popup virus

Computing.Net > Forums > Security and Virus > popup virus

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

popup virus

Name: aboucher
Date: May 1, 2006 at 15:11:40 Pacific
OS: xp pro
CPU/Ram: 248 mb
Product: Hp / Acertab pc/digital p

Comment:

I have been having a yellow and Black Emplaination point in the system tray. and a balloon often come out of it that says something in the lines of "there are 4 spyware programs on your computer, click this balloon to get rid of it". also, like when i wake up and come down, there are 30 or so popups of things including: casino ads; porn; windows help windows; ads for anti-spyware products; etc.... i have scanned many times for viruses, and spyware. My all-in-one secret Maker window comes up and asks to install a program called "BROWSER OBJECT" i hit 'reject' every time.
any help is appriciatedany help is appriciated
thanks in advance
Andy

The internet is no longer a toy...it is a combat zone!!

Sponsored Link

Ads by Google

Response Number 1

Name: bloodhound114
Date: May 1, 2006 at 16:17:49 Pacific

Reply:

Download Hijack This 1.99.1 here
,install it and "Do A System Scan Only". Click on "SCAN" at the bottom. Once it's finished click on "Save Log" and save it as a .txt file. DO NOT fix anything! This is a pretty powerful tool. Be sure that the program is in its own folder on the root drive. If it's saved in a temp folder it won't be able to make back-ups if needed. Also be sure that while it's running that no other windows are open. Then copy and paste the log back here and I'll take a look at it for you. Then I'll help you figure out how to get rid of all the stuff you're dealing with. You definitely have viruses and a bunch of spyware on your computer.

Proud member of Alliance of Security Analysis Professionals since 2005. ASAP

Response Number 2

Name: aboucher
Date: May 1, 2006 at 17:56:53 Pacific

Reply:

Logfile of HijackThis v1.99.1
Scan saved at 8:53:32 PM, on 5/1/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Common Files\AOL\1138422246\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Glass2k\Glass2k.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Secretmaker\secretmaker.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Palm\HOTSYNC.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Xfire\Xfire.exe
c:\program files\common files\aol\1138422246\ee\aim6.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\System32\SNDVOL32.exe
C:\WINDOWS\System32\WISPTIS.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Palm\Palm.exe
C:\WINDOWS\System32\atmclk.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\Documents and Settings\Andy\Desktop\hijackthis\HijackThis.exe
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hp9511.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138422246\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Glass2k] C:\Program Files\Glass2k\Glass2k.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.exe /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunServices: [NITE] C:\WINDOWS\System32\NITE.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [CounterSpyCleaner] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\Secretmaker\secretmaker.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141860328405
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145480703950
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
The internet is no longer a toy...it is a combat zone!!

Response Number 3

Name: bloodhound114
Date: May 1, 2006 at 18:54:05 Pacific

Reply:

Download Prevx
and run it.
Restart your computer even if it doesn't ask you to and then do an online scan here

If the scan brings anything up, post it back here for me.
If the scan comes up clean, go here
and get the new critical updates. You should have the SP2 update.
DON'T GET THE NEW UPDATES UNLESS YOU'RE CLEAN!

Proud member of Alliance of Security Analysis Professionals since 2005. ASAP

Response Number 4

Name: bloodhound114
Date: May 2, 2006 at 03:03:02 Pacific

Reply:

You can have a look for yourself (it's always good to understand my means). Just look up this line in Google:
C:\WINDOWS\System32\atmclk.exe
A good explanation of this virus is here
or at the link I got you to download Prevx.

Proud member of Alliance of Security Analysis Professionals since 2005. ASAP

Sponsored Link

Ads by Google

LiveDrvPack.exe (SBLW-XPWEB-W3-US) via raid controller 3149 www.limewire.com choice.com winxp palm hotsync error palm hotsync driver wmiapsrv.exe sndvol32.exe download alliance at3d powerdvd 8876086A	popup virus remote downlevel document sndvol32.exe download sndvol32.exe download sndvol32.exe download CS4280-CM sndvol32.exe hp quick launch buttons durabrand tv remote codes newstar universal tv remote
See More

Had some viruses... NEED ...

Spyware worm

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: popup virus

Network adminitrator popup virus

Summary

www.computing.net/answers/security/network-adminitrator-popup-virus/13882.html

Google redirect popup virus

Summary

www.computing.net/answers/security/google-redirect-popup-virus/25205.html

Popup Virus

Summary

www.computing.net/answers/security/popup-virus/13871.html

From the Geek Dictionary
lesbian - It is a term used to describe sexual and romantic desire between females.

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 2 Days.
Discuss in The Lounge
Poll History

Recent Posts
self deleting script

My laptop has gone black and frozen while try

user profile cannot load

Excel Cell updating

no cd/dvd operation after Win 7 installation

All Awaiting Reply

Tom's News
New Super Mario Bros. Wii Looks Great in 1080p

Parents Pull Girl's Tooth, Scares Cat With RC Car

Xbox Live Marketplace Getting Pets

Snoop Dogg Lends His Voice to GPS Navigation

Roomba Saves Family From Poisonous Snake

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE