Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

believe i have tinyproxy.exe on my comp.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: believe i have tinyproxy.exe on my comp.

Unread postby helpohio » December 6th, 2008, 6:49 pm

here you go Odd, thanks!


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, December 6, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, December 06, 2008 17:06:00
Records in database: 1440582
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 81208
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:28:30


File name / Threat name / Threats count
C:\WINDOWS\system32\890166\890166.dll Infected: not-a-virus:AdWare.Win32.E404.iy 1
C:\_OTMoveIt\MovedFiles\12032008_202720\Program Files\tinyproxy\tinyproxy.exe Infected: Trojan-Proxy.Win32.Agent.bcw 1

The selected area was scanned.
helpohio
Regular Member
 
Posts: 29
Joined: November 22nd, 2008, 8:12 pm
Advertisement
Register to Remove

Re: believe i have tinyproxy.exe on my comp.

Unread postby Odd dude » December 7th, 2008, 6:05 am

Hi again,

Feed this script to OTMoveIt3 like you did before and post the log.
Code: Select all
:Files
C:\WINDOWS\system32\890166


Post the log from OTMoveIt and a new hijackthis log, along with a description of how the computer is running.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: believe i have tinyproxy.exe on my comp.

Unread postby helpohio » December 7th, 2008, 2:23 pm

Computer seems to be slow between web pages and colors/websites still look funky. ill try to do some print screens as examples in another post..

move it log


Error: Unable to interpret <Code:> in the current context!
========== FILES ==========
C:\WINDOWS\system32\890166 moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 120


hijack..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:50 PM, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Wend\Desktop\OTMoveIt3.exe
C:\Documents and Settings\Wend\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... channel=us
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9876 bytes
helpohio
Regular Member
 
Posts: 29
Joined: November 22nd, 2008, 8:12 pm

Re: believe i have tinyproxy.exe on my comp.

Unread postby Odd dude » December 7th, 2008, 3:20 pm

Computer seems to be slow between web pages and colors/websites still look funky. ill try to do some print screens as examples in another post..

Yes print screens would be helpful.

Your hijackthis is clean. Kaspersky was clean as well (there was one leftover but I just nuked that).

This does not look like a malware issue to me anymore. We can run this last scan to be sure:

Blacklight
Download F-Secure Blacklight to the root of your drive (usually C:\).
  • Click Start > Run and copy & paste the following:
    Code: Select all
    \fsbl /expert
  • Then click OK
  • Click I accept the agreement, then Scan to start the scan
  • After the scan has finished, EXIT Blacklight. Do not choose to rename any items, because legitimate items might be present!
  • Post the fsbl-xxxxxxx.log logfile that was made (can be found in the same directory as Blacklight). xxxxxxx are numbers representing the current date.

But I don't expect it to find anything.

This is about the deepest we can go. If the Blacklight log is clean, I will have to say this is no longer a malware issue.

Please post back the log from Blacklight and a new Uninstall List from HijackThis per these instructions:

Make an Uninstall List
I need you to create an uninstall list so I can further analyze your situation.

  • Start HijackThis.
  • Click Open the Misc Tools section
  • Click Open Uninstall Manager
  • Click Save list...
  • Save the list to your desktop, or any other convenient place.

Also if you have any print screens from the 'funky' stuff, please attach one or two (though no more than two) in your next post.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: believe i have tinyproxy.exe on my comp.

Unread postby helpohio » December 7th, 2008, 3:39 pm

says can't find \fsbl
helpohio
Regular Member
 
Posts: 29
Joined: November 22nd, 2008, 8:12 pm

Re: believe i have tinyproxy.exe on my comp.

Unread postby Odd dude » December 7th, 2008, 4:17 pm

Did you save the file to C:\ with a name of fsbl.exe?
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: believe i have tinyproxy.exe on my comp.

Unread postby helpohio » December 9th, 2008, 9:26 pm

got fbsl to work..never saw a log. It did say nothing was found.

uninstall list

32 Bit HP CIO Components Installer
Adobe Flash Player Plugin
AOL Instant Messenger
AOLIcon
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
avast! Antivirus
Banctec Service Agreement
BlackBerry Desktop Software 4.0.1
BlackBerry Desktop Software 4.0.1
Bonjour
Canon PIXMA iP6000D
Chicken Invaders 3 - Revenge of the Yolk (remove only)
Clifford Learning Activities
Conexant HDA D110 MDC V.92 Modem
Dell Digital Jukebox Driver
Dell Game Console
Dell Media Experience
Dell Support Center
DellConnect
DellSupport
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
EducateU
ELIcon
ERUNT 1.1j
Games, Music, & Photos Launcher
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPSSupply
Intel(R) PROSet/Wireless Software
InterActual Player
iTunes
Java(TM) 6 Update 10
Learn2 Player (Uninstall Only)
LiveUpdate 2.6 (Symantec Corporation)
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.4)
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mWMI
mXML
mZConfig
Netflix Movie Viewer
NetWaiting
NetZeroInstallers
Neverwinter Nights Platinum Edition
PowerDVD 5.7
Print Server Driver
QuickSet
QuickTime
RealPlayer Basic
Scholastic Phonics Booster Books
Search Assist
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Shutterfly Plugin
Skype™ 3.6
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Synaptics Pointing Device Driver
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
WebCyberCoach 3.2 Dell
WildTangent Web Driver
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WordPerfect Office 12
World of Warcraft
helpohio
Regular Member
 
Posts: 29
Joined: November 22nd, 2008, 8:12 pm

Re: believe i have tinyproxy.exe on my comp.

Unread postby Odd dude » December 10th, 2008, 10:23 am

This is good news. Everything you posted is looking very good.
There is no more malware on your system! (Or at least as far as I can tell). If you still have any remaining issues, they're not likely to be caused by malware. These issues can be taken to general support forums such as http://www.bleepingcomputer.com

There are only two things left for you to do now: the standard cleanup procedure & the installation of a firewall.

Install a firewall
There is no firewall installed on your computer!
Either that, or you're using Windows Firewall, which is not a good idea.

Firewalls are programs that monitor incoming and outcoming connections to your computer. Did you know that, just by connecting to the internet, you are being exposed to hundreds of treats immediately? The way to solve this, is to use a firewall, and up-to-date antivirus software.

Windows Firewall only monitors incoming connections. This means that, once you are infected, the malware is free to ask for new instructions, send private data to its creator, or invite its malware buddies to come over. In other words: it's almost as good as no firewall at all.

Download a free for personal use firewall NOW from one of these sources:
COMODO Personal Firewall
Online Armor Free

(COMODO also bundles antivirus - please don't install that as you already use avast).

Rehide hidden files and folders
Now let's check some settings.

  • Open the Control Panel (Start > Control Panel)
  • Double-click Folder Settings
  • On the View tab, check Hide protected system files (recommended).
  • Uncheck Show the contents of system directories
  • Check Hide extensions for known file types
  • Scroll down and choose Do not show hidden files and folders
  • Press OK to save changes.

Purge System Restore
We've now arrived at the stage where we can clean the System Restore points. Malware can easily hide itself in System Restore points. This is BAD. While inside the restore point, it is completely harmless. But once you restore from that restore point, the malware will spread again.
To purge System Restore, please do the following:
  • First, launch System Restore (Start > All Programs > Accessories > System Tools > System Restore).
  • Choose the second option: Create a restore point. Name it something like All Clean.

    Now, for the actual purging:

  • Click Start > All Programs > Accessories > Disk Cleaner.
  • Wait for the program to load... this will take a few seconds.
  • Click the More Options tab, and click the Cleanup button under the System Restore heading. Click Yes if you're prompted whether you're sure.

  • Don't close the program yet.


Clean up some more leftovers
  • Get back to the previous tab. Tick the following items:
    • Temporary Internet Files
    • Offline Web Pages
    • Recycle Bin
    • Temporary Files
    • WebClient/Publisher temporary files
  • Click OK. If you're asked whether you're sure, click Yes.


Clean with OTMoveIt
Open OTMoveIt3 and click CleanUp!
When prompted it has finished, close the program. Then reboot your computer.
Any remaining programs and/or logs can be safely deleted.

Congratulations!
Image Image Image Image Image Image

As far as I can tell, you are CLEAN!


Image


Have a big cup of Image, sit back & relax, and now please follow a few of the following tips; they will dramatically reduce your chance of getting infected again.


  • Turn on Automatic Updates if you have not done so. It is MANDATORY to keep your Windows updated, otherwise you are vulnerable to exploits! To turn on Automatic Updates: click Start > Control Panel > Security Centre > Automatic Updates.

Below are optional items. It's highly recommended to read them through, but decide for yourself how many of these recommendations (if any) you follow.

  • Install WinPatrol from here. Instructions for use are here.

  • Install SpywareBlaster to protect you from bad sites. Download - How to use it

  • Install a custom hosts file. Let's say I have a directory of 640kb's worth of bad sites. Let's say I can make sure you will never be able to access those sites, so you will never get any infection from those sites. It's like blocking a site - without site blocking tools. How would you like to never be able to visit (a lot, but not all of the) malware-infected sites again? Well, now you can!
    First, we must disable a service, as Windows cannot work with a very large hosts file while that service is active. This will not affect anything else.
    The disabling routine:
    1. Click Start, then Run
    2. Copy and paste the following:
      Code: Select all
      sc config dnscache start= disabled
    3. Click OK.
    Next, you can download the custom hosts file from here. Installation instructions can be found there as well.

  • Install Sandboxie. Sandboxie isolates programs into a sandbox. When you get infected, and the program that caused this (i.e. Internet Explorer) is inside the sandbox, the infection will remain trapped inside the sandbox. Then it only takes a few clicks to empty the sandbox and thus kill the virus. Sandboxie is completely free! Download it here.
Note that using Sandboxie does not guarantee that you will never get infected. Some malware can bypass Sandboxie, so don't let your guard down!

Please reply to this thread once more so we know it can be archived


Happy surfing!! :)
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: believe i have tinyproxy.exe on my comp.

Unread postby helpohio » December 11th, 2008, 11:42 pm

Odd. Thank you. My browser is still weird. Maybe meaningless but any idea why? It went "weird" when i got this originally.

trying to attach images...one is on my side of the computer -clean the other from my wives which got the malware. can't tell if anything is attached though.
helpohio
Regular Member
 
Posts: 29
Joined: November 22nd, 2008, 8:12 pm

Re: believe i have tinyproxy.exe on my comp.

Unread postby helpohio » December 12th, 2008, 3:52 pm

ill try to be clearer:P. I think I've attached two files in the post above but not sure how to confirm. One is called bad one is called good. In the good file you'll see the malwareremoval.com from partitioned side of the computer which looks "correct", with greys and blues and the snowflake thing currently imbeded. On the wrong bitmap you see it's all white.

Or..the files didn't attach, in whic case ill try to email them to a different computer and attach them.

Again, thank you for the help on the malware and I can certainly survive with colors being messed up on the browser, but it seems odd to have theissue still. I have updated to latest firefox on that computer as well and that changed nothing from an appearance perspective. If you think this is nothing related to malware I understand.

Thanks again Odd and happy holidays. :bigsmurf:
helpohio
Regular Member
 
Posts: 29
Joined: November 22nd, 2008, 8:12 pm

Re: believe i have tinyproxy.exe on my comp.

Unread postby Odd dude » December 12th, 2008, 4:55 pm

I'm glad I could have been of assistance.

Unfortunately the attaching didn't go well - I don't see any attachments there. However, I don't think this is a malware issue. You might want to register and post a thread here, as I don't think I can help you much further with this, but my link has a good forum with people who do know what they're doing ;)

If you have any more inquiries feel free to ask, otherwise let me know this topic can be closed.

Happy holidays :cheers: :cheers:
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: believe i have tinyproxy.exe on my comp.

Unread postby helpohio » December 15th, 2008, 1:58 pm

I'm crashing to a blue screen now
helpohio
Regular Member
 
Posts: 29
Joined: November 22nd, 2008, 8:12 pm

Re: believe i have tinyproxy.exe on my comp.

Unread postby Odd dude » December 15th, 2008, 2:30 pm

Well, that's not very good news.

What error message is reported? (should be reported near the top of the blue screen)
What file is involved? (should be reported near the end of the blue screen)
When does the crashing occur? Only when you perform certain actions?
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: believe i have tinyproxy.exe on my comp.

Unread postby helpohio » December 15th, 2008, 8:33 pm

here's the "bad" version of my web browser..since the malware was put in. Notics the color of the malware site and look at the wierd coloring of the "edit" file" functions..

Image



and the good. Looks fine on my side of the system.
Image


Blue screen started happening after loading online armor..
i've deleted it. Will see if it crashes, if not will try the other firewall you told me to use.
helpohio
Regular Member
 
Posts: 29
Joined: November 22nd, 2008, 8:12 pm

Re: believe i have tinyproxy.exe on my comp.

Unread postby helpohio » December 15th, 2008, 8:35 pm

oh yes..and the error said something about tcpip. I'll write it down if it happens again.
helpohio
Regular Member
 
Posts: 29
Joined: November 22nd, 2008, 8:12 pm
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 275 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware