Virus Please help!

  • mameemonster
  • Beginner
  • Beginner
  • mameemonster
  • Posts: 46

Post 3+ Months Ago

hi i have some virus i think these are what came up from Ewido

trackingcookie.adbrite
trackingcookie.yieldmanager
trackingcookie.revsci
trackingcookie.com
trackingcookie.falkag
trackingcookie.trafic
trackingcookie.euroclick
trackingcookie.statcounter
trackingcookie.adrevolver
trackingcookie.casalemedia
trackingcookie.cqcounter
trackingcookie.serving-sys

This is my Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 8:13:06 PM, on 3/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\3xodus\Setup\Half\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://desktop.optusnet.com.au/dsl/favorites/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.optusnet.com.au/dsl/favorites/homepage
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://desktop.optusnet.com.au/dsl/favorites/homepage
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5638565250
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D516215B-20F2-420E-89BD-F7CC7901BA23}: NameServer = 10.1.1.1,192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

if anyone can please help me! thanks a lot in advance peAce
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • kinnerdesign
  • Novice
  • Novice
  • User avatar
  • Posts: 26

Post 3+ Months Ago

there just cookies, unless im missing something, i didn't read all your post, scanned through it, will read it again now but cookies are not viruses, what do you mean by "you think i have a virus" ?


ok took a closer look

I aint sure what these are:
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

but i would research that if I was you, does not sound good

Regards
KinnerDesign
  • mameemonster
  • Beginner
  • Beginner
  • mameemonster
  • Posts: 46

Post 3+ Months Ago

hi sorry i wasnt to sure if i did its just cause ewido gave those result and kinda scared me T_T! because ewido reported that it cannot delete them. anyway! thanks for the rep! so do you recommend me to delete your find? sorry im just scared T_T!
  • kinnerdesign
  • Novice
  • Novice
  • User avatar
  • Posts: 26

Post 3+ Months Ago

mameemonster wrote:
hi sorry i wasnt to sure if i did its just cause ewido gave those result and kinda scared me T_T! because ewido reported that it cannot delete them. anyway! thanks for the rep! so do you recommend me to delete your find? sorry im just scared T_T!


no no don't delete anything unless ewido is asking you to delete it, manually deleting could cause problems

I'm not sure if they are bad or not but they look suspicious to me and my knowledge of this stuff isn't as good as some peoples but I would research them if you don't know what they are.
  • mameemonster
  • Beginner
  • Beginner
  • mameemonster
  • Posts: 46

Post 3+ Months Ago

kk thanks =D, just one more thing so the cookies are no harm ? or i should still find a way of deleting them
  • david murphy
  • Guru
  • Guru
  • david murphy
  • Posts: 1181

Post 3+ Months Ago

Quote:
hi i have some virus i think these are what came up from Ewido


trackingcookie.adbrite

trackingcookie.yieldmanager

trackingcookie.revsci

trackingcookie.com

trackingcookie.falkag

trackingcookie.trafic

trackingcookie.euroclick

trackingcookie.statcounter

trackingcookie.adrevolver

trackingcookie.casalemedia

trackingcookie.cqcounter

trackingcookie.serving-sys

Ewido can't get rid of them cause they are running (working), you could run the scan in safe mode and you should be able to delete.
What type of websites do you go to?
Does your computer crash?
  • mameemonster
  • Beginner
  • Beginner
  • mameemonster
  • Posts: 46

Post 3+ Months Ago

hi David thanks for replyn 2! umm i use firefox 2.0.0.2 i also disabled third party cookies using the command about:config *googled it*umm my computer doesnt crash but i do experience lag everynow and then,, and im not sure if this is connected but awhile ago i had some problem with my internet, and when i type the command ipconfig the only thing that would come up is Windows IP Configuration and nothing else and i had to system restore...

anyways ill go on safemode and delete those finds thankS! be back with ewido log!
  • david murphy
  • Guru
  • Guru
  • david murphy
  • Posts: 1181

Post 3+ Months Ago

Lag? Are you on wireless?
Lag is usually due to a poor connection or running too many programs at once.
How much memory do you have? If your below 256mb and running windows xp
it could cause it to run slow.
  • mameemonster
  • Beginner
  • Beginner
  • mameemonster
  • Posts: 46

Post 3+ Months Ago

hello again, and yEs ur right! Ewido deleted them damn cookies =D thankS!

i have 1gb memory, and 512 dsl...

do you think theres anything unusual about my hijack log or nothing really?

thankS for HELP!
  • SuprSonic5
  • Student
  • Student
  • SuprSonic5
  • Posts: 67
  • Loc: Michigan, USA

Post 3+ Months Ago

Here's something you might want to consider if you want want to get rid of those cookies right away. Go to Tools->Options->Privacy. Under cookies select Keep Until: ( I close Firefox). This way Firefox deletes the cookies right after you close the browser. Also cookies do not cause damage to your PC. At most they can be spyware. They can give other sites or people info where you go and what you do. Either way can't hurt to delete them.
  • mameemonster
  • Beginner
  • Beginner
  • mameemonster
  • Posts: 46

Post 3+ Months Ago

oh thanks ! just did that to my settings =D

Post Information

  • Total Posts in this topic: 11 posts
  • Users browsing this forum: No registered users and 43 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.