Oinadserve, tnserve, and more

Discussion in 'Malware Help (A Specialist Will Reply)' started by kds, Feb 23, 2005.

  1. kds

    kds Private E-2

    Hey all,

    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    I keep getting these damn pop-ups. (from oinadserve, tnserve, tizzletalk?, etc) Ive run Norton virus scans, Adaware, Spybot S&D, and Bazooka Scanner. All updates/definitions are current.

    Nothing can find anything except adaware detects the other cookies..after i get the crazy pop-ups.

    In the meantime, I have changed all my security settings for IE on high.
    Its still getting in.

    I have read your tutorial and would like someone to review my HJT log file.

    Thanks everyone.
     

    Attached Files:

    kds, Feb 23, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    We have guidelines about when and how to post HJT logs. Please follow them. Do all of the READ ME FIRST steps first. DO NOT POST LOGS FROM SAFE MODE BOOT!

    First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


    After doing ALL of the above if you still have a problem:

    Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

    To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
     
    chaslang, Feb 23, 2005
    #2
  3. kds

    kds Private E-2

    Ive read the sticky threads and have done everything required..

    this is actually the third forum ive been to (past week).

    I'm seriously at a loss right now.
     
    kds, Feb 23, 2005
    #3
  4. PhilliePhan

    PhilliePhan Guest

    Hi Kds,

    There is not too much in that log. Try this:

    Please print out these instructions so that you can operate with All Browser Windows CLOSED.
    Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

    Now scan with HijackThis and Check the Boxes for the following:

    O2 - BHO: (no name) - {F2D7D351-4F99-1F19-B1DB-136404DE4DC1} - C:\WINDOWS\system32\loadeq.dll
    I don't recognize these - Remove?
    O2 - BHO: (no name) - {F3D7D322-4F98-1A6F-B1D9-606470A84DC3} - C:\WINDOWS\system32\loadeq.dll

    O4 - HKCU\..\Run: [Eprc] C:\Documents and Settings\Ken Suarez\Application Data\coea.exe
    O4 - HKCU\..\Run: [Tqcxr] C:\WINDOWS\system32\??chost.exe

    Again, make sure All Browser Windows are Closed when you Click FIX.

    NOW:
    Please boot into Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE the following if they should remain:

    C:\WINDOWS\system32\loadeq.dll
    C:\Documents and Settings\Ken Suarez\Application Data\coea.exe --> Do you know this one? Looks like a Trojan to me.
    C:\WINDOWS\system32\??chost.exe

    NEXT:
    Run CCleaner and Spybot S&D and have Spybot fix what it finds.

    Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
    Temporary Files
    Temporary Internet Files
    Recycle Bin

    And Click OK.

    Reboot to Normal Windows and Scan with HijackThis and attach that log. How are things running now?

    Best luck :)
    PP
     
    PhilliePhan, Feb 23, 2005
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member


    PP,

    Has started you on the road to repair but you did not do everything in the READ ME. You never ran the Trend Micro online scan. When we see one item skipped, we have to assume more may have been skipped. That is the reason I said to run the READ ME.
     
    chaslang, Feb 23, 2005
    #5
  6. PhilliePhan

    PhilliePhan Guest

    Agreed, Chas!

    If log were worse, I'd have sent Kds back to the Tutorial!

    PP :)
     
    PhilliePhan, Feb 23, 2005
    #6
  7. kds

    kds Private E-2

    Weird,

    1. Yeah I missed seiing that trend Micro Scan... sorry about that.

    2. I went through the steps and could not find loadeq.dll or the 2 apps in sys32.... when i did a fuzzy query, i got one instance of svchost..

    3. I ran the tools afterwards and nothing.

    Im assuming that when I dumped system restore, the last instances disappeared.

    Oh well , I think we have a happy ending here... what do you think?
     

    Attached Files:

    kds, Feb 23, 2005
    #7
  8. kds

    kds Private E-2

    If this is it, thank you very much... :)
     
    kds, Feb 23, 2005
    #8
  9. PhilliePhan

    PhilliePhan Guest

    I think it is it. . . . That log looks OK!

    A lot of stuff running, but nothing evil that I could see! How's she runnin'?

    While you're here, have a peek at Chaslang's Recommendations!!!

    PP :)
     
    PhilliePhan, Feb 23, 2005
    #9
  10. kds

    kds Private E-2

    shes running great.. i took her out to yahoo google b3ta and no pop-ups...

    Im checking out the recommendations ... thanks again.
     
    kds, Feb 23, 2005
    #10
  11. PhilliePhan

    PhilliePhan Guest

    You're Welcome! :)
     
    PhilliePhan, Feb 23, 2005
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds