Scanned with Ewido and got rid of what is listed in the attached report. Then scanned with Bit Defender and it didn’t find anything.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:36 AM, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Some of the things listed there are interesting like Photoshop, MSN Messenger, Norton Internet Security, AIM Toolbar, PeoplePC Online ( :-)and Bit Torrent. All of which I got rid of a long time ago and do not want. I know it’s unrelated but
that bit-defender did NOT find anything is really good news
I could not read your first EWIDO log
did it find anything besides cookies?
did it safely quarantine or deal with anything it did find?
was there anything that it found it could not deal with?
Perhaps Polonus can look at your HJT
I’ll be out for a couple of hours
those files were baddies and if they are gone - something got them - good
do you have the paths to any IST files left- if any
Follow these directions to download the Norton Removal Tool and run it to remove the above programs.
Click on the following link to download the Norton removal tool
Close all Norton Application windows you may have open, and double-click on Norton_Removal_Tool.exe to start the removal tool. Windows Vista users will have to right-click on the file and select “Run as Administrator”
After the removal tool finishes, you should be prompted to restart your computer.
Once the computer restarts, your Norton product should be uninstalled.
Extra Optional Steps
Open My Computer, double-click on Drive C
Double-click on Program Files
Look for any Norton or Symatec product folders that remain. Right-click on them and choose Delete. Also look in the Program Files\Common Files for the Symantec Shared folder and delete it
Your hjt analysis showed the following:
A newer version of service pack is available. Service packs increase the safety of your system. Visit Microsoft’s windowsupdate site to download the newest version of the service pack.
We didn’t detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don’t use any firewall at all.
We recommend you to use a firewall. Download and install one or activate windows xp´s own one. In case you got questions or you want us to add the firewall you use to our database, contact us at our forum.
You could fix the following items:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O4 - HKCU..\RunOnce: [FFTI] C:\Documents and Settings\Lorna\Application Data\Mozilla\Firefox\Profiles\li5lgnoc.default\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT
/SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Lorna\Application
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
If the following is not there ebcause of your provider fix as well:
O14 - IERESET.INF: START_PAGE_URL=http://mirs.peoplepc.com/?offername=PeoplePC Online Accelerated&userName=irulenifleheim&firstName=Lorna&qs=NAIMPNDNPMOHKBHBGMINDLONHHPJEDLMMFGFLBABAMPICPFDKAHJNCCPHAICOCJDMPMOHGPKEDNJPCEEJKGOOKAMKELPKDBBEMBLPAIEDCLLIDELEMJHNLCHNODCJLDF|FCEKNKBDDGNMCNOPADEEAAG
Now after you have seen into that, I’d like you to download silent runners from here: http://silentrunners.org/Silent%20Runners.vbs
Let it fully run out on your computer, and post the results.txt as an attachment to your next posting
that bit-defender did NOT find anything is really good news
I could not read your first EWIDO log
did it find anything besides cookies?
did it safely quarantine or deal with anything it did find?
was there anything that it found it could not deal with
There were two others aside from the cookies:
Name: Adware.WhyPPC
Path: HKU\S-1-5-21-1123561945-1275210071-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A8FB8EB3-183B-4598-924D-86F0E5E37085}
Risk: Medium
Name: Downloader.IstBar.ja
Path: C:\data
Risk: High
I did a quick scan on my computer with MWB and SAS. The former found my system to be clean, whereas the latter still picked up the cookies. I just had them quarantined and removed just now.
Your hjt analysis showed the following:
A newer version of service pack is available. Service packs increase the safety of your system. Visit Microsoft's windowsupdate site to download the newest version of the service pack.
We didn't detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don't use any firewall at all.
We recommend you to use a firewall. Download and install one or activate windows xp´s own one. In case you got questions or you want us to add the firewall you use to our database, contact us at our forum.
let’s ask poponus about
Downloader.IstBar.ja
when he looks at your startup log
this is not a new baddie so I am surprised that most do not detect
perhaps it was packed with something that only BD unpacks
A-Squared anti trojan detected years ago
I would think that BD nuked it if asked
The info on this new baddie: http://spyware.processlibrary.com/details/SpyName/Trojan-Downloader.IstBar.ja/
Also you can distill the manual removal instructions from the aforementioned link, make sure you print the removal instructions out, so you can meticulously tackle these one by one,
SAS came with a complete new program just a minute ago, download it and scan
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
I just scanned and the Downloader.IstBar.ja is gone. However, I still am encountering “adware tracking cookies” each time.
you just scanned with what?
anyway if you go to the uniblue website and in the middle of the page click on
files modified
and
registry entries
check em out and make sure they are gone
do not run uniblue tool unless asked
I’m going to try the new version of SAS
I suggest you do the same
tracking cookies will reappear unless you lock down your browser to minimise
I block third party tracking cookies
I can’t see this whole thread but
secunia software inspector needs to be done sometime
and the HOSTS file suggestion by YoKenny is a real winner
Polonus may want you to post a HJT- we’ll deal with that later
We need to talk prevention now that the firefighting is under control
I downloaded from http://www.mvps.org/winhelp2002/hosts.htm. However, I am not quite sure I know how this program works. If you could explain it to me. Do I actually do anything with it? Like, run it or something? Otherwise, could you instruct me on how to take it off because the instructions on how to do so are over my head. Sorry.
you just scanned with what?
anyway if you go to the uniblue website and in the middle of the page click on
files modified
and
registry entries
check em out and make sure they are gone
do not run uniblue tool unless asked
I’m going to try the new version of SAS
I suggest you do the same
*tracking cookies will reappear unless you lock down your browser to minimise
I block third party tracking cookies
I can’t see this whole thread but
secunia software inspector needs to be done sometime
and the HOSTS file suggestion by YoKenny is a real winner
Polonus may want you to post a HJT- we’ll deal with that later
We need to talk prevention now that the firefighting is under control
Sorry for not being specific; I scanned with the new SAS. I just got done with updating the programs listed from Secunia. Also, earlier I posted a HJT which was taken care of.
Tracking cookies are a waste of time and effort even bothering with (I disable this option in the SAS Preferences), they aren’t a security issue, but if anything a minor privacy issue. Many sites place cookies and most would be classed as tracking as they retain details about your activity (on the site that set the cookie). The don’t gather information on other sites you visit and other sites can’t access the cookies of other sites.
I never allow third party cookies, ones set by other than the site you are visiting, but you may find it difficult browsing some sites if you block cookies completely. Firefox and other browsers should allow for the blocking of third party cookies. You should however, periodically clear out your browser cache (temp internet files), internet history and cookies, etc.
After you have downloaded the zip file to a Download Folder not your Desktop as this will clutter up you Desktop with un-needed files then go to the un-zipped Folder and run the mvps.bat file to add the HOSTS file in the correct place.
Tracking cookies are a waste of time and effort even bothering with (I disable this option in the SAS Preferences), they aren't a security issue, but if anything a minor privacy issue. Many sites place cookies and most would be classed as tracking as they retain details about your activity (on the site that set the cookie). The don't gather information on other sites you visit and other sites can't access the cookies of other sites.
I never allow third party cookies, ones set by other than the site you are visiting, but you may find it difficult browsing some sites if you block cookies completely. Firefox and other browsers should allow for the blocking of third party cookies. You should however, periodically clear out your browser cache (temp internet files), internet history and cookies, etc.
Alright, thanks. That is helpful. I’ll keep that in mind
Alright, that all done. Thanks. Though how might I get rid of it if I do not want it anymore?
Alright, that all done. Thanks. Though how might I get rid of it if I do not want it anymore?
You are welcome.
After you use it for a while I hope that you realize that not only does the HOSTS file prevent tracking cookies but if you use the ones I recommend then they prevent your system from getting infected with malware that some of the entries prevent you getting to.