I have some very interesting spyware/malware……
Never seen or heard of it before.
Take for instance, OT. Look at the top of this page………you see the two side by side banners for advertisors? This spy/mal-ware actually replaces those with spamming banners. Some make noises and talk……like those ads we all hate. I can refresh the screen……and it will randomly show the correct banners (paying advertisors). Its pretty much hit or miss on which one shows up though.
Anyone heard or seen this before? I am not sure if it is a vBulletin thing or what, but since the majority of the boards I frequent are vB, I have noticed it on all of them.
TIA for any help/advice. If anyone would like to help, let me know if you would like to see a HJT file.
have you tried adaware or any other spyware/malware scanners? how about anti-virus? avast and avg are free.
Get Spybot.
The site looks a bit unpro but its a damn good free program.
I downloaded and ran the newest version of Spybot, and it found 3 significant items that required a reboot with a full scan during startup. The scan took about an hour, and it said it fixed the problems.
Now, IE is REALLY slow…….and the problems I started with are still there as well. I know most of you will praise Firefox, but I prefer IE so save the replies.
Anyone have any other suggestions?
try others. no one scanner is perfect. sometimes one will catch/repair something that another misses. try avast and avg as well as adaware.
run superantispyware
i see this catch a lot of shit
buying a sub will also fix the problem. i see no ads.
just kidding, run hijackthis and post the outcome here
Well executed joke. I actually chuckled.
Here ya go….
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:53 PM, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesLavasoftAd-Awareaawservice.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe
C:Program FilesJavajre1.6.0_05binjusched.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesAIMaim.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesSymantec AntiVirusDefWatch.exe
C:WINDOWSsystem32pctspk.exe
C:Program FilesSymantec AntiVirusSavRoam.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInt ernet Settings,ProxyOverride = *.local
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 – BHO: RealPlayer Download and Record Plugin for Internet Explorer – {3049C3E9-B461-4BC5-8870-4C09146192CA} – C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 – BHO: Spybot-S&D IE Protection – {53707962-6F74-2D53-2644-206D7942484F} – C:PROGRA~1SPYBOT~1SDHelper.dll
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:Program FilesJavajre1.6.0_05binssv.dll
O2 – BHO: Browser Helper Object – {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} – C:Program FilesCommonhelper.dll
O4 – HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe
O4 – HKLM..Run: [SoundMAX] "C:Program FilesAnalog DevicesSoundMAXSmax4.exe" /tray
O4 – HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_05binjusched.exe"
O4 – HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 – HKLM..Run: [WinampAgent] "C:Program FilesWinampwinampa.exe"
O4 – HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 – HKCU..Run: [AIM] C:Program FilesAIMaim.exe -cnetwait.odl
O4 – HKCU..Run: [EasyLinkAdvisor] "C:Program FilesLinksys EasyLink AdvisorLinksysAgent.exe" /startup
O4 – HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot – Search & DestroyTeaTimer.exe
O8 – Extra context menu item: &eBay Search – res://C:Program FileseBayeBay Toolbar2eBayTb.dll/RCSearch.html
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:Program FilesJavajre1.6.0_05binssv.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:Program FilesJavajre1.6.0_05binssv.dll
O9 – Extra button: AIM – {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} – C:Program FilesAIMaim.exe
O9 – Extra button: (no name) – {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} – C:PROGRA~1SPYBOT~1SDHelper.dll
O9 – Extra ‘Tools’ menuitem: Spybot – Search & Destroy Configuration – {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} – C:PROGRA~1SPYBOT~1SDHelper.dll
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:Program FilesMessengermsmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:Program FilesMessengermsmsgs.exe
O16 – DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) –
O16 – DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader – Container) –
O16 – DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) –
O18 – Filter hijack: text/html – {ae4ef06c-ecd9-4366-858e-82fa2f8b11aa} – C:WINDOWSsystem32iehlpr32.dll
O23 – Service: Lavasoft Ad-Aware Service (aawservice) – Lavasoft – C:Program FilesLavasoftAd-Awareaawservice.exe
O23 – Service: Apple Mobile Device – Apple, Inc. – C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 – Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) – Apple Computer, Inc. – C:Program FilesBonjourmDNSResponder.exe
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 – Service: Symantec AntiVirus Definition Watcher (DefWatch) – Symantec Corporation – C:Program FilesSymantec AntiVirusDefWatch.exe
O23 – Service: FLEXnet Licensing Service – Macrovision Europe Ltd. – C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 – Service: PCTEL Speaker Phone (Pctspk) – PCtel, Inc. – C:WINDOWSsystem32pctspk.exe
O23 – Service: SAVRoam (SavRoam) – symantec – C:Program FilesSymantec AntiVirusSavRoam.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
O23 – Service: Symantec AntiVirus – Symantec Corporation – C:Program FilesSymantec AntiVirusRtvscan.exe
–
End of file – 6342 bytes
TTT
Anyone heard of this yet? I’ve now got them on about every message board I go to that has advertisement banners. I even got one of the spam ad’s in someone signature……the picture was hosted by Photobucket FWIW.
FWIW, whenever I get one of these spam ad’s……..it is some sort of flash. I can right click on a ‘normal’ advertisement banner……and actually see the properties and such, but when I try to right click on a spam banner……it has the flash menu options…
question… what exactly have you done thus far? all you say you’ve done is run spybot and hijackthis. have you run adaware? how about installing and running a full scan with avast or AVG virus scans?
eventually you’ll probably have to wipe your system and fresh install.
Yup did Ad-Aware also. I am prolly just gonna reformat…….this shit is a PITA.
|
Well executed joke. I actually chuckled.
Here ya go…. Logfile of Trend Micro HijackThis v2.0.2 |
those are the nasties
Deleted and fixed.
Thanks a ton…..you don’t even know.
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.