Trojan/Browsela/Looksky
in [Security]
|
Prev: Regedit "Error while opening key"
Next: Norton AntiVirus 2006 does not support the repair feature
From: Bill Suen on 4 Jan 2006 04:32 David, I found this notepad on my screen. Does it help you diagnosing the problem? # An unexpected error has been detected by HotSpot Virtual Machine: # # EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x7c9010f3, pid=228, tid=3060 # # Java VM: Java HotSpot(TM) Client VM (1.5.0_04-b05 mixed mode, sharing) # Problematic frame: # C [ntdll.dll+0x10f3] # --------------- T H R E A D --------------- Current thread (0x08192ff8): JavaThread "thread applet-FreeVideo.class" [_thread_in_native, id=3060] siginfo: ExceptionCode=0xc0000005, writing address 0x04273f54 Registers: EAX=0x00000000, EBX=0x2b464d30, ECX=0x0870f7b4, EDX=0x04273f4c ESP=0x0870f7c4, EBP=0x0870f7fc, ESI=0x04273f38, EDI=0x04273f4c EIP=0x7c9010f3, EFLAGS=0x00010246 Top of Stack: (sp=0x0870f7c4) 0x0870f7c4: 6d0d7af2 04273f4c 08192ff8 081930b4 0x0870f7d4: 6d0c7eb3 08192ff8 2ac11f18 2b464d30 0x0870f7e4: 21393b28 00000000 0870f7d8 0870fae4 0x0870f7f4: 6d0f33a0 00000000 0870f830 0531899c 0x0870f804: 081930b4 0870f840 00000001 21393b28 0x0870f814: 0870f80c 00000000 0870f840 2b465c90 0x0870f824: 00000000 2b464d30 0870f840 0870f860 0x0870f834: 05312923 00000000 05316449 21393b28 Instructions: (pc=0x7c9010f3) 0x7c9010e3: 24 00 00 00 00 90 90 90 90 90 8b 54 24 04 33 c0 0x7c9010f3: ff 4a 08 75 26 89 42 0c f0 ff 4a 04 7d 03 c2 04 Stack: [0x08610000,0x08710000), sp=0x0870f7c4, free space=1021k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) C [ntdll.dll+0x10f3] j sun.awt.windows.WComponentPeer._dispose()V+0 j sun.awt.windows.WComponentPeer.disposeImpl()V+23 j sun.awt.windows.WObjectPeer.dispose()V+42 j java.awt.Component.removeNotify()V+211 j java.awt.Container.removeNotify()V+67 j java.awt.Container.remove(I)V+43 j java.awt.Container.remove(Ljava/awt/Component;)V+45 j sun.applet.AppletPanel.run()V+552 j java.lang.Thread.run()V+11 v ~StubRoutines::call_stub V [jvm.dll+0x82696] V [jvm.dll+0xd6fd9] V [jvm.dll+0x82567] V [jvm.dll+0x822c4] V [jvm.dll+0x9d216] V [jvm.dll+0x101489] V [jvm.dll+0x101457] C [msvcrt.dll+0x2a3b0] C [kernel32.dll+0xb50b] Java frames: (J=compiled Java code, j=interpreted, Vv=VM code) j sun.awt.windows.WComponentPeer._dispose()V+0 j sun.awt.windows.WComponentPeer.disposeImpl()V+23 j sun.awt.windows.WObjectPeer.dispose()V+42 j java.awt.Component.removeNotify()V+211 j java.awt.Container.removeNotify()V+67 j java.awt.Container.remove(I)V+43 j java.awt.Container.remove(Ljava/awt/Component;)V+45 j sun.applet.AppletPanel.run()V+552 j java.lang.Thread.run()V+11 v ~StubRoutines::call_stub --------------- P R O C E S S --------------- Java Threads: ( => current thread ) 0x0424fcf0 JavaThread "AWT-EventQueue-33" [_thread_blocked, id=2668] 0x042539f8 JavaThread "Thread-180" [_thread_blocked, id=3312] 0x0424de60 JavaThread "Thread-179" [_thread_blocked, id=488] 0x081d9310 JavaThread "Image Fetcher 0" daemon [_thread_blocked, id=2900] 0x04251a48 JavaThread "Thread-178" [_thread_blocked, id=588] 0x081d96b8 JavaThread "Thread-175" [_thread_in_native, id=2664] 0x08126760 JavaThread "AWT-EventQueue-32" [_thread_blocked, id=3584] =>0x08192ff8 JavaThread "thread applet-FreeVideo.class" [_thread_in_native, id=3060] 0x08199650 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=1748] 0x04230450 JavaThread "AWT-Shutdown" [_thread_blocked, id=1664] 0x011f1e30 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=2076] 0x042308c8 JavaThread "AWT-Windows" daemon [_thread_in_native, id=1340] 0x0422f620 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=2380] 0x011f4d30 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=3404] 0x011e4ff0 JavaThread "CompilerThread0" daemon [_thread_blocked, id=2600] 0x011e4e70 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=1832] 0x011df3b0 JavaThread "Finalizer" daemon [_thread_blocked, id=324] 0x04160048 JavaThread "Reference Handler" daemon [_thread_blocked, id=1404] 0x011d8a28 JavaThread "main" [_thread_blocked, id=3436] Other Threads: 0x011e1cd0 VMThread [id=2564] 0x011f09d0 WatcherThread [id=2764] VM state:not at safepoint (normal execution) VM Mutex/Monitor currently owned by a thread: None Heap def new generation total 576K, used 2K [0x20b90000, 0x20c30000, 0x212f0000) eden space 512K, 0% used [0x20b90000, 0x20b90800, 0x20c10000) from space 64K, 0% used [0x20c20000, 0x20c20000, 0x20c30000) to space 64K, 0% used [0x20c10000, 0x20c10000, 0x20c20000) tenured generation total 1408K, used 713K [0x212f0000, 0x21450000, 0x26b90000) the space 1408K, 50% used [0x212f0000, 0x213a2448, 0x213a2600, 0x21450000) compacting perm gen total 8192K, used 1321K [0x26b90000, 0x27390000, 0x2ab90000) the space 8192K, 16% used [0x26b90000, 0x26cda600, 0x26cda600, 0x27390000) ro space 8192K, 62% used [0x2ab90000, 0x2b0993f0, 0x2b099400, 0x2b390000) rw space 12288K, 46% used [0x2b390000, 0x2b91fe20, 0x2b920000, 0x2bf90000) Dynamic libraries: 0x00400000 - 0x00419000 C:\Program Files\Internet Explorer\iexplore.exe 0x7c900000 - 0x7c9b0000 C:\WINDOWS\system32\ntdll.dll 0x7c800000 - 0x7c8f4000 C:\WINDOWS\system32\kernel32.dll 0x77c10000 - 0x77c68000 C:\WINDOWS\system32\msvcrt.dll 0x77d40000 - 0x77dd0000 C:\WINDOWS\system32\USER32.dll 0x77f10000 - 0x77f56000 C:\WINDOWS\system32\GDI32.dll 0x77f60000 - 0x77fd6000 C:\WINDOWS\system32\SHLWAPI.dll 0x77dd0000 - 0x77e6b000 C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 - 0x77f01000 C:\WINDOWS\system32\RPCRT4.dll 0x77760000 - 0x778cc000 C:\WINDOWS\system32\SHDOCVW.dll 0x77a80000 - 0x77b14000 C:\WINDOWS\system32\CRYPT32.dll 0x77b20000 - 0x77b32000 C:\WINDOWS\system32\MSASN1.dll 0x754d0000 - 0x75550000 C:\WINDOWS\system32\CRYPTUI.dll 0x76c30000 - 0x76c5e000 C:\WINDOWS\system32\WINTRUST.dll 0x76c90000 - 0x76cb8000 C:\WINDOWS\system32\IMAGEHLP.dll 0x77120000 - 0x771ac000 C:\WINDOWS\system32\OLEAUT32.dll 0x774e0000 - 0x7761d000 C:\WINDOWS\system32\ole32.dll 0x5b860000 - 0x5b8b4000 C:\WINDOWS\system32\NETAPI32.dll 0x771b0000 - 0x77256000 C:\WINDOWS\system32\WININET.dll 0x76f60000 - 0x76f8c000 C:\WINDOWS\system32\WLDAP32.dll 0x77c00000 - 0x77c08000 C:\WINDOWS\system32\VERSION.dll 0x76390000 - 0x763ad000 C:\WINDOWS\system32\IMM32.DLL 0x629c0000 - 0x629c9000 C:\WINDOWS\system32\LPK.DLL 0x74d90000 - 0x74dfb000 C:\WINDOWS\system32\USP10.dll 0x773d0000 - 0x774d2000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x7c9c0000 - 0x7d1d4000 C:\WINDOWS\system32\SHELL32.dll 0x5d090000 - 0x5d127000 C:\WINDOWS\system32\comctl32.dll 0x5ad70000 - 0x5ada8000 C:\WINDOWS\system32\uxtheme.dll 0x75f80000 - 0x7607d000 C:\WINDOWS\system32\BROWSEUI.dll 0x20000000 - 0x20012000 C:\WINDOWS\system32\browselc.dll 0x77b40000 - 0x77b62000 C:\WINDOWS\system32\appHelp.dll 0x76fd0000 - 0x7704f000 C:\WINDOWS\system32\CLBCATQ.DLL 0x77050000 - 0x77115000 C:\WINDOWS\system32\COMRes.dll 0x755c0000 - 0x755ee000 C:\WINDOWS\system32\msctfime.ime 0x77260000 - 0x772fe000 C:\WINDOWS\system32\urlmon.dll 0x77fe0000 - 0x77ff1000 C:\WINDOWS\system32\Secur32.dll 0x77a20000 - 0x77a74000 C:\WINDOWS\System32\cscui.dll 0x76600000 - 0x7661d000 C:\WINDOWS\System32\CSCDLL.dll 0x77920000 - 0x77a13000 C:\WINDOWS\system32\SETUPAPI.dll 0x68000000 - 0x68051000 C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll 0x71ad0000 - 0x71ad9000 C:\WINDOWS\system32\WSOCK32.dll 0x71ab0000 - 0x71ac7000 C:\WINDOWS\system32\WS2_32.dll 0x71aa0000 - 0x71aa8000 C:\WINDOWS\system32\WS2HELP.dll 0x76b40000 - 0x76b6d000 C:\WINDOWS\system32\WINMM.dll 0x10000000 - 0x1000e000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 0x7c340000 - 0x7c396000 C:\WINDOWS\system32\MSVCR71.dll 0x01110000 - 0x0112f000 C:\WINDOWS\system32\dla\tfswshx.dll 0x01130000 - 0x0113f000 C:\WINDOWS\system32\tfswapi.dll 0x01140000 - 0x0117b000 C:\WINDOWS\system32\dla\tfswcres.dll 0x75e90000 - 0x75f40000 C:\WINDOWS\system32\SXS.DLL 0x012e0000 - 0x01368000 C:\WINDOWS\system32\shdoclc.dll 0x01370000 - 0x01635000 C:\WINDOWS\system32\xpsp2res.dll 0x75cf0000 - 0x75d81000 C:\WINDOWS\system32\mlang.dll 0x71a50000 - 0x71a8f000 C:\WINDOWS\system32\mswsock.dll 0x662b0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll 0x71a90000 - 0x71a98000 C:\WINDOWS\System32\wshtcpip.dll 0x76ee0000 - 0x76f1c000 C:\WINDOWS\system32\RASAPI32.DLL 0x76e90000 - 0x76ea2000 C:\WINDOWS\system32\rasman.dll 0x76eb0000 - 0x76edf000 C:\WINDOWS\system32\TAPI32.dll 0x76e80000 - 0x76e8e000 C:\WINDOWS\system32\rtutils.dll 0x77c70000 - 0x77c93000 C:\WINDOWS\system32\msv1_0.dll 0x76d60000 - 0x76d79000 C:\WINDOWS\system32\iphlpapi.dll 0x745e0000 - 0x748a6000 C:\WINDOWS\system32\msi.dll 0x722b0000 - 0x722b5000 C:\WINDOWS\system32\sensapi.dll 0x769c0000 - 0x76a73000 C:\WINDOWS\system32\USERENV.dll 0x0ffd0000 - 0x0fff8000 C:\WINDOWS\system32\rsaenh.dll 0x76f20000 - 0x76f47000 C:\WINDOWS\system32\DNSAPI.dll 0x76fc0000 - 0x76fc6000 C:\WINDOWS\system32\rasadhlp.dll 0x7d4a0000 - 0x7d786000 C:\WINDOWS\system32\mshtml.dll 0x01680000 - 0x016a7000 C:\WINDOWS\system32\msls31.dll 0x02300000 - 0x0232a000 C:\WINDOWS\system32\msimtf.dll 0x02330000 - 0x0237b000 C:\WINDOWS\system32\MSCTF.dll 0x75c50000 - 0x75cbe000 C:\WINDOWS\system32\jscript.dll 0x66e50000 - 0x66e90000 C:\WINDOWS\system32\iepeers.dll 0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV 0x5a620000 - 0x5a67d000 C:\WINDOWS\system32\inetcpl.cpl 0x667d0000 - 0x667ed000 C:\WINDOWS\system32\inetcplc.dll 0x66000000 - 0x6601f000 C:\Program Files\Yahoo!\Companion\Installs\cpn\pubmod.dll 0x65000000 - 0x6502b000 C:\Program Files\Yahoo!\Companion\Installs\cpn\ypubc.dll 0x5f050000 - 0x5f06a000 C:\WINDOWS\system32\OCCache.DLL 0x71b20000 - 0x71b32000 C:\WINDOWS\system32\MPR.dll 0x75f60000 - 0x75f67000 C:\WINDOWS\System32\drprov.dll 0x71c10000 - 0x71c1e000 C:\WINDOWS\System32\ntlanman.dll 0x71cd0000 - 0x71ce7000 C:\WINDOWS\System32\NETUI0.dll 0x71c90000 - 0x71cd0000 C:\WINDOWS\System32\NETUI1.dll 0x71c80000 - 0x71c87000 C:\WINDOWS\System32\NETRAP.dll 0x71bf0000 - 0x71c03000 C:\WINDOWS\System32\SAMLIB.dll 0x75f70000 - 0x75f79000 C:\WINDOWS\System32\davclnt.dll 0x75970000 - 0x75a67000 C:\WINDOWS\system32\MSGINA.dll 0x76360000 - 0x76370000 C:\WINDOWS\system32\WINSTA.dll 0x74320000 - 0x7435d000 C:\WINDOWS\system32\ODBC32.dll 0x763b0000 - 0x763f9000 C:\WINDOWS\system32\comdlg32.dll 0x025d0000 - 0x025e7000 C:\WINDOWS\system32\odbcint.dll 0x73ba0000 - 0x73bb3000 C:\WINDOWS\system32\sti.dll 0x74ae0000 - 0x74ae7000 C:\WINDOWS\system32\CFGMGR32.dll 0x72d20000 - 0x72d29000 C:\WINDOWS\system32\wdmaud.drv 0x72d10000 - 0x72d18000 C:\WINDOWS\system32\msacm32.drv 0x77be0000 - 0x77bf5000 C:\WINDOWS\system32\MSACM32.dll 0x77bd0000 - 0x77bd7000 C:\WINDOWS\system32\midimap.dll 0x76200000 - 0x76271000 C:\WINDOWS\system32\mshtmled.dll 0x04460000 - 0x04607000 C:\WINDOWS\system32\macromed\flash\Flash.ocx 0x6d430000 - 0x6d43a000 C:\WINDOWS\system32\ddrawex.dll 0x73760000 - 0x737a9000 C:\WINDOWS\system32\DDRAW.dll 0x73bc0000 - 0x73bc6000 C:\WINDOWS\system32\DCIMAN32.dll 0x76820000 - 0x76834000 C:\WINDOWS\system32\HLINK.DLL 0x6d590000 - 0x6d5a1000 C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll 0x5edd0000 - 0x5ede7000 C:\WINDOWS\system32\OLEPRO32.DLL 0x6d400000 - 0x6d417000 C:\Program Files\Java\jre1.5.0_04\bin\jpiexp32.dll 0x76fb0000 - 0x76fb8000 C:\WINDOWS\System32\winrnr.dll 0x6d450000 - 0x6d468000 C:\Program Files\Java\jre1.5.0_04\bin\jpishare.dll 0x6d640000 - 0x6d7c9000 C:\PROGRA~1\Java\JRE15~2.0_0\bin\client\jvm.dll 0x6d280000 - 0x6d288000 C:\PROGRA~1\Java\JRE15~2.0_0\bin\hpi.dll 0x76bf0000 - 0x76bfb000 C:\WINDOWS\system32\PSAPI.DLL 0x6d610000 - 0x6d61c000 C:\PROGRA~1\Java\JRE15~2.0_0\bin\verify.dll 0x6d300000 - 0x6d31d000 C:\PROGRA~1\Java\JRE15~2.0_0\bin\java.dll 0x6d630000 - 0x6d63f000 C:\PROGRA~1\Java\JRE15~2.0_0\bin\zip.dll 0x6d000000 - 0x6d167000 C:\Program Files\Java\jre1.5.0_04\bin\awt.dll 0x73940000 - 0x73a10000 C:\WINDOWS\system32\D3DIM700.DLL 0x6d240000 - 0x6d27d000 C:\Program Files\Java\jre1.5.0_04\bin\fontmanager.dll 0x6d1f0000 - 0x6d203000 C:\Program Files\Java\jre1.5.0_04\bin\deploy.dll 0x6d5d0000 - 0x6d5ed000 C:\Program Files\Java\jre1.5.0_04\bin\RegUtils.dll 0x6d3e0000 - 0x6d3f4000 C:\Program Files\Java\jre1.5.0_04\bin\jpicom32.dll 0x6d4c0000 - 0x6d4d3000 C:\Program Files\Java\jre1.5.0_04\bin\net.dll 0x6d4e0000 - 0x6d4e9000 C:\Program Files\Java\jre1.5.0_04\bin\nio.dll 0x6d3c0000 - 0x6d3df000 C:\Program Files\Java\jre1.5.0_04\bin\jpeg.dll 0x5ff20000 - 0x5ff46000 C:\WINDOWS\system32\MSRATING.dll 0x5ff50000 - 0x5ff61000 C:\WINDOWS\system32\msratelc.dll VM Arguments: jvm_args: -Xbootclasspath/a:C:\PROGRA~1\Java\JRE15~2.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE15~2.0_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.5.0_04 -Djavaplugin.nodotversion=150_04 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE15~2.0_0 -Djava.protocol.handler.pkgs=sun.plugin.net.protocol -Djavaplugin.vm.options=-Djava.class.path=C:\PROGRA~1\Java\JRE15~2.0_0\classes -Xbootclasspath/a:C:\PROGRA~1\Java\JRE15~2.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE15~2.0_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.5.0_04 -Djavaplugin.nodotversion=150_04 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE15~2.0_0 -Djava.protocol.handler.pkgs=sun.plugin.net.protocol vfprintf java_command: <unknown> Environment Variables: PATH=C:\PROGRA~1\Java\JRE15~2.0_0\bin;C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;. USERNAME=Bill OS=Windows_NT PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel --------------- S Y S T E M --------------- OS: Windows XP Build 2600 Service Pack 2 CPU:total 1 family 15, cmov, cx8, fxsr, mmx, sse, sse2, ht Memory: 4k page, physical 1046512k(596680k free), swap 2522548k(2184096k free) vm_info: Java HotSpot(TM) Client VM (1.5.0_04-b05) for windows-x86, built on Jun 3 2005 02:10:41 by "java_re" with MS VC++ 6.0 I dont even know I have anything to do with "HotSpot" Bill Suen "Bill Suen" wrote: > Dave, > > I ran the fix and it didn not work. I was watching the scan and there were > a lot of files the fix could not open. Now I cannot even got my explorer > working in my own sign on, so I am using a guest signon to get on here. Hope > you can give me further advice. Here is the log file: > > > McAfee VirusScan for Win32 v4.40.0 > Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights > reserved. > (408) 988-3832 LICENSED COPY - Sep 23 2004 > > Scan engine v4.4.00 for Win32. > Virus data file v4666 created Jan 03 2006 > Scanning for 168508 viruses, trojans and variants. > > Virus Scan Results > > > > > 01/04/2006 18:01:54 > > > Options: > /ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL > /PROGRAM /EXCLUDE C:\MCAFEE\EXCLIST.TXT /HTML "C:\MCAFEE\SCANREPORT.HTML" > > Scanning C: [] > Scanning C:\*.* > C:\Documents and Settings\Brendan\Local Settings\Temporary Internet > Files\Content.IE5\A9S3YT65\systemwarning[1].htm ... Found potentially > unwanted program Adware-SpySheriff. > The file or process has been deleted. > > Summary report on C:\*.* > File(s) > Total files: ........... 229892 > Clean: ................. 229863 > Possibly Infected: ..... 0 > Cleaned: ............... 0 > Deleted: ............... 1 > Non-critical Error(s): 1 > Master Boot Record(s): ......... 1 > Possibly Infected: ..... 0 > Boot Sector(s): ................ 1 > Possibly Infected: ..... 0 > > > Time: 00:50.16 > > Some pages are now blocked and the message says: block by adware of your pc, > download spy trooper: > > http://www.spytrooper.com/?advid=29 > > Is this geniune? > > Many thanks. > > Bill Suen > > "David H. Lipman" wrote: > > > From: "Bill Suen" <BillSuen(a)discussions.microsoft.com> > > > > | I have a similar problem: > > | I work a lot from my home PC for a university and has sophos loaded in it. > > | The regular daily scan on Monday revealed that I have a Troj/spyaks-B > > | infected in c:\windows\system32\wbeconm.dll and it cannot delete the file. I > > | went in via command prompt and deleted the infected file but the home page > > | still set to a security centre page. Yesterday I followed the sophos > > | instruction and downloaded a SAV32CLI fix onto a CD-R and try to run it on > > | command prompt via F8 re-start. I am running Window XP 2002 home service > > | pack 2, and it will not let me get onto safe mode with command prompt at > > | restart, so I cannot run the fix on my PC. > > > > > > > > Download SmitFraud.exe from the URL -- > > http://www.ik-cs.com/programs/virtools/SmitFraud.exe > > > > Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee } > > Choose; Unzip > > Choose; Close > > > > NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your > > FireWall to enable WGET.EXE to download the needed McAfee related files. > > > > Execute; c:\mcafee\clean.bat > > { or Double-click on 'Clean Link' in c:\mcafee } > > > > A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the > > end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer). > > It is suggested that you move the report out of c:\mcafee before performing another scan. > > > > > > Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your > > reply. > > > > * * * Please report back your results * * * > > > > > > > > -- > > Dave > > http://www.claymania.com/removal-trojan-adware.html > > http://www.ik-cs.com/got-a-virus.htm > > > > > >
From: David H. Lipman on 4 Jan 2006 10:35 From: "Bill Suen" <BillSuen(a)discussions.microsoft.com> | David, | | I found this notepad on my screen. Does it help you diagnosing the problem? | # An unexpected error has been detected by HotSpot Virtual Machine: | # | # EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x7c9010f3, pid=228, tid=3060 | # | # Java VM: Java HotSpot(TM) Client VM (1.5.0_04-b05 mixed mode, sharing) | # Problematic frame: | # C [ntdll.dll+0x10f3] | # | < snip > Nope. Useless data... -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
From: David H. Lipman on 4 Jan 2006 10:34 From: "Bill Suen" <BillSuen(a)discussions.microsoft.com> | Dave, | | I ran the fix and it didn not work. I was watching the scan and there were | a lot of files the fix could not open. Now I cannot even got my explorer | working in my own sign on, so I am using a guest signon to get on here. Hope | you can give me further advice. Here is the log file: | < snip > You are still infected. Part 1 ----------- Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe http://noahdfear.geekstogo.com/click%20counter/click.php?id=1 http://www.bleepingcomputer.com/forums/topic36868.html Part 2 ----------- Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool. http://secured2k.home.comcast.net/tools/AntiPuper.exe http://forums.mcafeehelp.com/viewtopic.php?t=65072 I don't understand what you mean by "Now I cannot even got my explorer working in my own sign on..." Please elaborate... What happens ? -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
From: Bill Suen on 4 Jan 2006 17:40 Dave, Many thanks for your advice again. I will try it tonight when I get home and let you know what happens. After my last scan my IE did not work (would not get to my usual home page, nor to the hidjacked page, just frozen) and the screen settings were all changed. I had to log on as a "guest" on my multiple user- PC to use IE. But afterwards, I manually changed back all my settings and the IE worked again under my logon. Hope I will give you good news tonight. "David H. Lipman" wrote: > From: "Bill Suen" <BillSuen(a)discussions.microsoft.com> > > | Dave, > | > | I ran the fix and it didn not work. I was watching the scan and there were > | a lot of files the fix could not open. Now I cannot even got my explorer > | working in my own sign on, so I am using a guest signon to get on here. Hope > | you can give me further advice. Here is the log file: > | > > < snip > > > You are still infected. > > Part 1 > ----------- > > Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe > http://noahdfear.geekstogo.com/click%20counter/click.php?id=1 > > http://www.bleepingcomputer.com/forums/topic36868.html > > > Part 2 > ----------- > > Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool. > > http://secured2k.home.comcast.net/tools/AntiPuper.exe > > http://forums.mcafeehelp.com/viewtopic.php?t=65072 > > > I don't understand what you mean by "Now I cannot even got my explorer working in my own > sign on..." > Please elaborate... > > What happens ? > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > http://www.ik-cs.com/got-a-virus.htm > > >
From: David H. Lipman on 4 Jan 2006 17:48
From: "Bill Suen" <BillSuen(a)discussions.microsoft.com> | Dave, | | Many thanks for your advice again. I will try it tonight when I get home | and let you know what happens. | | After my last scan my IE did not work (would not get to my usual home page, | nor to the hidjacked page, just frozen) and the screen settings were all | changed. I had to log on as a "guest" on my multiple user- PC to use IE. | But afterwards, I manually changed back all my settings and the IE worked | again under my logon. | | Hope I will give you good news tonight. | Use *all* the tools I provided you whn using the affected account. The issue is in that user's Registry. You have to be logged in as that user for that Registery to be fixed. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |