weird virus?

[Wraith]

i keep getting popups. the thing is, they all point to about:blank, and all of them are sorta of minimized. its weird, i used ad-aware and spybot, heres a screenshot

 

[h00dlum]

You have a creepy wallpaper...

 

[Adrien C]

Tell me the full desciption and I will be able to help you.

 

[Sulkdodds]

That was helpful. Erm, I honestly don't know. Is it linked to any particular website? Do you have McAfee stinger? Do you keep your antivirus updated? Is it Norton? etc.

 

[Wraith]

i dont have anti virus, i dont know it loads a blank page, just annoying cuz it kicks me out of CSS, it happens like every hour

 

[Sprafa]

Do you have a firewall ?

If it doesn't stops just switch to Mozilla.

 

[Sui]

errr... try opening the task manager (ctrl alt del ) and looking at what the FULL name is. "abo..." isnt really helpful

 

[Alig]

I have something similar. Don't know if its a virus or not but every hour or so a load of internet explorer windows will pop up even though i 1) don't use internet explorer, i use firefox and 2) i have'nt even got anything open. I've used ad aware and everything, full scanned and can't get rid of them.

I've also got an invisible porno thing that i just cannot un-install (and i never installed it either...my brother did, mofo he better not be ...yeah! and touching my f'in mouse :|)

 

[The Monkey]

I got something like it...but only once when I start Internet.

 

[Farrowlesparrow]

Wraith, I've noticed a couple of threads started by you have been in the wrong place. Please think before you make a thread.

 

[Sulkdodds]

Isn't this the right place? Anyway, my advice would be to run task manager and see if there's anything odd running, and also to download and run McAfee Stinger (search and you'll find it and don't worry the file is very small). Getting F-Secure or something might be an idea too.

 

[Farrowlesparrow]

I moved the thread...That is why it is now in the right place.

 

[Kiva128]

scan for spyware with spybot and adaware (you have to get the latest versions and update them both. then set adaware to do a full system scan. Then scan with both, delete what you find and hopefully that will fix it.)

 

[Wraith]

scan for spyware with spybot and adaware (you have to get the latest versions and update them both. then set adaware to do a full system scan. Then scan with both, delete what you find and hopefully that will fix it.)

did you even read my post? am i getting through to ANYONE here?

 

[Ecthe|ioN]

Download:
Ad-aware SE Personal!
Spybot Search & Destroy 1.3!

You might want to download Spywaredoctor too!

Google the applications!

Autoupdate them!

Run them!

Clean

 

[Wraith]

i keep getting popups. the thing is, they all point to about:blank, and all of them are sorta of minimized. its weird, i used ad-aware and spybot , heres a screenshot

scan for spyware with spybot and adaware (you have to get the latest versions and update them both. then set adaware to do a full system scan. Then scan with both, delete what you find and hopefully that will fix it.)

Download:
Ad-aware SE Personal!
Spybot Search & Destroy 1.3!

:flame: :flame: :flame:

 

[we11er]

Looks malicious to me

Start->Run, type "msconfig" and see what's in the Startup tab

Remove anything dodgy, make sure you kill its process before though, then it can't add itself again.

 

[Wraith]

here are my processes

 

[we11er]

stinger[1].exe - what's this?
tppadlr.exe - don' know this, but sounds ok though

Well, it's not really easy to tell what's safe and what isn't. You need to turn off all startup items, try it like that for a while, see if it's still there. If it goes, you know it's one of them.....

edit: and it might be even sneakier and only run at certain times, when some event is triggered.

 

[switch]

here are my processes

Download this and paste the log.
Hijackthis

Then I can try and help you.

 

[Wraith]

Logfile of HijackThis v1.97.7
Scan saved at 3:13:33 PM, on 10/5/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~2\PANICW~1\POP-UP~1\POPUPS~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Subnormal\Local Settings\Temporary Internet Files\Content.IE5\0J2CDWOP\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Subnormal/My%20Documents/My%20Pictures/home.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\DOWNLO~1\CONFLICT.1\STUMBL~1.DLL
O3 - Toolbar: StumbleUpon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\DOWNLO~1\CONFLICT.1\STUMBL~1.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [InteliSys] C:\WINDOWS\smss.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~2\PANICW~1\POP-UP~1\POPUPS~1.EXE"
O4 - Global Startup: Search.vbs
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\DOWNLO~1\CONFLICT.1\STUMBL~1.DLL/blogimage
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O9 - Extra button: Run WinHTTrack (HKLM)
O9 - Extra 'Tools' menuitem: Launch WinHTTrack (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.flyordie.com/pub/dl/msjavx86.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - http://www.stumbleupon.com/stumble.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38067.9422916667
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://install.wildtangent.com/bgn/partners/aim/blackhawkstrikerdrm3/install.cab

 

[Wraith]

well?

10char

 

[XtremesT]

If you dont get any information that is helpful from here, you can go to this forum that I give down at the bottom, and post your log there. Theres a ton of guys who know exactly what they are looking for, and have helped me out in the past. http://computercops.biz/forum67.html&sid=e797b2fdd9ac640847054a523f85bb40