yahoo and viruses

Discussion in 'Networking and Computer Security' started by ilaila, Jan 17, 2010.

  1. ilaila

    ilaila Geek Trainee

    Likes Received:
    0
    Trophy Points:
    0
    hello, i did post last nite but it didn't show up - so anyway sorry if this is in wrong area,

    i downloaded a program and it installed yahoo on toolbar, i don't know how cos i thought i said no to that but may have missed a trick.

    but whilst trying to remove it, i went to 'regedit' and searched for all things yahoo, and couldn't believe how everywhere it was. deleted loads and it didn't remove the toolbar. it doesn't show up in add/remove programs, and i can't find the folder in program files.

    the problem i am worried about is when i went to regedit, a yahoo folder kept re appearing after i deleted it, in a folder called 'downloadz.com'..next to that were hundreds of really dodgy names like pantyhose and partyticket etc. i hoped that these are coming from my spybot resident tea timer or something similar.

    i also tried hijackthis and removed all the keys that had appeared since this yahoo thing. no difference.

    if it helps i have
    mcaffee security scan
    malwarebytes anti-malware (i haven't run that as it takes hour and half and i thought it only picks up other kinds of things)
    spybot search and destroy (finds nothing)
    cc cleaner
    browser hijack blaster

    by the way i have shitty vista

    and this is my hjt log
    Logfile of HijackThis v1.99.1
    Scan saved at 11:56:59, on 17/01/2010
    Platform: Unknown Windows (WinNT 6.00.1905 SP1)
    MSIE: Internet Explorer v8.00 (8.00.6001.18865)

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\agh\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\agh\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O8 - Extra context menu item: Append to existing PDF - res://D:\agh\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\agh\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://D:\agh\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\agh\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\agh\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\agh\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://D:\agh\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://D:\agh\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O11 - Options group: [INTERNATIONAL] International
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Unknown owner - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (file missing)
    O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\Windows\System32\Drivers\WTSRV.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    sorry if this is the wrong place to post this, perhaps you could redirect me to right place? thankyou so much for any help
    isla
     
  2. HardwareHunter

    HardwareHunter Geek Trainee

    Likes Received:
    3
    Trophy Points:
    0
    Well did you figure out what the problem was?? It sounds like a virus. There are so many viruses out there that comes in various forms as a disguise.
     
  3. SofiaBrown

    SofiaBrown Geek Trainee

    Likes Received:
    1
    Trophy Points:
    1
    Run your virus-scanner, but beware, many modern viruses can circumvent anti-virus programs. Quarantine anything suspicious.
    Install MalwareBytes Anti-Malware and update it. Don't scan for malware yet.
    Install Spy Bot[1] and update it. Don't scan for malware yet.
    Reboot into Safe Mode - Restart your computer and press F8 before Windows loads. Press F8 several times if you need to. Select Safe Mode from the resulting menu. Safe Mode disables much of the startup routine.
    Run your Malware Scanners - Run both the scanners sequentially, deleting any references found.
     

Share This Page