Virus Peper Trojan Popups problems

Computing.Net > Forums > Security and Virus > Virus Peper Trojan Popups problems

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Virus Peper Trojan Popups problems

Name: muimui
Date: January 19, 2004 at 22:54:58 Pacific
OS: XP
CPU/Ram: 1.3

Comment:

Hi,
I found that everytime I open the IE browser there's a pop up advertisment. I tried Ad-ware, spybotsd to solve but the problem still exists.
I tried hijack this and try to delete some of those which are suspicious.
I even try to figure out whether it's the problem of Peper Trojan and did all the suggestion procedure but after I reboot my pc, there's still popup.
One more thing when I disconnect my internet, there's a pop up like 'network connection' and the message is like from mn.delfinexxx...stuff like that, what's that and how can I remove those?
Here's my updated hijackthis log.
Anything help would be appreciated.
Thanks!
Logfile of HijackThis v1.97.7
Scan saved at 1:30:28 AM, on 1/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\ICO.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\WINDOWS\System32\Pelmiced.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\pgtools\tatss.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\ICQ\ICQ.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\AproposClient\Apropos.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\SONY\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\AproposClient\AproposPlugin.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AutoUpdater] C:\PROGRA~1\AUTOUP~1\AUTOUP~1.exe
O4 - HKLM\..\Run: [Tat] C:\WINDOWS\system32\pgtools\tatss.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\ICQ.exe -trayboot
O4 - Global Startup: PowerPanel.lnk = ?
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/sbcy/yinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E841CF8-B6A5-4BD2-A266-128DF2F63DAE}: NameServer = 67.36.13.26 66.73.20.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E841CF8-B6A5-4BD2-A266-128DF2F63DAE}: NameServer = 67.36.13.26 66.73.20.40

Sponsored Link

Ads by Google

Response Number 1

Name: mark2a
Date: January 19, 2004 at 23:32:42 Pacific

Reply:

Hi muimui
The good news , no sign of peper.
However you need to have Hijackthis fix the following by putting a tick in the box next to them and hitting the 'Fix Checked' button, after closing all browser and explorer windows (or the fix may not be successful).
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\AproposClient\AproposPlugin.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O4 - HKLM\..\Run: [Tat] C:\WINDOWS\system32\pgtools\tatss.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
Reboot into safe mode and find and delete the following files/folders
C:\Program Files\ AproposClient <-----folder
C:\PROGRAM FILES\ INCREDIFIND <-----folder
C:\WINDOWS\system32\pgtools\ tatss.exe <----file
C:\Program Files\Common Files\Dpi\ dpi.exe <---- file

To make sure none of them elude you due to being hidden, make sure to show hidden/system files. How to show hidden/system files: http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Post back with any further problems.

Response Number 2

Name: muimui
Date: January 20, 2004 at 00:07:51 Pacific

Reply:

Hi,
I have a stupid question. I tried to go to the safe mode by pressing F8 after restart my pc but I failed to enter the safe mode?!?
Thanks again.

Response Number 3

Name: mark2a
Date: January 20, 2004 at 00:23:29 Pacific

Reply:

Did you get the safe mode options screen?
were you tapping F8 or just press once?
Once we have cleaned this up you NEED to visit windows update site for CRITICAL updates.

Response Number 4

Name: carriedcall
Date: January 23, 2004 at 14:49:59 Pacific

Reply:

how do I show the list so you can help me remove the spyware and ad pop ups?

Sponsored Link

Ads by Google

dpi problem mx518 update hijackthis sony hotkey utility vista	trojan.popuper sony hotkey utility mirc problems on auto [1] infected with virus or trojan
See More

Download.trojan virus

HijackThis Log annoyance

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Virus Peper Trojan Popups problems

E_s4i2g1 possible peper trojan?

Summary

www.computing.net/answers/security/es4i2g1-possible-peper-trojan/9971.html

possible peper trojan/help please

Summary

www.computing.net/answers/security/possible-peper-trojanhelp-please/9203.html

peper trojan - where is it from?

Summary

www.computing.net/answers/security/peper-trojan-where-is-it-from/8157.html

From the Geek Dictionary
mac - A computer built and sold by Apple.

Ask a Question!

Weekly Poll
Do you believe in Video Game Addiction?

Poll Finishes In 4 Days.
Discuss in The Lounge
Poll History

Recent Posts
ntuser video cd movie

display problem

VPNs on Campus

One of my Intel Core 2 Quad Processor Cores H

"No H.D.D detected!"

All Awaiting Reply

Tom's News
Commodore 64 Emulator Returns to App Store

Check Out the Homemade Portable GameCube

Apple Working on "World Mode" iPhone

EA: Single-Player A Thing of the Past

Yahoo Officially Lands on China's Porn List

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE