Malware/Spyware Problem

Discussion in 'Malware Help (A Specialist Will Reply)' started by jpsartre, Aug 4, 2006.

  1. jpsartre

    jpsartre Private E-2

    Help! I've got malware or spyware on my computer resulting in unwanted pop-ups and unwanted links in my favorite-folder that I cannot remove. I've followed all steps in the 'READ AND RUN ME FIRST'-thread and I've attached logs from Bitdefender, Panda, and Hijack This. Please let me know if you need any other info.
     

    Attached Files:

    jpsartre, Aug 4, 2006
    #1
  2. jpsartre

    jpsartre Private E-2

    By the way, I'm unable to go online when in safe-mode so all the online-scans were done in normal mode.
     
    jpsartre, Aug 4, 2006
    #2
  3. matt.chugg

    matt.chugg MajorGeek

    We have changed the procedure we just need a couple more logs from you, these don't need to be run online.


    Run the below procedure and attach the runkeys.txt log.
    Now run the below procedure and attach the newfiles.txt log.
     
    matt.chugg, Aug 4, 2006
    #3
  4. jpsartre

    jpsartre Private E-2

    Here you go!

    Hope you can find the problem. Anyway, thanks in advance :)
     

    Attached Files:

    jpsartre, Aug 4, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Do you know what the below BHO & Toolbar are for?
    O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
    O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll

    Make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://side.search.ke.voila.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://side.search.ke.voila.fr
    O2 - BHO: (no name) - {51F97097-02AF-C238-2CFE-EE5647F41287} - C:\DOCUME~1\BATRIC~1\APPLIC~1\MP3SOF~1\vc long.exe (file missing
    O4 - HKLM\..\Run: [Heck Gpl Data Frag] C:\Documents and Settings\All Users\Application Data\window drive heck gpl\LESS WARN.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [JugsBlue] C:\DOCUME~1\BATRIC~1\APPLIC~1\FLAPRE~1\Sixth Axis Idol.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O18 - Protocol: bw+0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {EA1A9D8B-127C-4E78-8149-FAAAB3967068} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete    :
    c:\Documents and Settings\batric~1\Application Data\flapre~1 <--- the whole folder
    c:\program files\WinAntiVirus Pro 2006 <--- the whole folder
    C:\Documents and Settings\All Users\Application Data\window drive heck gpl <--- the whole folder

    Now we need to Reset Web Settings:
    1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.
    Now reboot in normal mode and post a new HJT log.

    Make sure you tell me how things are working now.

    Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.
     
    chaslang, Aug 4, 2006
    #5
  6. jpsartre

    jpsartre Private E-2

    Ok, here we go. Hope everything is alright now....

    And yes, the I know the BHO & Toolbar. Those are okay.
     

    Attached Files:

    jpsartre, Aug 4, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your log is clean. Now you need to get a firewall and an antispyware blocker (like Windows Defender) install ASAP (this is all covered in the below link).

    If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

    After that, you should work thru the below link:

    How to Protect yourself from malware!
     
    chaslang, Aug 4, 2006
    #7
  8. jpsartre

    jpsartre Private E-2

    You sir, rule!

    Thanks a bunch :)
     
    jpsartre, Aug 5, 2006
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Aug 6, 2006
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds