Winantivirus Pro 2007 Pop Up Rem-

Original Message

Name: tarnold
Date: August 12, 2007 at 07:55:46 Pacific
Subject: Winantivirus Pro 2007 Pop Up Rem-
OS: winxp
CPU/Ram: p4 3.0 / 1.5 gig ram
Model/Manufacturer: started as a gateway

Comment:

I am getting the pop up from winantivirus pro 2007 i have followed some of the help topics with others. I will post the hijack log when requested

Report Offensive Message For Removal

Response Number 1

Name: XpUser4Real
Date: August 12, 2007 at 08:11:19 Pacific
Subject: Winantivirus Pro 2007 Pop Up Rem-

Reply: (edit)

http://www.spywareremove.com/remove...
I wouldn't use SpyHunter, the manual removal is listed on that link.
Some HELP in posting on Cnet plus free progs and instructionsPlease Post Results

Report Offensive Follow Up For Removal

Response Number 2

Name: smifff
Date: August 12, 2007 at 08:47:15 Pacific
Subject: Winantivirus Pro 2007 Pop Up Rem-

Reply: (edit)

Hi tarnold
Go to Here Download RogueRemover, WinAntivirus pro 2007 is on it's list of targeted programs
If any advice helps, please post back as it might help others.

Report Offensive Follow Up For Removal

Response Number 3

Name: tarnold
Date: August 12, 2007 at 14:09:59 Pacific
Subject: Winantivirus Pro 2007 Pop Up Rem-

Reply: (edit)

Could not find anything when i went through the steps on the spyhunter manual removal. RogueRemover did not find anything.

Report Offensive Follow Up For Removal

Response Number 4

Name: ScoobyDoo
Date: August 12, 2007 at 17:58:05 Pacific
Subject: Winantivirus Pro 2007 Pop Up Rem-

Reply: (edit)

Run Sysprotect Remover ...from this link:
http://groups.msn.com/FreewareandSh...
This type of infection is usually also associated with Vundo infection.
from the same link above run Vundofix and then Combofix fromt he following link:
http://groups.msn.com/FreewareandSh...

Finish with an online scan.
BitDefender : http://www.bitdefender.com/scan8/ie...

Keep the logs created by combofix and vundofix and make a bitdefender report when the scan finishes. We may need to look at those ...

Report Offensive Follow Up For Removal

Response Number 5

Name: tarnold
Date: August 16, 2007 at 08:10:51 Pacific
Subject: Winantivirus Pro 2007 Pop Up Rem-

Reply: (edit)

C:\System Volume Information\_restore{F3D5924C-A084-4A3A-8FEB-F92A8A0C1F94}\RP280\A0094440.exe=>(CAB Sfx r)=>VVSN.exe

Infected with: Generic.Adw.SaveNow.56AD4696
other files were infected with
Infected with: Trojan.Dloader.ALC
and
Detected with: Application.JS.ForcePopup.D
and

Infected with: Packer.PESpin.A
bitdefender found that, i thought using avg was good enough but i guess not.
Vundofix and combofix came back clean
combofix file
Fix 07-08-09.3 - "Owner" 2007-08-16 10:00:52.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.905 [GMT -5:00]

((((((((((((((((((((((((( Files Created from 2007-07-16 to 2007-08-16 )))))))))))))))))))))))))))))))

2007-08-12 22:14 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-08-12 21:51 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-12 16:46 <DIR> d-------- C:\Program Files\OzoneSoft
2007-08-12 16:07 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-08-12 11:12 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\URSE Games
2007-08-12 10:42 <DIR> d-------- C:\Program Files\Alawar
2007-08-12 10:42 <DIR> d-------- C:\My Games
2007-08-12 10:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AlawarGameBox
2007-08-12 09:32 <DIR> d-------- C:\VundoFix Backups
2007-08-09 12:12 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2007-08-09 11:53 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-08-09 11:53 <DIR> d-------- C:\WINDOWS\nview
2007-08-09 11:51 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-08-06 18:17 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Eyeblaster
2007-08-02 19:41 <DIR> d-------- C:\DOCUME~1\Mom\APPLIC~1\Image Zone Express
2007-08-01 13:10 <DIR> d-------- C:\Program Files\MTV Networks
2007-08-01 12:14 <DIR> d-------- C:\Program Files\Opcode Digital Ltd
2007-07-26 16:00 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\DisplayTune
2007-07-26 15:56 62,009 --a------ C:\WINDOWS\system32\WPFB.DLL
2007-07-26 15:56 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2007-07-26 15:56 17,465 --a------ C:\WINDOWS\system32\drivers\pivot.sys
2007-07-26 15:56 15,920 --a------ C:\WINDOWS\system32\drivers\PdiPorts.sys
2007-07-26 15:56 11,776 --a------ C:\WINDOWS\system32\drivers\pdiddcci.sys
2007-07-26 15:56 11,323 --a------ C:\WINDOWS\system32\drivers\pivotmou.sys
2007-07-26 15:56 <DIR> d-------- C:\Program Files\Portrait Displays
2007-07-26 15:55 974,848 --a------ C:\WINDOWS\mfc70.dll
2007-07-26 15:55 95,744 --a------ C:\WINDOWS\atl80.dll
2007-07-26 15:55 69,632 --a------ C:\WINDOWS\mfcm80.dll
2007-07-26 15:55 626,688 --a------ C:\WINDOWS\msvcr80.dll
2007-07-26 15:55 57,344 --a------ C:\WINDOWS\mfcm80u.dll
2007-07-26 15:55 548,864 --a------ C:\WINDOWS\msvcp80.dll
2007-07-26 15:55 487,424 --a------ C:\WINDOWS\msvcp70.dll
2007-07-26 15:55 479,232 --a------ C:\WINDOWS\msvcm80.dll
2007-07-26 15:55 372,736 --a------ C:\WINDOWS\ijl15.dll
2007-07-26 15:55 344,064 --a------ C:\WINDOWS\msvcr70.dll
2007-07-26 15:55 1,392,671 --a------ C:\WINDOWS\msvbvm60.dll
2007-07-26 15:55 1,093,632 --a------ C:\WINDOWS\mfc80.dll
2007-07-26 15:55 1,079,808 --a------ C:\WINDOWS\mfc80u.dll
2007-07-26 15:55 <DIR> d-------- C:\Program Files\Common Files\Portrait Displays
2007-07-19 10:11 <DIR> d-------- C:\Program Files\CCleaner

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-15 22:32 52449 --a------ C:\WINDOWS\system32\tablet.dat
2007-08-12 18:09 329 --a------ C:\WINDOWS\Vue 6 xStream.reg
2007-08-09 1rogram Files\InstallShield Installation Information
2007-08-06 1OCUME~1\Owner\APPLIC~1\DivX
2007-08-01 1rogram Files\Blaze Media Pro
2007-08-01 12:38 7228 --a------ C:\WINDOWS\mozver.dat
2007-07-26 2OCUME~1\Owner\APPLIC~1\Juniper Networks
2007-07-26 1rogram Files\Gateway
2007-07-25 0rogram Files\Yahoo!
2007-07-19 01:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 18:31 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-09 2rogram Files\QuickTime
2007-07-09 2rogram Files\Apple Software Update
2007-07-04 2rogram Files\Mozilla Thunderbird
2007-07-04 1rogram Files\Microsoft ActiveSync
2007-07-04 1rogram Files\ZIO
2007-07-03 12:33 6912 --a------ C:\WINDOWS\nvoclock.sys
2007-07-03 12:32 397312 --a------ C:\WINDOWS\ntuneoem.dll
2007-07-03 12:32 1622016 --a------ C:\WINDOWS\NVBenchMarks.dll
2007-07-03 12:31 28672 --a------ C:\WINDOWS\AutoTuneScript.dll
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6807328 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-06-29 00:43 6807328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll
2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin
2007-06-27 09:34 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 09:34 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 09:34 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 09:34 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 09:34 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 09:34 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 09:34 44544 --a--c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 09:34 384512 --a--c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 09:34 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 09:34 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 09:34 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 09:34 232960 --a--c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 09:34 230400 --a--c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 09:34 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 09:34 153088 --a--c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 09:34 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 09:34 124928 --a--c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 09:34 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 09:34 105984 --a--c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 09:34 102400 --a--c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 03:27 63488 --a--c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 03:27 625152 --a--c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 03:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 02:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 01:08 1104896 --a--c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 20:45 290 --a------ C:\WINDOWS\Vue 5 Infinite.reg
2007-06-24 2rogram Files\Trillian2
2007-06-20 2OCUME~1\Owner\APPLIC~1\Google
2007-06-20 2rogram Files\Google
2007-06-20 1rogram Files\Trillian
2007-06-19 1rogram Files\GameHouse
2007-06-19 08:31 282112 --a--c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-18 18:17 44 --a------ C:\WINDOWS\popcinfo.dat
2007-06-13 05:23 1033216 --a--c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-11 23:51 10834944 --a--c--- C:\WINDOWS\system32\dllcache\wmp.dll
2007-06-06 11:28 577536 --a------ C:\WINDOWS\system32\EbAdServingT25.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 19:07 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-07-25 13:47 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-07-25 13:47 C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [2005-07-25 13:47 C:\WINDOWS\ALCMTR.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 19:55]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"PivotSoftware"="C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 12:17]
"DT GWY"="C:\Program Files\Gateway\EzTune\DTHtml.exe" [2007-03-20 10:10]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 20:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-20 20:17]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:44]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 12:57:16]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2006-08-18 20:53:17]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TXP]
c:\program files\topthemesxp\txp.exe
R0 PenClass;Pen Class;C:\WINDOWS\system32\Drivers\PenClass.sys
R1 Pivot;Pivot;C:\WINDOWS\system32\drivers\pivot.sys
R2 DS1410D;DS1410D;\??\C:\WINDOWS\system32\drivers\ds1410d.sys
R2 Hardlock;Hardlock;\??\C:\WINDOWS\system32\drivers\hardlock.sys
R2 Sentinel;Sentinel;C:\WINDOWS\system32\Drivers\SENTINEL.SYS
R3 NVR0Dev;NVR0Dev;\??\C:\WINDOWS\nvoclock.sys
R3 PdiPorts;Portrait Displays low level device driver;C:\WINDOWS\system32\Drivers\PdiPorts.sys
R3 pivotmou;Pivot Mouse/Pointers Filter Driver;\??\C:\WINDOWS\system32\drivers\pivotmou.sys
S3 pdiddcci;DDC/CI monitor;C:\WINDOWS\system32\DRIVERS\pdiddcci.sys
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys
S3 Sntnlusb;Rainbow USB SuperPro;C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\system32\DRIVERS\usb8023x.sys
S3 usbcm;USB Cable Modem 351000 NDIS Driver;C:\WINDOWS\system32\DRIVERS\usbcm.sys
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld

Contents of the 'Scheduled Tasks' folder
2007-06-12 23:58:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-16 10:11:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-16 10:12:59
C:\ComboFix-quarantined-files.txt ... 2007-08-16 10:11
C:\ComboFix2.txt ... 2007-08-12 22:09
--- E O F ---

Report Offensive Follow Up For Removal


Winantivirus Pro 2007 Pop Up - remo PLEASE HELP Winantivirus Pop-ups wierd pop ups and redirect WinAntiVirus Pro 2007 Fricken POP-UPS	Klone virus WinAntiVirus & Other Pop-Ups Winantivirus pop up problem winantivirus pro popup winantivirus pop-up

Response Number 6

Name: Matthewitt
Date: August 18, 2007 at 05:53:01 Pacific
Subject: Winantivirus Pro 2007 Pop Up Rem-

Reply: (edit)

I had this bothering me and whilst removing Vundo and Virtumonde it suddenly appeared and was cleared by Spybot. Look at this post.
http://www.computing.net/security/w...

Report Offensive Follow Up For Removal