Yahoo search background infected.Not sure is virus, spyware or malware.

View previous topic View next topic Go down

Yahoo search background infected.Not sure is virus, spyware or malware.

Post by simpsonss on Thu Aug 06, 2009 7:51 am

hi all,
After i accidentally click a link in an email, my yahoo search result's background is infected.Below is the infected page and my hijack log file.thank you.

[You must be registered and logged in to see this link.]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:26:53 PM, on 8/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\OMRON\FinsServerNT\bin\NsServer.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Fujitsu\updnavi\updnavi.exe
C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\QuickTime\qttask.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OE.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe" -r
O4 - HKLM\..\Run: [DispSwitchLauncher] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Append to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: CLKPCI_UNIT0 - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\clkpciunit00.exe
O23 - Service: CLK_UNIT0 - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\clkunit.exe
O23 - Service: CPU_UNIT - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\CpuUnit.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FgwSocketProxy - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\FgwSocketProxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MapAgent - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\MapAgent.exe
O23 - Service: NameSpaceServer - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\NsServer.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SLKPCI_UNIT0 - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\slkpciunit00.exe
O23 - Service: SysmacLink Unit - Unknown owner - C:\Program Files\OMRON\FinsServerNT\bin\slkcons.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 13254 bytes

simpsonss
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-08-06
OS OS : xp
Points Points : 26785
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo search background infected.Not sure is virus, spyware or malware.

Post by Belahzur on Thu Aug 06, 2009 2:19 pm


  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Yahoo search background infected.Not sure is virus, spyware or malware.

Post by simpsonss on Fri Aug 07, 2009 1:50 am

hi,
thanks for the reply. Below is the copy that u mentioned. Do u have any idea what actually happen?
thank you.

ACDSee 7.0 PowerPack
Acronis True Image 8.0
Adobe Acrobat 8.1.0 Professional
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player 11.5
ADSL USB Modem Network Adapter
Agere Systems HDA Modem
ALL-11
ANIO Service
ANIWZCS2 Service
App
Atmel Microcontroller ISP Software
Brother HL-2040
BurnInTest v5.3 Pro
Capcom Arcade Hits Volume 2
CX-One
CX-Server
CX-Server Driver Management Tool
Disketch CD Label Software
D-Link Wireless G DWA-110
EASy68K 3.7
ELECTRA v1.5.3
EPSON Easy Photo Print
EPSON Printer Software
ESC58_59 User's Guide
Express Burn
Express Rip
EZ-Courseware
Fellowes/NEATO MediaFACE
Flash Magic 3.67
Flash Writer
FlashAid
FoxyTunes for Firefox
FPWIN GR 2 Demo
FPWIN Pro 5
Fujitsu Display Manager
Fujitsu Hardware Diagnostics Tool
Fujitsu Hotkey Utility
Fujitsu System Extension Utility
Google Earth Plugin
Google Update Helper
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
HiLo Systems -- USB Drivers
HI-TECH PICC-Lite V9.60PL2
Hotfix for Windows XP (KB952287)
HP Memories Disc
HP Photo and Imaging 2.1 - Scanjet 36X0 Series
HyperTerminal Private Edition v6.3
Indeo® Software
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Ipswitch WS_FTP Pro
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Keil µVision3
K-Lite Mega Codec Pack 3.4.5
LabTool-48XP/UXP
LifeBook Application Panel
Logic Analyzer
LogicAnalyzer V2.0.0.6
Malwarebytes' Anti-Malware
MapAsia
mCore
MCS-51 Writer
mDriver
mDrWiFi
mEoU
mHelp
MicroCode Studio
Microengineer
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft ActiveSync
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
mIWA
mLogView
mMHouse
Mozilla Firefox (3.0.4)
mPfMgr
mPfWiz
MPLAB Tools v7.20
mProSafe
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mWlsSafe
mXML
mZConfig
NOD32 antivirus system
NOD32 FiX v1.9
NTI CD & DVD-Maker Platinum Trial
OMRON FinsGateway+Controller Link (PCI) Embedded Edition
OMRON FinsGateway+Controller Link Embedded Edition
OMRON FinsGateway+SysmacLink (PCI) Embedded Edition
OMRON FinsGateway+SysmacLink Embedded Edition
PhotoHunt Mobile 1.1
PhotoPad Image Editor
PICkit 2 v2.40
PowerDirector Express
PowerDVD
PowerProducer
QuickTime
Realtek High Definition Audio Driver
RonyaSoft CD DVD Label Maker 2.01
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Sentinel System Driver
Skype™ 4.0
Sonic DLA
Sony Ericsson PC Suite 1.20.224
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TARGET 3001! V13 discover
Tetris4000
the PICBASIC PRO(TM) Compiler Demo
Trend Micro Internet Security
Trend Micro Internet Security
Ulead PhotoImpact 11
Ultimate Advantage for Pocket PCs
Universal IC Writer
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Navi
USB Flash Writer
USB TO IRDA Driver 1.3.0.5
WICE-8MA
Winamp (remove only)
WinCupl
Windows Driver for ESA86-2 Trainer
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows Mobile Resources
Windows XP Service Pack 3
WinPic
WinRAR archiver
WinZip

simpsonss
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-08-06
OS OS : xp
Points Points : 26785
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo search background infected.Not sure is virus, spyware or malware.

Post by Belahzur on Fri Aug 07, 2009 11:15 pm

Hello.
Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Yahoo search background infected.Not sure is virus, spyware or malware.

Post by simpsonss on Tue Aug 11, 2009 2:58 am

Malwarebytes' Anti-Malware 1.40
Database version: 2561
Windows 5.1.2600 Service Pack 3

8/5/2009 12:27:03 PM
mbam-log-2009-08-05 (12-27-03).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 342417
Time elapsed: 1 hour(s), 14 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 42

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\KBPK080620.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK080627.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK080704.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK080711.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK080718.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK080801.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK080905.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK080912.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK080919.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK081005.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK081011.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK081024.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK081107.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK081112.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK081114.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK081122.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK081129.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK081203.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK081206.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK081212.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK081219.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK081223.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK081226.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK090103.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK090110.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK090123.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK090131.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK090206.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK090213.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK090220.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK090307.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK090313.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK090403.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK090411.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK090417.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK090424.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK090430.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK090502.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK090515.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK090522.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK090613.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\KBPK090615.log (Malware.Trace) -> Quarantined and deleted successfully.

simpsonss
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-08-06
OS OS : xp
Points Points : 26785
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Yahoo search background infected.Not sure is virus, spyware or malware.

Post by Belahzur on Tue Aug 11, 2009 1:55 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum