Recommended Driver Scanner

Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Noticeboard
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Closed] keylogger and 2 adware

[Fixed] Hijackthis! Logs - [Closed] keylogger and 2 adware posted in the Security & Safety forums; activescan results: Adware:adware/superspider Not disinfected Windows Registry Adware:adware/toolbarsimbar Not disinfected Windows Registry Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\8fi81x7a.default\coo kies.txt[.statcounter.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\8fi81x7a.default\coo kies.txt[.com.com/] Spyware:Cookie/Zedo Not ...

JOIN US NOW to remove these Ads

Post New Thread  Closed Thread
Page 2 of 3 < 1 2 3 >
  #8  
Old 12-30-2006
Bronze Member
  
Join Date: Dec 2006
Posts: 10
fijidave12 - See this Members User comments on their Profile page
Default
activescan results:

Adware:adware/superspider Not disinfected Windows Registry
Adware:adware/toolbarsimbar Not disinfected Windows Registry
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\8fi81x7a.default\coo kies.txt[.statcounter.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\8fi81x7a.default\coo kies.txt[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\8fi81x7a.default\coo kies.txt[.zedo.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\8fi81x7a.default\coo kies.txt[.as-us.falkag.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\8fi81x7a.default\coo kies.txt[.atwola.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\8fi81x7a.default\coo kies.txt[.adrevolver.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\8fi81x7a.default\coo kies.txt[www.burstbeacon.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\8fi81x7a.default\coo kies.txt[.burstnet.com/]
Adware:Adware/EMediaCodec Not disinfected C:\Documents and Settings\Dave\Application Data\Thunderbird\Profiles\dc8q1x4n.default\Mail\ma il.ttufiji.com\Sent[Desktop.rar][Microsoft.Windows.Media.Center.Edition.2005.Activa tion.Crack.exe][run.exe]
Adware:Adware/EMediaCodec Not disinfected C:\Documents and Settings\Dave\Application Data\Thunderbird\Profiles\dc8q1x4n.default\Mail\ma il.ttufiji.com\Sent[Desktop.rar][mce05cr2.exe][run.exe]
Adware:Adware/EMediaCodec Not disinfected C:\Documents and Settings\Dave\Application Data\Thunderbird\Profiles\pd964ya7.Dave-Work\Mail\mail.ttufiji.com\Sent[Desktop.rar][Microsoft.Windows.Media.Center.Edition.2005.Activa tion.Crack.exe][run.exe]
Adware:Adware/EMediaCodec Not disinfected C:\Documents and Settings\Dave\Application Data\Thunderbird\Profiles\pd964ya7.Dave-Work\Mail\mail.ttufiji.com\Sent[Desktop.rar][mce05cr2.exe][run.exe]
Potentially unwanted tool:Application/FileProtec.A
-----------------------------------

spy sweeper log: (most recent)
3:40 AM: Access to Hosts file allowed for C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
3:39 AM: Access to Hosts file allowed for C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
3:07 AM: Traces Found: 2
3:07 AM: Full Sweep has completed. Elapsed time 00:39:49
3:07 AM: File Sweep Complete, Elapsed Time: 00:33:05
2:56 AM: Warning: Failed to open file "d:\tv\recorded tv\thumbs.db:encryptable". The operation completed successfully
2:52 AM: Warning: Failed to open file "c:\documents and settings\dave\application data\mozilla\firefox\profiles\8fi81x7a.default\par ent.lock". The operation completed successfully
2:34 AM: Starting File Sweep
2:34 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
2:34 AM: Starting Cookie Sweep
2:34 AM: Registry Sweep Complete, Elapsed Time:00:00:13
2:34 AM: HKLM\system\controlset001\enum\root\legacy_cmdserv ice\ (ID = 1556665)
2:34 AM: HKLM\system\currentcontrolset\enum\root\legacy_cmd service\ (ID = 1016072)
2:34 AM: Found Adware: command
2:34 AM: Starting Registry Sweep
2:34 AM: Memory Sweep Complete, Elapsed Time: 00:06:28
Operation: File Access
Target:
Source: C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
2:28 AM: Tamper Detection
2:27 AM: Starting Memory Sweep
2:27 AM: Start Full Sweep
2:27 AM: Sweep initiated using definitions version 827
2:27 AM: Spy Sweeper 5.2.3.2138 started
2:27 AM: | Start of Session, Saturday, December 30, 2006 |
---------------------------------------------------------------


i also have adaware and spybot s&d....but they didnt detect the couple issues that i had previously had though---which i thought was strange. (and yes, i had updated them)

edited: i had spybot s&d not ad-aware--used it in the past, but must not have reinstalled


Last edited by fijidave12; 12-30-2006 at 08:08 PM.
  #9  
Old 12-31-2006
chiaz's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Singapore
Posts: 2,854
PC Experience: PC Guru
chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page
Default
  • Click Start » Run » type: Notepad » OK
  • Copy (Ctrl+C) and paste (Ctrl+V) the following text inside the quote box below (starting with REGEDIT4) to Notepad.
REGEDIT4

[-HKLM\system\controlset001\enum\root\legacy_cmdserv ice\]
[-HKLM\system\currentcontrolset\enum\root\legacy_cmd service\]
  • Make sure there are no black spaces before REGEDIT4 and there should be one blank line at the end.
  • Click File at the top and then choose Save As.
  • Change Save As Type to All Files.
  • Name it FixME.reg and save it on your desktop.
  • Its icon should look like this :
  • Double click FixME.reg. It will ask you if you want to merge it to the registry, click Yes.

Delete:
C:\Documents and Settings\Dave\Application Data\Thunderbird\Profiles\dc8q1x4n.default\Mail\ma il.ttufiji.com\Sent


Last edited by chiaz; 12-31-2006 at 03:40 AM.
  #10  
Old 12-31-2006
Bronze Member
  
Join Date: Dec 2006
Posts: 10
fijidave12 - See this Members User comments on their Profile page
Default
ran the fix...no go. rebooted in safe mode...ran it. still no go....
  #11  
Old 12-31-2006
chiaz's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Singapore
Posts: 2,854
PC Experience: PC Guru
chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page
Default
Is there any error message?
  #12  
Old 12-31-2006
Bronze Member
  
Join Date: Dec 2006
Posts: 10
fijidave12 - See this Members User comments on their Profile page
Default
no error msg....
---------------------------
Registry Editor
---------------------------
Information in C:\Documents and Settings\Dave\Desktop\fixme.reg has been successfully entered into the registry.
---------------------------
OK
---------------------------


i looked at the text to be copied and noticed there were spaces at the end. created a new .reg and ran it....same results
---------------------------
Registry Editor
---------------------------
Information in C:\Documents and Settings\Dave\Desktop\fixme2.reg has been successfully entered into the registry.
---------------------------
OK
---------------------------


thanks for being patient and trying to help solve this. most of the time, i can read around and fix issues like this myself. but with the keylogger and then this adware, i had no clue. keylogger-removed....1 of 2 adware removed.


Last edited by fijidave12; 12-31-2006 at 06:47 AM.
  #13  
Old 12-31-2006
chiaz's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Singapore
Posts: 2,854
PC Experience: PC Guru
chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page
Default
Missed out one.
  • Click Start » Run » type: Notepad » OK
  • Copy (Ctrl+C) and paste (Ctrl+V) the following text inside the quote box below (starting with REGEDIT4) to Notepad.
REGEDIT4

[-HKU\S-1-5-21-1004336348-299502267-725345543-1003\software\microsoft\windows\currentversion\ext \stats\{a26abcf0-1c8f-46e7-a67c-0489dc21b9cc}\]
  • Make sure there are no black spaces before REGEDIT4 and there should be one blank line at the end.
  • Click File at the top and then choose Save As.
  • Change Save As Type to All Files.
  • Name it FixME2.reg and save it on your desktop.
  • Its icon should look like this :
  • Double click FixME2.reg. It will ask you if you want to merge it to the registry, click Yes.
  #14  
Old 12-31-2006
Bronze Member
  
Join Date: Dec 2006
Posts: 10
fijidave12 - See this Members User comments on their Profile page
Default
ran both reg fixes---went to safe mode also to run them. only the second one changed the registry. nothing changed w/ the first one. ran spy sweeper again...excerpt from log:

2:44 PM: HKLM\system\controlset001\enum\root\legacy_cmdserv ice\ (ID = 1556665)
2:44 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmd service\ (ID = 1016072)
2:44 PM: Found Adware: command
2:44 PM: Starting Registry Sweep

do you need any new versions of logs? also no error msgs....everything ran as if it were 'fixed'.

Closed Thread
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 2 of 3 < 1 2 3 >

Bookmarks

« [Resolved] my moms machine is like a dial up on qualudes | [Resolved] Major spyware problem »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top
All times are GMT +1. The time now is 11:51 PM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top