PDA

View Full Version : Anti-spyware forum


[n00b]Zippy
17-Oct-2004, 18:39
For one reason or another I see a lot of PCs that are choked with spyware and adware and various other dodgy programs. For instance I just got someone in the rats forum with a little nasty that I found by him using the HijackThis tool and posting the log in the rats forum.

Now - I think HijackThis is a great little tool for identifying stuff you don't want on your PC, but it's not really for the average user as you have to know what is what in the log that it produces. Spyware and adware is becoming an increasing problem and to avoid these problems clogging up the other forums, should we have a separate one where people can post long task lists, directory listings, logs etc?

Eja Cool8
17-Oct-2004, 18:40
Adaware SE? :)

Murasame
17-Oct-2004, 19:11
the dicussions have started already :P, yea would be quite useful for those bloody annoying bugs that keep on appearing that hijackthis and adaware cant seem to get rid of, maybe a virus/spyware forum would be better, as you can warn people about various things?

Fulmineus
17-Oct-2004, 19:27
You mean you want a "Shit my computer's broke" forum?

ProfLiebstrom
17-Oct-2004, 19:32
zippy mind checking my hijack this log too :x

Logfile of HijackThis v1.97.7
Scan saved at 19:33:04, on 17/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\NNScript\mirc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
D:\Program Files\Steam\Steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Scott.HOME\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.FreeOnlineGames.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1224BD74-F586-4C9C-9BE3-56E68E22F843} - C:\Program Files\BrowserVillage\SideBarBHO.dll (file missing)
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\Ashampoo WinOptimizer Platinum Suite\PopUp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - C:\Program Files\404Search\404Search.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: UD Agent.lnk = D:\Program Files\United Devices\UD.EXE
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: BrowserVillage (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9717.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.burj-al-arab.com/flashcab/ipix/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092999909843
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toontown.com/download/sv1.0.13.21/ttinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

GroovYF
17-Oct-2004, 20:07
Tick:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.FreeOnlineGames.com
O2 - BHO: (no name) - {1224BD74-F586-4C9C-9BE3-56E68E22F843} - C:\Program Files\BrowserVillage\SideBarBHO.dll (file missing)
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\Ashampoo WinOptimizer Platinum Suite\PopUp.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - C:\Program Files\404Search\404Search.dll (file missing)
O9 - Extra button: BrowserVillage (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.burj-al-arab.com/flashcab/ipix/ipixx.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toontown.com/download/sv1.0.13.21/ttinst.cab

Then Fix it.

And here's a link about that BrowserVillage you have on your PC too:
http://www.giantcompany.com/antispyware/research/spyware/spyware-BrowserVillage-Toolbar.aspx

Jay77
17-Oct-2004, 20:15
I use pest patrol find it quite good at catching stuff that adaware can't pus it has a cookie watcher and can sort out most cookies

[n00b]Zippy
17-Oct-2004, 20:25
Groovy beat me, but yes, in essense an "oh noes my computer's broken" forum.

Hacks me off to see so much crap getting onto people's machines without their knowledge and I wouldn't mind doing my bit to help those in the community who are less computer savvy than I and many others on these boards am/are.

ProfLiebstrom
17-Oct-2004, 20:27
cheers groovy. i knew i had some crap. didnt know which was crap and which wasnt though :p

EvilGrin
17-Oct-2004, 20:29
back to the forum idea...

Can we mush Spyware, Viruses and Firewalls together somehow under a general 'Computer Security' kind of forum? Is there enough to go on there, or is the overlap too great with the software and the internet forums?

GroovYF
17-Oct-2004, 20:31
BHO's (or Browser Helper Objects) are ones to be wary of. Most people have MyWebSearch, MyWaySearch, etc which can be real buggers to fully remove.

If in your list of BHOs you have anything other that Google/Acrobat/MSN and a couple of other well known (safe) names you can be fairly confident in removing them.

GroovYF
17-Oct-2004, 20:32
Computer Security sounds a good catch-all name for a forum.

ProfLiebstrom
17-Oct-2004, 20:39
computer security sounds good.

hardware if you spill booze on your mobo

software if you cant get bloody steam to work

security if you have any sort of microsoft product on your pc/adware/spyware

[n00b]Zippy
17-Oct-2004, 20:47
If we gave it an (I'm not sure of the right word here) informal sort of atmosphere it might encourage less-tech people to post there. I'm a programmer but some of the stuff that gets talked about in the hardware forums frankly goes right over my head, so I don't feel comfortable posting "errr...what exactly *is* a mobo?" there ;)

That and the fact that we're bound to get people whose home page is donkeypr0n.com :lol:

blurr
17-Oct-2004, 21:17
how about merging it with the software forum?

Ruddles
17-Oct-2004, 21:31
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
+
http://www.lafn.org/webconnect/mentor/startup/PENINDEX.HTM
+
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm
+
www.google.co.uk
*
lots of time
=
Clean PC

GroovYF
17-Oct-2004, 21:33
I'd add tcpview to that list above (also from sysinternals site)

Bilbo Fraggins
17-Oct-2004, 21:36
Call it 'IT Security'
Sounds posher :P

EvilGrin
18-Oct-2004, 00:17
What do the powers that be say though? :)

blurr
18-Oct-2004, 00:26
Just add it to the software fourm. Tag it on, surely theres no need for another forum for IT security? It'll be like having an additional forum for the hardware section on overclocking or something silly?

EvilGrin
18-Oct-2004, 00:46
What? You mean like a forum for Graphics cards? Oh wait...

blurr
18-Oct-2004, 00:54
point is... there are already posts on there about MS updates (security), Spam filters , Firewalls, Anti-virus and the like already on there. Is there a need to seperate it from that forum?

EvilGrin
18-Oct-2004, 00:56
I don't know. Is the software forum getting overly clogged up with such threads to the detriment of others? If it is, there's obviously demand.

Regardless, its up to the mods. :)

blurr
18-Oct-2004, 00:58
I see where you're coming from :) just I personally think it would be easiler to just tag it on to the software forum, ie Software + IT Security or something like that

EvilGrin
18-Oct-2004, 01:00
Security is certainly a big enough subject to warrent its own forum. Its just if there's sufficent demand. It's a bit of a catch-22 as there's no way to guage the demand until you've created the forum....

blurr
18-Oct-2004, 01:01
I'm presuming if you're including hardware firewalls and such, then yes it would be warrented, as that wouldn't come under software neither would it come under internet connections... and probably not hardware either.

LordDefendA
18-Oct-2004, 01:08
security is a wider subject than just spyware. It could include firewalls, anti-virus software, etc.

[n00b]Zippy
18-Oct-2004, 11:57
Just found this article:

http://www.financialexpress.com/fe_full_story.php?content_id=71662

According to Dell, in 2003 1-2% of support calls were spyware related, a year later, it's up to 20%. They reckon it infects 90% of all machines :o

GroovYF
18-Oct-2004, 11:59
Ouch, that's quite a jump. But easy to understand

EvilGrin
18-Oct-2004, 12:53
Zippy isn't the old guy who can decipher hijackthis logs either :)

velvet
19-Oct-2004, 23:13
For now I'd like to try just utilising the software forum for this, it is now renamed...

Software & Security (http://www.trickery.net/bb/viewforum.php?f=28)

GroovYF
19-Oct-2004, 23:17
Nice one :)