I have some very interesting spyware/malware......

Discussion in 'OT Technology' started by Frank N. Beans, Jul 14, 2008.

  1. Frank N. Beans

    Frank N. Beans I hate BMW's OT Supporter

    Joined:
    Jul 20, 2004
    Messages:
    3,001
    Likes Received:
    2
    Location:
    Durham, NC
    Never seen or heard of it before.

    Take for instance, OT. Look at the top of this page.........you see the two side by side banners for advertisors? This spy/mal-ware actually replaces those with spamming banners. Some make noises and talk......like those ads we all hate. I can refresh the screen......and it will randomly show the correct banners (paying advertisors). Its pretty much hit or miss on which one shows up though.

    Anyone heard or seen this before? I am not sure if it is a vBulletin thing or what, but since the majority of the boards I frequent are vB, I have noticed it on all of them.

    TIA for any help/advice. If anyone would like to help, let me know if you would like to see a HJT file. :sadwavey:
     
  2. trouphaz

    trouphaz New Member

    Joined:
    Sep 22, 2003
    Messages:
    2,666
    Likes Received:
    0
    have you tried adaware or any other spyware/malware scanners? how about anti-virus? avast and avg are free.
     
  3. MSTRBKR

    MSTRBKR New Member

    Joined:
    Dec 18, 2007
    Messages:
    7,584
    Likes Received:
    0
    Location:
    Cydonia
  4. Frank N. Beans

    Frank N. Beans I hate BMW's OT Supporter

    Joined:
    Jul 20, 2004
    Messages:
    3,001
    Likes Received:
    2
    Location:
    Durham, NC
    I downloaded and ran the newest version of Spybot, and it found 3 significant items that required a reboot with a full scan during startup. The scan took about an hour, and it said it fixed the problems.

    Now, IE is REALLY slow.......and the problems I started with are still there as well. I know most of you will praise Firefox, but I prefer IE so save the replies. :wavey:

    Anyone have any other suggestions?
     
  5. trouphaz

    trouphaz New Member

    Joined:
    Sep 22, 2003
    Messages:
    2,666
    Likes Received:
    0
    try others. no one scanner is perfect. sometimes one will catch/repair something that another misses. try avast and avg as well as adaware.
     
  6. Frank N. Beans

    Frank N. Beans I hate BMW's OT Supporter

    Joined:
    Jul 20, 2004
    Messages:
    3,001
    Likes Received:
    2
    Location:
    Durham, NC
    I will Paypal someone some cash to get rid of this. :o
     
  7. thebox

    thebox New Member

    Joined:
    Feb 22, 2005
    Messages:
    45,695
    Likes Received:
    0
    Location:
    Seattle
    run superantispyware

    i see this catch a lot of shit :dunno:
     
  8. dorkultra

    dorkultra OT's resident crohns dude OT Supporter

    Joined:
    Oct 14, 2005
    Messages:
    22,735
    Likes Received:
    26
    Location:
    yinzer / nilbog, trollhio
    buying a sub will also fix the problem. i see no ads.

    just kidding, run hijackthis and post the outcome here
     
  9. Frank N. Beans

    Frank N. Beans I hate BMW's OT Supporter

    Joined:
    Jul 20, 2004
    Messages:
    3,001
    Likes Received:
    2
    Location:
    Durham, NC
    Well executed joke. I actually chuckled. :bigthumb:

    Here ya go....

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:23:53 PM, on 7/15/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\helper.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O18 - Filter hijack: text/html - {ae4ef06c-ecd9-4366-858e-82fa2f8b11aa} - C:\WINDOWS\system32\iehlpr32.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    --
    End of file - 6342 bytes
     
  10. Frank N. Beans

    Frank N. Beans I hate BMW's OT Supporter

    Joined:
    Jul 20, 2004
    Messages:
    3,001
    Likes Received:
    2
    Location:
    Durham, NC
    TTT

    Anyone heard of this yet? I've now got them on about every message board I go to that has advertisement banners. I even got one of the spam ad's in someone signature......the picture was hosted by Photobucket FWIW.

    :x:
     
  11. Frank N. Beans

    Frank N. Beans I hate BMW's OT Supporter

    Joined:
    Jul 20, 2004
    Messages:
    3,001
    Likes Received:
    2
    Location:
    Durham, NC
    FWIW, whenever I get one of these spam ad's........it is some sort of flash. I can right click on a 'normal' advertisement banner......and actually see the properties and such, but when I try to right click on a spam banner......it has the flash menu options...

    [​IMG]
     
  12. trouphaz

    trouphaz New Member

    Joined:
    Sep 22, 2003
    Messages:
    2,666
    Likes Received:
    0
    question... what exactly have you done thus far? all you say you've done is run spybot and hijackthis. have you run adaware? how about installing and running a full scan with avast or AVG virus scans?

    eventually you'll probably have to wipe your system and fresh install.
     
  13. Frank N. Beans

    Frank N. Beans I hate BMW's OT Supporter

    Joined:
    Jul 20, 2004
    Messages:
    3,001
    Likes Received:
    2
    Location:
    Durham, NC
    Yup did Ad-Aware also. I am prolly just gonna reformat.......this shit is a PITA.
     
  14. TheRider

    TheRider Geeky OT Supporter

    Joined:
    Jan 27, 2002
    Messages:
    7,361
    Likes Received:
    8
    Location:
    San Diego
    iehlpr32.dll
     
  15. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    Heh...you're still running Internet Exploder.
     
  16. Doomsday

    Doomsday XXX

    Joined:
    Mar 14, 2000
    Messages:
    14,902
    Likes Received:
    0
    Location:
    Minnesota
    those are the nasties
     
  17. Frank N. Beans

    Frank N. Beans I hate BMW's OT Supporter

    Joined:
    Jul 20, 2004
    Messages:
    3,001
    Likes Received:
    2
    Location:
    Durham, NC
    Deleted and fixed.

    Thanks a ton.....you don't even know. :rofl:

    :bowdown::bowdown::bowdown::bowdown:
     

Share This Page