Subscribe RSS
Home > Help With > Help With Adware/DollarRevenue. Can't Disinfect.

Help With Adware/DollarRevenue. Can't Disinfect.

Please read this post completely before begining. Cheeseball81, Nov 5, 2006 #14 So Light Thread Starter Joined: Oct 19, 2006 Messages: 9 Avenger Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\icnsnyof ******************* Script Messenger" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! This is only a short scan.Once the short scan has finished, mark the drives that you want to scan.Select all drives.

ZoneAlarm Free Antivirus+ Firewall | Bitdefender Safebox | avast! Allow the ActiveX control to install when prompted. Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Where it says "Files of Type", select All Files and click on Save. find more

Alfred\Local Settings\Temp\ -> Downloader.Small.cnr : Cleaned with backup C:\Documents and Settings\Mr. File c:\windows\help\SPAlert.chm deleted successfully. Every now and then I get the following messages.Scan type: Realtime Protection ScanEvent: Virus Found!Virus name: Trojan HorseFile: C:\Documents and Settings\Tufan\Local Settings\Temporary Internet Files\Content.IE5\0PEF4567\srvuew[1].exeLocation: C:\Documents and Settings\Tufan\Local Settings\Temporary Internet Files\Content.IE5\0PEF4567Computer: SALMAN-SMKCJY9VUser: Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.Killbox may tell you that one or more files do not

davehc replied Jan 18, 2017 at 6:32 AM Nothing will open kevinf80 replied Jan 18, 2017 at 5:06 AM Loading... a3d files not found checking for matching notify keys.... Attached Files extra.txt (16.6 KB, 13 views) Remove Advertisements Sponsored Links Advertisement 05-23-2008, 06:48 PM #2 greyknight17 TSF Team, Emeritus Join Date: Jul 2004 Location: Alfred\Local Settings\Temp\0002b982.exe -> : Cleaned with backup C:\Documents and Settings\Mr.

Yes, my password is: Forgot your password? Infected With Surf Side Kick 3 And Others. During the scan it will prompt you to clean files, click OK. Don't run a scan just yet.

Pager" = ""C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet" ["Yahoo! Advertisements do not imply our endorsement of that product or service. Those are both gone along with the assorted tracking cookies that were found. Adam Smith Glasgow, 1760 Back to top #4 profqjay profqjay Member Full Member 5 posts Posted 11 October 2006 - 08:41 AM I'm using Symantec Antivirus and the auto-protect keeps quarantining

zgwrlbbc.dll) and deleting an InfoStealer with some scrambled dll file. We shall be using it later'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downloading. Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Trellian BHO Impl - {24180B00-2EB6-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dllO2 - BHO: XBTP04475 - User Name Remember Me?

Thanks again for the help, Phil Edited by big--phil, 08 July 2009 - 10:10 AM. Using the site is easy and fun. For Windows 10/8.1/8/7 Download now Google About Google Chrome Privacy Help Bahasa Indonesia Bahasa Melayu – Malaysia Català Čeština Dansk – Danmark Deutsch – Deutschland Deutsch – Österreich Deutsch – Schweiz Download OTMoveIt2 at * Save it to your desktop. * Double-click OTMoveIt2.exe to run it. (Vista users, right click on OTMoveIt2.exe and select Run as an Administrator). * Copy the

Nothing comes up on auto-protect, and IE works fine.The latest Hijack Log:Logfile of HijackThis v1.99.1Scan saved at 12:48:25 AM, on 10/12/2006Platform: Windows 2000 SP2 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running When finished, it shall produce a log for you. Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dllO3 - Toolbar: ToolbarBrowser - {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe Exit Notepad, double-click on the file and ok the prompt asking if you wish to merge the file with your registry.

Download WinPFind Right Click the Zip Folder and Select "Extract All" Extract it somewhere you will remember like the Desktop Don’t do anything with it yet! Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More... Cheeseball81, Oct 24, 2006 #7 So Light Thread Starter Joined: Oct 19, 2006 Messages: 9 PandaScan: Incident Status Location Adware:adware program Not disinfected c:\windows\system32\data.~ Adware:adware/winprotect Not disinfected c:\windows\help\SPAlert.chm Adware:adware/dollarrevenue Not disinfected

If not, my computer is running 2x faster!

Here's the first log from Ewido:---------------------------------------------------------AVG Anti-Spyware - Scan Report--------------------------------------------------------- + Created at: 6:15:02 PM 10/3/2006 + Scan result: C:\Documents and Settings\Administrator\Local Settings\Temp\drsmartload180a.exe -> Adware.DollarRevenue : Cleaned with backup (quarantined).C:\WINNT\system32\nxscript.exe -> Be sure you don't miss any.Exit the Killbox.* Run ATF Cleaner:Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox:Click Firefox at the top Terminate. Please download The Avenger by Swandog46 to your Desktop.

Alfred\Local Settings\Temp\ -> : Cleaned with backup C:\Documents and Settings\Mr. Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - Now click on the Magnifying Glass icon which will open a new window titled "View/edit script" Paste the text copied to clipboard into this window by pressing (Ctrl+V). C) Run another HJT scan and fix the following entries: O4 - HKLM\..\Run: [win32095-93429525] C:\WINDOWS\win32095-93429525.exe O4 - HKLM\..\Run: [ Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s * Additionally, the files referenced in the following

Below are my logs and thanks again. Please re-enable javascript to access full functionality. Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"] iprip, iprip, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\bss.dll" [null data]} Elapsed time 00:17:46 11:07 PM: Traces Found: 354 11:08 PM: Removal process initiated 11:08 PM: Quarantining All Traces: exact navisearch 11:08 PM: Quarantining All Traces: clearsearch 11:08 PM: Quarantining All Traces:

Inc."] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Tweezy Baby\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ Alfred\Local Settings\Temporary Internet Files\Content.IE5\K9DW9DN3\s78[1].exe -> Dropper.Agent.ail : Cleaned with backup :mozilla.6:C:\Documents and Settings\Tweezy Baby\Application Data\Mozilla\Firefox\Profiles\8909y5mg.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.20:C:\Documents and Settings\Tweezy Baby\Application Data\Mozilla\Firefox\Profiles\8909y5mg.default\coo kies.txt -> TrackingCookie.Hitbox : But this is not possible for all types of viruses or when virus has damaged that file too much, then best choice is to delete the infected file. O.k., neither McAfee Virusscan or Lavasoft AdAware found this , but both Ewido and Panda did.

As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged Thanks for letting me know about av comparitive. A red dot shows which drives have been chosen.Click the green arrow at the right, and the scan will start.Click 'Yes to all' if it asks if you want to cure/move When the scan is finished, click on "Click here to export the scan results" Save the report to your desktop then come back here and attach it to your next reply

Logfile of HijackThis v1.99.1 Scan saved at 9:44:07 PM, on 3/1/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe Try our mobile theme. Then copy/paste that log back here, along with fresh scans with HijackThis and Silent Runners please. These programs are great.

Because it could be possible that files in use will be moved/deleted during reboot.After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.** The Type the following in the box and click OK: Windows Overlay Components Close HijackThis after that. > Run WinSockXPFix.


© Copyright 2017 All rights reserved.