1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Trusted Zone: http://*.63.219.181.7

Discussion in 'Malware and Virus Removal Archive' started by aggie96, 2005/05/05.

Thread Status:
Not open for further replies.
  1. 2005/05/05
    aggie96

    aggie96 Inactive Thread Starter

    Joined:
    2005/04/15
    Messages:
    3
    Likes Received:
    0
    Hi,

    I am using IE 6.0.2800.1106.
    I frequently got pron pop ups and my favriate automatically got added some prone sites.
    The following is the hijackthis v1.99.1 results.
    C:\WINDOWS\System32\fixmapirs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\T C\桌面\HijackThis.exe

    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Name - {12D146E6-CA93-4454-9623-F7E2337C082F} - C:\WINDOWS\System32\msehb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
    O3 - Toolbar: 收音機(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [runload32] Uint32.exe
    O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe "
    O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe" nowait
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [inertinfo.exe] C:\WINDOWS\inertinfo.exe
    O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe "
    O4 - HKCU\..\Run: [Testimonials] utsgmon.exe
    O4 - HKCU\..\Run: [PrcIdle] new32.exe
    O4 - HKCU\..\Run: [bingo9] SpyElim.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
    O15 - Trusted Zone: http://*.63.219.181.7
    O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
    O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://ebank.landbank.com.tw/CorporateBank/Download/XENROLL.cab
    O16 - DPF: {239B96C6-DBAE-11D6-BABA-0050BA12C71A} (TAIMAC10 Control) - https://ebank.landbank.com.tw/CorporateBank/Download/taimac10.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/15b5c8bdd7d016564606/netzip/RdxIE601_tw.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {FC25B780-75BE-11CF-8B01-444553540000} (Chart Object) - http://activex.microsoft.com/activex/controls/iexplorer/x86/iechart.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{82713E90-54E4-4E24-A5A5-B4BCD72F39B9}: NameServer = 69.50.176.197 195.225.176.31

    Also, the following is the panda scan results

    Incident Status Location

    Virus:Trj/Downloader.BFC Disinfected Operating system

    Adware:Adware/TopRebates No disinfected C:\DOCUME~1\TC01D6~1\LOCALS~1\Temp\jkill.exe
    Spyware:Spyware/FastSearchWeb No disinfected C:\WINDOWS\System32\docntrop.dll
    Adware:Adware/GloboSearch No disinfected Windows Registry
    Adware:Adware/Otx No disinfected C:\WINDOWS\Downloaded Program Files\Preloader.dll
    Adware:Adware/DSSAgent No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F.tmp
    Adware:Adware/ActiveSearch No disinfected C:\RECYCLER\S-1-5-21-1177238915-412668190-1801674531-1004\Dc31.dll
    Adware:Adware/ActiveSearch No disinfected C:\RECYCLER\S-1-5-21-1177238915-412668190-1801674531-1004\Dc37.dll
    Virus:Trj/Downloader.JH Disinfected C:\RECYCLER\S-1-5-21-1177238915-412668190-1801674531-1004\Dc39.inf
    Virus:Trj/Downloader.JH Disinfected C:\RECYCLER\S-1-5-21-1177238915-412668190-1801674531-1004\Dc40.dll
    Adware:Adware/ActiveSearch No disinfected C:\RECYCLER\S-1-5-21-1177238915-412668190-1801674531-1004\Dc52.dll
    Adware:Adware/ActiveSearch No disinfected C:\RECYCLER\S-1-5-21-1177238915-412668190-1801674531-1004\Dc57.dll
    Adware:Adware/ActiveSearch No disinfected C:\RECYCLER\S-1-5-21-1177238915-412668190-1801674531-1004\Dc59.dll
    Virus:Trj/Downloader.ASM Disinfected C:\WINDOWS\internt.exe
    Virus:Trj/Delf.IX Disinfected C:\WINDOWS\kernerl32.dll
    Adware:Adware/MediaTickets No disinfected C:\WINDOWS\LastGood\Downloaded Program Files\eied.inf
    Virus:Trj/Downloader.AEU Disinfected C:\WINDOWS\LastGood\Downloaded Program Files\ied.inf
    Virus:Trj/Downloader.JH Disinfected C:\WINDOWS\LastGood\Downloaded Program Files\Ole32ws.inf
    Adware:Adware/PurityScan No disinfected C:\WINDOWS\LastGood\Downloaded Program Files\start.INF
    Virus:Trj/Downloader.ASM Disinfected C:\WINDOWS\LastGood\Downloaded Program Files\start6.inf
    Virus:Trj/Downloader.AIB Disinfected C:\WINDOWS\LastGood\Downloaded Program Files\start7.inf
    Virus:Trj/Downloader.JH Disinfected C:\WINDOWS\LastGood\Ole32ws.dll
    Spyware:Spyware/FastSearchWeb No disinfected C:\WINDOWS\system32\docntrop.dll
    Adware:Adware/Startpage.VH No disinfected C:\WINDOWS\system32\dskrfuoui.dll
    Adware:Adware/ActiveSearch No disinfected C:\WINDOWS\system32\Q2152921.dll
    Spyware:Spyware/WareOut No disinfected C:\WINDOWS\system32\sprmove.exe
    Virus:Application/Restart No disinfected C:\WINDOWS\system32\Tools\Restart.exe
    Spyware:Spyware/WareOut No disinfected C:\WINDOWS\system32\wosys32.dll
    Virus:Trj/Delf.IX Disinfected C:\WINDOWS\use32.dll
    Also, I did not find anything with BitDefender AntiVirus Free Scan.

    Can someone help me?
     
    aggie96,
    #1
  2. 2005/05/05
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    noahdfear,
    #2


  3. to hide this advert.

Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...