Recommended Driver Scanner

Member Panel

Remember me ?

Forgot password?   

Join the PC Help Forum Team

Join PC Help Forum on Facebook

Join the PCHF Distributed Computing Teams

Try the NEW PC Help Forum Dark style

Link to PCHF from other parts of the Internet
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Pending] AIM

[Fixed] Hijackthis! Logs - [Pending] AIM posted in the Security & Safety forums; Looks like its a removal tool for "Adware.BlockChecker" http://securityresponse.symantec.com...ckchecker.html...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 2 of 2 < 1 2
  #8  
Old 10-04-2005
joe5's Avatar
Elite Member
My PC
 
Join Date: Jun 2005
Location: Netherlands
Posts: 9,036
joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page
Default Re: AIM


Looks like its a removal tool for "Adware.BlockChecker"

http://securityresponse.symantec.com...ckchecker.html


__________________
- PCHF Team. - (NL) - Mal-ware Eradicator! -
  #9  
Old 10-04-2005
ladygreenwitch's Avatar
HR Director
My PC
 
Join Date: Jul 2005
Location: Bay Area California
Posts: 5,778
PC Experience: PC Illiterate
ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page
Default Re: AIM
:kiss: Thanks Joe.

T
  #10  
Old 10-04-2005
Elite Member
  
Join Date: Aug 2005
Posts: 426
PC Experience: Some Experience
PraiseJah - See this Members User comments on their Profile page
Send a message via AIM to PraiseJah
Default Re: AIM
Logfile of HijackThis v1.99.1
Scan saved at 3:11:18 PM, on 10/4/2005
Platform: Windows XP? (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)
Attached Files
File Type: txt log.txt (60.8 KB, 2 views)


__________________
PCHF Rules
  #11  
Old 10-04-2005
joe5's Avatar
Elite Member
My PC
 
Join Date: Jun 2005
Location: Netherlands
Posts: 9,036
joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page
Default Re: AIM


Almost all of what Ewido found are files in system restore points , that should have been disabled by now.

WinXP.

Click the Start button.
Right-click My Computer, and then click Properties.
On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.

After that boot in safemode again and fix this one with hjt:

O4 - Global Startup: winlogin.exe
Then do a search for "winlogin.exe" and delete all that you find , after that run Ccleaner.

Reboot and post a new log please.


Also you should update windows to atleast sp1 , and install a firewall. Have a look in the download section for some free firewall's.



__________________
- PCHF Team. - (NL) - Mal-ware Eradicator! -
  #12  
Old 10-04-2005
Silver Member
  
Join Date: Oct 2005
Location: St Ives, Cornwall
Posts: 104
PC Experience: PC Illiterate
Mere_Mortal - See this Members User comments on their Profile page
Default Re: AIM
Originally Posted by joe5
Looks like its a removal tool for "Adware.BlockChecker"

http://securityresponse.symantec.com...ckchecker.html
Correct. Identified by this line...

O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINNT\System32\navshext1.dll

I also stupidly clicked on a suspicious AIM link that was sent to me
Most likely the source of this malware. It's one of those that sends a message to everybody online, at least with MSN but not sure about AIM.

If at all anything appears in Add/Remove Programs for Block-Checker, System Process or anything related, I do not recommend using the facility to "uninstall" the program, for it will in fact install further Adware. Using the BlockRem tool will in theory remove all traces, including the entry in Add/Remove.

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 2 of 2 < 1 2

Bookmarks

« [FIXED] no internet access | [Pending] slow slow slow »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top
All times are GMT +1. The time now is 05:44 AM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top