Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Popups relating to IP [89.188.16.28] Help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Popups relating to IP [89.188.16.28] Help!

Unread postby Corrie » January 6th, 2009, 10:10 am

Well, I'm new to this for starters, so sorry in advance if I don't "get it" straight away. I'm fairly good with computers, though. So I hope I can keep up.

I've recently been the victim of an annoying malware, which I can't find on my system. I've got MalWareBytes' AntiMalware, which I've run full scans on numerous times. It always finds a couple of trojans etc, deletes them (or deletes on startup) yet they've returned again next time ¬¬.

I have been using P2P program uTorrent, which I understand could be the cause, so I've uninstalled that, as well as everything else I've recently installed/downloaded too. For some reason (I assume because it's the New Year) Windows doesn't have ANY restore points in System Restore, and I can't go back to earlier ones =/.

What this malware is doing is, when I run Firefox, it will occasionally bring up another window which relates to the IP [89.188.16.28] or [82.98.235.111]. I've looked these up and found a separate post about the first, but nobody has mentioned that the window popped up is either blank, and has its roots in "sagipsul.com". Also, google only had one result for the other - a list of foreign IP addresses =/.

The address of the blank page that opens is usually: "http://sagipsul.com/go/?cmp=vm_mg_juan&uid=45F19590D91211DD9E2C166350CFFFFF&lid=578&url=suggestqueries.google.com%2Fcomplete%2Fsearch%3Foutput%3Dfirefox%26client%3Dfirefox%26hl%3Den-GB%26q%3D82.98.235.111&guid=C618C90661BA4A1CA4BF6517F0073D2F&affid=166350&rid=zdez&cl=superjuan"

or

"http://82.98.235.111/dot.gif/?ver=112&cmp=profiling4&uid=45F19590D91211DD9E2C166350CFFFFF&guid=C618C90661BA4A1CA4BF6517F0073D2F&affid=166350&rid=zdez&m=irq4&revid=9871&lid=suggestqueries.google.com%2Fcomplete%2Fsearch%3Foutput=firefox%26client=firefox%26hl=en-GB%26q=82.98.235.111&uqs=126&s=0&c1=126&c2=0&uid_track=c3bd0fc7-c255-4e0b-83cc-8597e383d034&br=firefox"

I have encountered: "http://89.188.16.28/dot.gif/?ver=112&cmp=superjuan&uid=45F19590D91211DD9E2C166350CFFFFF&guid=C618C90661BA4A1CA4BF6517F0073D2F&affid=166350&rid=zdez&m=irq4&revid=9871&lid=suggestqueries.google.com%2Fcomplete%2Fsearch%3Foutput=firefox%26client=firefox%26hl=en-GB%26q=89.188.16.28&uqs=103&s=0&c1=103&c2=0&uid_track=c3bd0fc7-c255-4e0b-83cc-8597e383d034&br=firefox"

and

"http://70.38.98.32/red.php?lid=mark_ip&br=firefox&url=suggestqueries.google.com%2Fcomplete%2Fsearch%3Foutput%3Dfirefox%26client%3Dfirefox%26hl%3Den-GB%26q%3D89.188.16.28&z=GB&affid=166350&ver=112&shows=0&click1=103&click2=0&uqs=103&uid=45F19590D91211DD9E2C166350CFFFFF&guid=C618C90661BA4A1CA4BF6517F0073D2F&jguid=&cmp=superjuan&rid=zdez&xp=1"

too. They are all blank, but I've even had a couple of popups advertising eBay, childrens' charities and online casino.
These popups only seem to occur when I load a new site or change something in Firefox. I've deleted my cookies and temp internet files, but these annoying popups still happen.

I've downloaded HiJackThis, and here's the logfile. hopefully you'll be able to make sense of who superjuan is..:

^^^^^^^^^^^^^^^^^^^^
Logfile of HijackThis v1.99.1
Scan saved at 13:58:33, on 06/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {39ca03d7-64cb-8b6a-cb44-8269ed99fdb9} - {9bdf99de-9628-44bc-a6b8-bc467d30ac93} - C:\WINDOWS\system32\lchzqs.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [eSnips] "C:\Program Files\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-4500X WIRELESS OPTICAL MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Kyaketedabexob] rundll32.exe "C:\WINDOWS\Jbufo.dll",e
O4 - HKLM\..\Run: [Vkamumocarezatec] rundll32.exe "C:\WINDOWS\ibacafofoceqozuz.dll",e
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Daniel Hickman\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2000915228
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/templat ... rol013.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templat ... rol027.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: lchzqs.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

^^^^^^^^^^^^^^^^^^^^^^^^^^

Right. Good luck, and I look forward to a way of stopping this!

P.S. Other posts relating to this IP talk about keyboard lag and updates being blocked. I haven't got any of this, however I did get a "Beginning Dump Of Physical Memory" bluescreen a couple of times this morning when simply starting up windows. The whole computer would seize up, either leaving my cursor to move freely or freezing that too. I've thus had to manually turn it off and on.
The blue screen isn't a big deal, btw. For some reason my computer's always doing it (it won't shut down without displaying it, so I just turn it off by the button). This has been going on for years, but only today and yesterday has it started to freeze up like this, and produce these annoying popups ¬¬.


P.P.S. I just got a nice popup ad for a ferrari x] How nice.

Thanks in advance,

Corrie.
Corrie
Active Member
 
Posts: 3
Joined: January 6th, 2009, 9:32 am
Advertisement
Register to Remove

Re: Popups relating to IP [89.188.16.28] Help!

Unread postby Rodav » January 17th, 2009, 6:34 pm

I'm sorry we couldn't help you sooner but as you can see the forums are extremely busy and our volunteer helpers are at full capacity. I'm subscribed to this topic now and will help you with any malware issues you may have, if you still need any assistance.

As it has been a while since you posted last and changes may have been made to your system please run HijackThis again and post a new log in your next reply along with a brief description of how your computer is running.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Popups relating to IP [89.188.16.28] Help!

Unread postby Corrie » January 17th, 2009, 7:46 pm

Thank you for replying, Rodav. I've seen how busy these forums get and I appreciate you spending time replying to my post. One problem, though - since my last post, the computer I was using decided to crash suddenly, and boasted an "unmountable_boot_drive" whenever I attempted to start it up.
Luckily, I was able to boot my HD through Linux on CD and rescue my files, but Windows was damaged beyond repair. I saved what I needed to, and reformatted the Hard-drive. On attempting to reinstall Windows, the setup froze on the "installing Windows components" stage and never recovered. I assume it is the Hard-drive itself which is broken.
I am now on a different computer running the same version of XP, and after transferring files over from the other PC I understand there is some risk that this computer may contain some form of Malware.
Even though the system is no longer the same, I wonder, if I post a new HijackThis log for this computer, would you check for me, to see if it is clean? I would also love to hear any advice on what to download in order to maximise security, to avoid the same problem occuring once more.
Again, I am extremely grateful for your help, and I completely understand if you have more serious issues to be helping with..

Here is a HijackThis log for this new computer:

##########################
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:41:55, on 17/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1366803500
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 3912 bytes
################

Tell me what you think ^^
Corrie
Active Member
 
Posts: 3
Joined: January 6th, 2009, 9:32 am

Re: Popups relating to IP [89.188.16.28] Help!

Unread postby Rodav » January 17th, 2009, 9:03 pm

Hi Corrie,

I'm sorry you had to reformat hard drive but if it's any consolation, it's the safest and often the quickest way to deal with malware infections.

If you are still having trouble installing Windows you could ask at one of the general tech forums like http://www.bleepingcomputer.com/forums/ or http://forums.pcpitstop.com/ who have specialist subforums for hardware or Windows issues.

Your log is clean, you can fix the following line with HijackThis, it is just a leftover from Windows Live Messenger:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)


When you install an antivirus you should scan all the files you saved in case any of them are infected. I will give you a list of programs below along with some other tips that may help future reinfection.



Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you may like to follow any steps that you have not already implemented
  • Download and install an antivirus program, and make sure that you keep it updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software
    Two good antivirus programs free for non-commercial home use are Avast and Antivir
    Two good paid for antivirus programs are NOD32 and Kaspersky
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection level. It may also impair the performance of your PC.
  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  • Make Internet Explorer more secure
    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Install a Hosts File
    I recommend MVPS Hosts File
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window
    For a more detailed explanation of the HOSTS file, click here
  • Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download.
  • Install Malwarebytes & update and scan with it regularly
    Malwarebytes is a free for personal use on demand scanner which is developed by active members of the Malware Removal community. It detects and removes many modern infections. The paid version offers realtime protection.
  • The last and most important thing I can tell you is UPDATE, UPDATE, UPDATE.
    If you don't update your security programs (Antivirus, Antispyware, even Windows) then you are at risk.
    Malware changes on a day to day basis. You should update every week at the very least.

Miekiemoes an expert in malware removal has a fantastic article on how to prevent Malware for further tips, it's well worth a read. http://users.telenet.be/bluepatchy/miek ... ntion.html

If you have any questions, let me know. :)
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Popups relating to IP [89.188.16.28] Help!

Unread postby Corrie » January 18th, 2009, 6:57 pm

Fantastic! Thanks for your fast reply. It's good to know my system's safe, and I've downloaded Avast!, Malwarebyte's and WinPatrol as you suggested.

I'm glad you guys are able to help regular mugs like me - you're doing a great thing here! I'm going to try and reinstall Windows one last time on my other computer and I will make sure I keep it as safe as possible =]

Thanks again, Rodav! I've been spreading the word about this site, and I will refer back if I ever get any more problems - hopefully soon a day will come when Malware is crushed for good, but until then, keep up the good work!

Good luck and godspeed =P

Corrie.

(I think we can close this topic now =])
Corrie
Active Member
 
Posts: 3
Joined: January 6th, 2009, 9:32 am

Re: Popups relating to IP [89.188.16.28] Help!

Unread postby NonSuch » January 18th, 2009, 7:56 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware