-636905437cf9}\zip.dll (file missing)
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

    --
    End of file - 8121 bytes
     
  10. dissonance

    dissonance reset OT Supporter

    Joined:
    May 23, 2006
    Messages:
    5,652
    Likes Received:
    1
    Location:
    KS
    What is telling you that there is spyware detected on the PC?
     
  11. Doomsday

    Doomsday XXX

    Joined:
    Mar 14, 2000
    Messages:
    14,902
    Likes Received:
    0
    Location:
    Minnesota
    well,... there's a lot of problems.

    go to this site: http://www.hijackthis.de/
    copy paste the log to the text box and hit anaylze

    when you see the results,... look at the 'Xs' and '?s', check the comments on the ones with checks too.
    those are the "possible" problems. "Possible" because the item with an X or ? could be a false positive, meaning it could be detected as spyware but is actually valid.

    what you need to do is run hijackthis again,... this time, do a system scan only.
    when the list is displayed, place a checkbox to those you want to be removed/fixed. *** IMPORTANT ***: Again, some could be false positives so you have to be very careful of what you select. if you are not sure, hit the "info on selected item" or google it.

    once you are done, hit "fixed checked" button.
    then reboot, then scan again.
     
  12. Ricky

    Ricky █▄ █▄█ █▄ ▀█▄

    Joined:
    Jun 17, 2005
    Messages:
    38,767
    Likes Received:
    6
    did you beat her yet ? :x:

    pics ? :x:
     
  13. Doc Brown

    Doc Brown Don't make me make you my hobby

    Joined:
    Mar 31, 2006
    Messages:
    16,404
    Likes Received:
    0
    Location:
    Ohio
    I can't say as I've ever seen that many browser helper objects before.

    :eek3:
     
  14. retorq

    retorq What up bitch??

    Joined:
    Dec 14, 2006
    Messages:
    6,061
    Likes Received:
    0
    Location:
    Mohave Desert
    I think you may be onto something.

     
  15. misha720

    misha720 New Member

    Joined:
    Sep 25, 2007
    Messages:
    12,083
    Likes Received:
    0
    thank you :kiss:
     
  16. CodeX

    CodeX Guest

    This is what a healthy systems hijackthis log should look like:

    Code:
    Logfile of HijackThis v1.99.1
    Scan saved at 6:13:52 PM, on 3/25/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    
    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\Aston\aston.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\HijackThis\hijackthis.exe
    
    F2 - REG:system.ini: Shell=C:\Aston\aston.exe ,svchost.exe
    Yes that is the actual log from my system.
     
  17. misha720

    misha720 New Member

    Joined:
    Sep 25, 2007
    Messages:
    12,083
    Likes Received:
    0
    hers is totally fucked up. im trying to get her pics off then im gonna reformat i guess. :dunno:
     
  18. kuzikan

    kuzikan New Member

    Joined:
    Dec 26, 2004
    Messages:
    482
    Likes Received:
    0
    dont forget to post them on here
     
  19. Doomsday

    Doomsday XXX

    Joined:
    Mar 14, 2000
    Messages:
    14,902
    Likes Received:
    0
    Location:
    Minnesota
    who's hotter? you or her? :naughty:
     
  20. pyehac

    pyehac if she's old enough to cross the street, she's old

    Joined:
    Sep 20, 2006
    Messages:
    5,230
    Likes Received:
    0
    Location:
    Hawaii
    download and run smitfraudfix before you reformat, and see if that does anything
     
  21. Mikey D

    Mikey D New Member

    Joined:
    Oct 13, 2002
    Messages:
    6,666
    Likes Received:
    0
    Location:
    Royal Oak, MI
    This is the correct answer for that spyware pop up, father in law had the same issue on his computer.
     
  22. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    Don't give me that shit. You can't possibly be stupid enough to have trimmed down your machine to the point that it offers no useful services whatsoever, but loaded an unstable aftermarket shell in place of Explorer.
     
  23. misha720

    misha720 New Member

    Joined:
    Sep 25, 2007
    Messages:
    12,083
    Likes Received:
    0
    14 will get you 20 :squint::rofl:
     
  24. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    I believe you were looking for the "hahano" smiley: :hahano:
     
  25. misha720

    misha720 New Member

    Joined:
    Sep 25, 2007
    Messages:
    12,083
    Likes Received:
    0

    yeah that one works
     

Share This Page