i got slimed!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by clemmo, Apr 27, 2004.

  1. clemmo

    clemmo Private E-2

    So there I was minding my own business browsing the songs of Harold Arlen when I get this real funky message that envelopes my screen. It announces itself as "Parasite Alert" and tells me that "virtual bouncer" has found files on my computer that it strongly recommends I should have them remove for me. I am very suspect and try to log off. The damned thing won't let me and I take drastic measures and just shut the puter off. I then run adaware 6.0 and whammo! I got 77 notices. 2 Processes identified, 21 Registry keys identified, 8 Registry values identified and 40 files along with 6 folders. I ran a hijackthis and the following is the logfile on the latest. What do I do now?

    Inline log removed!
     
    Last edited by a moderator: Aug 6, 2007
    clemmo, Apr 27, 2004
    #1
  2. Endi

    Endi Lt. Links

    Endi, Apr 27, 2004
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Took a quick look at your log, these should be deleted using HiJaak This

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch...3&version_id=18
    R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL (file missing)

    That's just a quick look. I'll look it over somemore.
    You should also look at this thread: http://www.majorgeeks.com/vb/showthread.php?t=27385
     
    chaslang, Apr 27, 2004
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re-run HiJaak This and make sure you close all browser windows and applications before clicking "fix checked". Then fix the below items:

    O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
    O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\ieasst.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
    O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
    O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
    O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://wcs00180.egain.net/wcsapp/we...g/ie/SecMgr.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2359bc9...ip/RdxIE601.cab

    Now, Reboot in safe mode!
    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"
    Locate and delete:
    C:\Program Files\Common Files\slmss --> folder
    C:\WINDOWS\mwsvm.exe --> file

    As endiablo said below, you should really install, update and run SpyBot Search & Destroy first. But if any of the above are still there afterwards, delete them using HiJaak This. You should also run a full virusscan on this PC. It looks like you have McAfee. Make sure it is updated and run a full scan.
     
    Last edited: Apr 27, 2004
    chaslang, Apr 27, 2004
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds