ran Vundo and Qoofix. nothing found. attached are the vundofix, hjtscan run after Vundo and hjtscan run after Qoofix text files. i'll be waiting to hear from you.
thank you for all of your efforts.
Junior Member
ran Vundo and Qoofix. nothing found. attached are the vundofix, hjtscan run after Vundo and hjtscan run after Qoofix text files. i'll be waiting to hear from you.
thank you for all of your efforts.
Administrator
Dang! Still there. One thing, your Java is WAY out of date.
Go here and download the latest version which is version 6 update 3. Choose the offline install which is the second one down. Save it to the desktop for easy location.
Go Offline.
Go to Add/Remove and uninstall all instances of Java you find there.
Once you have uninstalled all older versions then install the new one you just downloaded. After that is installed then go back online and go here
to verify the installation was complete.
After you have done that then do the following;
Note:
- Download this file - combofix.exe
- Double click combofix.exe & follow the prompts.
- When finished, it will produce a log for you. Post it back here.
- Do not mouseclick combofix's window while it is running. That may cause it to stall.
Junior Member
Here is the log file after running ComboFix.
I checked the Java version via their website. I was already up to date with Version 6 / update 3.
Administrator
Did you remove all those old versions found by the Vundo Fix program?
Java version 1.5.0.3
Java version 1.5.0.5
Java version 1.5.0.6
Java version 1.5.0.9
Java version 1.5.0.10
Java version 1.5.0.11
They all are still on the machine unless you just removed them, if you didn't then you should. I am still going through the combofix log
High-Voltage Messiah
I'm in Ohio - right near OSU. Have been a long-suffering Phillies fan for 30+ years. I think they will indeed build on this season's success. If there is a silver lining to the season, it is that the Rockies proved that a team in that kind of stadium/atmosphere or whatever you want to call it can reach the series. The Phils are in the same sort of boat with the new ballpark being such an offensive mecca....Originally Posted by hipp2112
--- Anyhoo, regarding your "malware" - I am not sure you have a real baddie. I wonder if it is not something a bit on the "grey" side that you or somebody else installed recently?
For example, I see that you have stopped QuickSweeper from running via msconfig. It is mild adware:
http://www.spywareresources.com/thre...threatid=44396
So, I wonder if there is anything else along those lines? Perhaps you could get us a Startup List or and Uninstall List? (Judy - SPD's scanner should do the trick here).
It looks through WhoIs that your compy is trying to connect to a legit ad site in California (most we tend to run into head straight for the Ukraine, lol) and that would indicate to me an adware bundler such as that QuickSweeper......
I think the problem is hiding in plain sight as a "legitimate" app. Just my $.02
Best Luck
PP
Administrator
I agree totally with PP that QuickSweeper is the only thing I see in the combofix log.
Run HJT again but this time first get a Start Up listing;
In order to do this go into the Config option when you start HijackThis and then click on the Misc Tools button at the top.
You will then click on the button labeled "Generate StartupList Log"
Once you click that button, the program will automatically open up a notepad filled with the Startup items from your computer. Copy and paste these entries into a message and submit it.
Next we will want an Uninstall List.
To access the Uninstall Manager you would do the following:
click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that here also.
- Start HijackThis
- Click on the Config button
- Click on the Misc Tools button
- Click on the Open Uninstall Manager button.
Judy
Junior Member
I have just uninstalled those versions of Java as suggested. I neglected to do so earlier.
I have also gone through the startup list in msconfig and stopped 2 3rd party apps, one at a time and rebooted after each, that this user installed and is running. After both reboots, this process/file continues to show up.
I'm heading out for the day, soccer practice, but will do these latest steps first thing in the a.m.
As always, thank you Judy and PP for your continued and unrelenting help with this.
Scott
High-Voltage Messiah
We are happy to try to help
Obviously there is some "parent" program that is creating these .exes in the TEMP folder. The thing is, if this were a malware program behind the temp .exes, it ought to show in the ComboFox log - very likely as a recent addition. The fact that nothing obvious stands out leads me to believe it to be bundled with a legitimate app.
-- You might consider installing Process Explorer ( I use it instead of Task Manager) and use it to investigate the random running process a bit further.
http://www.microsoft.com/technet/sys...sexplorer.mspx
*** Judy will be gone over the weekend - I am here off and on these days as time permits, but will try to follow up as best I can. I really do not think this is any sort of major problem calling for drastic action - just a real PITA to track the source of the adware!
Best
PP
Last edited by PhilliePhan; 10-25-2007 at 11:32 PM. Reason: Judy gone for weekend
Junior Member
I agree that it appears to be bundled with a legit app. Thing is we aren't sure when this started but when it was found, the user indicated nothing was installed around the time we noticed it. This user is very computer savvy and is not one to install anything haphazardly. Instead of listing the contents of the StartupList and Uninstall Manager, I am attaching them to this post. I am also attaching another HJT scan.
I suppose I can disable all startup programs via msconfig to see if this makes a difference and enable them one at a time if it appears one of these is the cause. Like I said earlier, I've already done this with 2 programs, WordWeb and Timex Datalink USB, but it didn't make a difference.
I will run ProcessManager that PP suggested and will be waiting for further instruction or ideas.
Scott
Junior Member
Quick question that is slightly off subject. Have you heard of a product called Powersuite 2007 by Spotmau? there was a link to this on nliteos.com and was curious.
Thanks.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote
