I read through some of your other forum topics and I have the ads1.revenue.net bug. Well had it or something yesterday I woke up with 67 popups on my desktop but today i woke up with none. Here is my hjt log after I completed what you told others to do in my situation. Can you please tell me If I missed anything?
Thanx!
certy!
p.s. Also I believe My internet is running really slow now like it takes a long time for some pages to close and open and even if the page closes it stays on my task bar for a few seconds.
I believe I got infected when I tried to install a battlefield 2 no CD crack...
battlefield 2 no cd crack.exe 3117 KB
-------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:16:31 AM, on 8/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\D-Tools\daemon.exe
F:\program files\valve\steam\steam.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
G:\Software\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [IAAnotif] F:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "f:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "G:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [shell32] F:\WINDOWS\system32\shell32.exe
O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Steam] "f:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [FastInternet] "F:\Program Files\AceLogix\Fast Internet\FastInternet.exe /Q"
O4 - Global Startup: ATI CATALYST System Tray.lnk = F:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://F:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120459431953
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partner...ler/install.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O23 - Service: Apache - Unknown owner - G:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - F:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
1
ads1.revenue.net piece of carp!
Started by certy, Aug 16 2005 11:26 AM
2 replies to this topic
#2 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 16 August 2005 - 08:41 PM
Well you have a virus here:
O4 - HKLM\..\Run: [shell32] F:\WINDOWS\system32\shell32.exe
http://www.processlibrary.com/directory/fi...ell32/index.php
I see that you do not have an antivirus running. That will be our first try to remove it.
please download AVG antivirus(free) and update the database and do a full system scan. Let me know if it removes anything and if it does than post a new hijack this log. If it does not than we will have to try something else.
AVG Antivirus (Direct Link)
http://free.grisoft.com/softw/70free/setup...ree_338a597.exe
O4 - HKLM\..\Run: [shell32] F:\WINDOWS\system32\shell32.exe
http://www.processlibrary.com/directory/fi...ell32/index.php
I see that you do not have an antivirus running. That will be our first try to remove it.
please download AVG antivirus(free) and update the database and do a full system scan. Let me know if it removes anything and if it does than post a new hijack this log. If it does not than we will have to try something else.
AVG Antivirus (Direct Link)
http://free.grisoft.com/softw/70free/setup...ree_338a597.exe
#3 OFFLINE
-
- Members
-
- 97 posts
Advanced Member
Posted 17 August 2005 - 07:58 PM
If you still have the "battlefield 2 no cd crack.exe" on your computer you should submit the file: http://www.virustotal.com/
This will tell you what it is infected with. Also copy and paste the results here.
This will tell you what it is infected with. Also copy and paste the results here.
