Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I keep getting this message that said my computer is infected and i scaned my computer at least six times and nothing is wrong with it. please help me get rid of this. iam freaking out here. i read online in google and i think it is the spyaxe trojan please help me
I guess jim gave you a bad link. Be patient. Wait for him to come around to correct it.
i_Xp/VistaUser
0 
adaware - FREE
spybot S&D - FREE
AVG antivirus - FREE
Iolo system mechanic - $80 - but worth it :)
AMD Athlontm XP 2400+, MMX, 3DNow, ~2.0GHz
Windows XP Pro/Corp 5.1, Build 2600 SP2
1280 mb of RAM
Nvidia GeForce FX 5200
1-40gb 1-120gbD
0
i already have good antinvirus. i need to know how to get rid of the spyaxe trojan because i think it is the spyaxe trojan
0
The link Jim posted is here, not sure why its
blacklisted.
http://www.computing.net/security/w...
0
1-What Anti-virus do you have?
2-What is the exact message you are getting....you said it could be spyaxe, etc.If we know the message, much easier to help you.
If it is spyaxe, here is the removal for that:
http://www.infopackets.com/channels...Some HELP in posting on Cnet plus free progs and instructions
Hopefully my advice will help you...Please post back your result
0
I have norton 360
"Your computer is infected
Windows has detected spyware infection
It is recomended to use special antispyware tools to prevent data loss. windows will now download and install the most up-to-date antispyware for you click here to protect your computer from spyware"I am only doubting that it is spyaxe because i tried to run SMITREM and none of the files i had to remove could be found on my computer and my internet browser has not been messed with thank-god all i am getting is the god D**n Annoying pop-up
0
Try the removal in response 8.
If still no joy, D/L Avast free to your desktop, turn off norton, install avast and let it do a bootscan on reboot. You will see how many infections your trusted Norton has missed. Just move them to the chest.
You can find Avast and many other good FREE cleaners by clicking on the link in my signature. Good Luck
Some HELP in posting on Cnet plus free progs and instructions
Hopefully my advice will help you...Please post back your result
0
i tried the avast but i don't know if it workied or not because now i am getting a new message "integrity threats detected some files on your hard drive structure may be corrupt it may lead to crashes reebots and it doesn't give me enough time to read the rest i don't know if it is from microsoft or not but i'm not taking a chance because it wants me to download software. i didn't try the fix in response 8 yet but will try that and more tommorow because i am so tired avast got rid of 7 infected files yay. and INternet explorer now says its encountered a problem and needs to close everytime i open it. the icon is the triangle yeild sign with the exclamtion point please help
0
Well if you think it's spyaxe you may remove it manually. Check this out:
http://www.2-spyware.com/remove-spy...
0
is it spyaxe or not because I got a new message now shown above and i don't know if Internet explorer is acting up
0
are you IE 6 or 7?
Some HELP in posting on Cnet plus free progs and instructions
Hopefully my advice will help you...Please post back your result
0
Ok I ran hijack this and could someone look at my results and tell me what i can do to get rid of the messages i've been getting
here are my results
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:22 PM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: NormalRunning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SecCenter\scprot4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\SHOCKW~1.COM\PHOTOJ~1\data\product\xtras\mssysmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\AOL\1186349484\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Shareaza\Shareaza.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {68588523-E047-4A9F-8015-5EDABC97AAF9} - C:\WINDOWS\system32\cbxvv.dll (file missing)
O2 - BHO: (no name) - {6D55F78D-57E0-7A56-9975-02E12506D1B4} - C:\Program Files\Kiteilhw\ezattrud.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {E4EEFFED-93CD-4CF0-A0F3-50D139121FEE} - C:\WINDOWS\system32\rqroppq.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] -"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [pipmon] pipmon.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] -"C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] -C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [iTunesHelper] -"C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] -C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] -C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] -C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] -C:\Program Files\Common Files\AOL\1186349484\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] -C:\WINDOWS\System32\WLTRAY.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [fwlozsje] rundll32.exe "C:\Program Files\fwlozsje\hgpgzati.dll",Init
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SHOCKW~1.COM\PHOTOJ~1\data\product\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] -"C:\Program Files\Messenger\MSMSGS.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] -
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.exe" -b
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O20 - Winlogon Notify: cbxvv - C:\WINDOWS\system32\cbxvv.dll (file missing)
O20 - Winlogon Notify: rqroppq - C:\WINDOWS\SYSTEM32\rqroppq.dll
O20 - Winlogon Notify: winrdf32 - C:\WINDOWS\SYSTEM32\winrdf32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - -"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)--
End of file - 11093 bytes
0
paste your results into http://hijackthis.de/
and then google your results to see what is safe to delete. You have some pretty nasty stuff in there.
You also still have symantec running with Avast, run the norton uninstaller from their website to remove all traces of symantec. Either that or uninstall Avast (I myself would prefer Avast over Norton) . You can only have 1 AV turned on at a time.You also are not using a software firewall, click on the link in my signature and get a good free one Comodo Pro.
I have a feeling that seeing no-one requested you to post a log it will probably get deleted very shortly....those are the rules in cnet and unfortunately some people ignore them.
I don't know anyone in the forum that is qualified to help you with HJT.
Some HELP in posting on Cnet plus free progs and instructions
Hopefully my advice will help you...Please post back your result
0
Link below contains a solution for 9129837.exe.
I would begin by sorting out this line:
O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe
This is classified as memory resident trojan malware.
The link for 9129837.exe removal.
http://forums.vnunet.com/thread.jsp...
0
thanks i never tried that i used combofix and i'm pretty sure my issue has been resolved because the pop up never comes up anymore for about 3 days now
0
"Ie 7"
You may also wish to switch to a less-vulnerable browser such as Firefox and/or Opera (I use both).
0
dw33b, actually IMO IE7 is a great browser, I use Firefox as a secondary one because it has more nags than IE7.
Some HELP in posting on Cnet plus free progs and instructions Glad to Help!
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
