Video ActiveX Object - a virus me thinks...help?
Hey, I was trying to watch a video on t'net earlier and was prompted to install something that would make the video play....foolishly I installed it, and when my Nod32 told me that it was a virus, I thought about not allowing it....but because it said ignore(recommended), I ignored it....now ive got this virus on my pc. It isnt in the add/remove list, and is in program files only.
When i open my internet it is set as the homepage. I've run checks on ad-aware and have managed to get rid of the toolbar that appears, but i still get pop-ups from this thing and it is still my homepage.
Any help would be appreciated, thanks.
When i open my internet it is set as the homepage. I've run checks on ad-aware and have managed to get rid of the toolbar that appears, but i still get pop-ups from this thing and it is still my homepage.
Any help would be appreciated, thanks.
0
This discussion has been closed.
Comments
I'll need to see two logs please.
1. Click here to download HJTsetup.exe, and save it to your desktop.
- Double click on the HJTsetup.exe icon on your desktop.
- By default it will install to C:\Program Files\Hijack This.
- Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
- Put a check by Create a desktop icon then click Next again.
- Continue to follow the rest of the prompts from there.
- At the final dialogue box click Finish and it will launch Hijack This.
- Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
- Copy and paste the log here
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.2. I need to see another log from HijackThis.
- Run Hijackthis.
- Click on Open the Misc Tools section.
- Next click on Open uninstall manager.
- Press the Save list button.
- Save the file to your desktop, with the default name of uninstall_list
- Copy & Paste the entire contents of that file in your in your next post.
3. Please post the requested logs back here.Scan saved at 18:32:19, on 11/02/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Virgin Net Broadband\Dragdiag.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virginmedia.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.virgin.net/
O2 - BHO: ZILLAbar BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\ZB2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\ZB2.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Virgin Net Broadband\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171212226604
O17 - HKLM\System\CCS\Services\Tcpip\..\{121B68FC-A3D4-4713-BEFB-5D2050D28CDF}: NameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{121B68FC-A3D4-4713-BEFB-5D2050D28CDF}: NameServer = 194.168.4.100 194.168.8.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
Ad-Aware SE Personal
Adobe Shockwave Player
Apple Software Update
AVG Anti-Spyware 7.5
Azureus
BearShare
Canon i350
Cue Club
Google Updater
Hijackthis 1.99.1
HijackThis 1.99.1
iPod for Windows 2005-09-23
iTunes
J2SE Runtime Environment 5.0 Update 10
Joint Operations: Escalation
Joint Operations: Typhoon Rising
Microsoft Office 2000 Professional
Mozilla Firefox (2.0.0.1)
Nile
NOD32 antivirus system
NVIDIA Windows 2000/XP Display Drivers
Pop-Up Stopper Free Edition
PunkBuster for Joint Operations: Typhoon Rising
QuickTime
Samsung PC Studio II 2.0 PIMS & File Manager
SpeedTouch USB Software
STOPzilla!
Windows Live Messenger
WinRAR archiver
there ya go, thanks
You're running Windows XP without any Service Packs. That is very bad as your computer is unprotected from vital security patches and so on.
The first thing I'll need you to do is download and install Service Pack 1a for Windows XP.
Do not install Service Pack 2, just yet!
Once that is done, post a new HijackThis log.
I think it could be down to the fact that before I turned my pc off earlier, I had done a check with Ad-aware, in which 5 files could not be deleted and there rest could. And it said that it would try something when i rebooted the pc. I turned it on an hour later after tea and found that it had all gone.
Thanks for your advice anyway, and if it does return then I will continue with the steps...much appreciated dude.
thanks
If you wish this topic reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread instead