Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Popups and Redirected to advertising sites

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Popups and Redirected to advertising sites

Unread postby mikeyewz » April 2nd, 2007, 1:11 pm

Hi, I have recently encountered irritating popups and redirections to advertising sites such as winantiviruspro 2007, http://www.debt-solution.co.uk and http://www.amaena.com. Any idea how I can stop this from happening.
Thanks, Mike.
mikeyewz
Active Member
 
Posts: 3
Joined: April 2nd, 2007, 1:07 pm
Advertisement
Register to Remove

Unread postby beynac » April 2nd, 2007, 1:14 pm

Hi Mike.

Welcome to Malware Removal forum.

Please download HJTsetup.exe from here and save it to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch HijackThis.
  • Click on the Do a system scan and save a log file button.
  • It will scan and then the log will open in notepad.
  • Paste the log as a reply to this thread.
Do NOT have HijackThis fix anything yet.

--------------------------------------------------------------------

F-Secure BlackLight

Please download F-Secure Blacklight (blbeta.exe) from here.
  • Click I ACCEPT and download the graphical user interface version to your Desktop
  • Double click the file to run it, choose I accept the agreement then click Scan
  • It will create a log on your desktop (fsbl-date/time.log).
  • If it finds anything, do not rename any. Legitimate items can also be present.
  • Exit Blacklight
Please post the contents of the log as a reply to this thread.

----------------------------------------------------

Please post, as a reply to this thread:
  • The Blacklight report
  • A HijackThis log
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby mikeyewz » April 2nd, 2007, 1:39 pm

Logfile of HijackThis v1.99.1
Scan saved at 18:23:42, on 02/04/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
O2 - BHO: (no name) - {9167363B-73F8-496C-B72C-56BFFDD4E6FF} - C:\WINDOWS\System32\byvvw.dll (file missing)
O2 - BHO: (no name) - {B8E24A75-E444-4200-B908-45D4BF25B2C2} - C:\WINDOWS\System32\ssqnk.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\dfljlucy.dll",setvm
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


04/02/07 18:26:12 [Info]: BlackLight Engine 1.0.61 initialized
04/02/07 18:26:12 [Info]: OS: 5.1 build 2600 ()
04/02/07 18:26:12 [Note]: 7019 4
04/02/07 18:26:12 [Note]: 7005 0
04/02/07 18:26:22 [Note]: 7006 0
04/02/07 18:26:22 [Note]: 7011 1112
04/02/07 18:26:22 [Note]: 7026 0
04/02/07 18:26:22 [Note]: 7026 0
04/02/07 18:26:25 [Note]: FSRAW library version 1.7.1021
04/02/07 18:37:27 [Note]: 7007 0
mikeyewz
Active Member
 
Posts: 3
Joined: April 2nd, 2007, 1:07 pm

Unread postby beynac » April 2nd, 2007, 1:58 pm

Hi Mike.

It looks as if VundoFix made a good start on getting rid of the malware. However, you are currently using an unpatched version of Windows XP and are, thus, wide open to infections. It is CRITICAL that you update to Service Pack 1a immediately, so that we are not wasting our time. You can get SP1a here.

Do not update to SP2 yet. It is important that this is done after we are sure that your machine is clean.

------------------------------------------------------------------------

Once you have SP1a installed, we need to run VundoFix again. Please delete the copy that you already have and download it again. This is to ensure that you have the most up-to-date version.

VundoFix

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • It will create a report named vundofix.txt on your main drive (C:\vundofix.txt)
Note: It is possible that VundoFix may encounter a file it cannot remove.
In this case, VundoFix will run on reboot Simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

----------------------------------------------------------------------

Please post, as a reply to this thread:
  • The VundFix report (C:\vundofix.txt)
  • A new HijackThis log
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby mikeyewz » April 2nd, 2007, 4:49 pm

Running VundoFix again seemd to have solved the problem! I will download updates to my PC ASAP.
Thanks very much!
Mike.
mikeyewz
Active Member
 
Posts: 3
Joined: April 2nd, 2007, 1:07 pm

Unread postby beynac » April 2nd, 2007, 5:50 pm

Hi Mike.

Running VundoFix again will not have got rid of all of the malware. You still have a serious infection on your computer and I cannot help you until you install SP1a.

If you want me to help you, please update and then post a HijackThis log and the VundoFix report.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby NonSuch » April 9th, 2007, 5:05 am

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27299
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware