Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

MSN Virus?

2»

Comments

  • Registered Users, Registered Users 2 Posts: 3,008 ✭✭✭delija_sever029


    Done.


  • Registered Users, Registered Users 2 Posts: 3,008 ✭✭✭delija_sever029


    Nothing pop out lately,hope its solved,thanks dude you are the king:)


  • Registered Users, Registered Users 2 Posts: 3,008 ✭✭✭delija_sever029


    It keeps poping up....

    Even when i am on mobile spam msgs still coming,i have no idea where the damn thing is installed...


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Have you inserted a USB key or anything like that lately ?


  • Registered Users, Registered Users 2 Posts: 3,008 ✭✭✭delija_sever029


    Nope


  • Advertisement
  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Post a new HJT log


  • Registered Users, Registered Users 2 Posts: 3,008 ✭✭✭delija_sever029


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:23:17, on 18.10.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224237221218
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

    --
    End of file - 5340 bytes


  • Registered Users, Registered Users 2 Posts: 234 ✭✭skuzzb


    Try using a web based messenger for you msn for a couple of days. www.meebo.com or the official live messenger are two. Im pretty sure you will still get the random messages.

    I use Linux and meebo for msn and I get those messages all the time, sometimes 10 a day. Its gotten so annoying ive just told everybody to start switching over to gtalk and switching off my msn account at the end of the month.

    From the information I could find, its impossible to stop random msn messages due to the nature of the msn protocall.


  • Registered Users, Registered Users 2 Posts: 3,008 ✭✭✭delija_sever029


    As i said even i log over mobile stupid msgs keep coming,so i dont get how i got infected with those ads when they keep poping up even when i am connected over mobile,i am not the first one with this,people keeps complaining on same thing:(


  • Registered Users, Registered Users 2 Posts: 4,431 ✭✭✭Dartz


    If that's the case, then you dont have the infection.

    If you're receiving the messages, it's likely whomever is sending them to you has the virus. If they're coming from the one contact, you can block that contact


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 3,008 ✭✭✭delija_sever029


    The point is at the begining msgs were coming from contacts on my list but not anymore,now msgs coming from some random addresses which are obviously generated


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    So if I have this straight, you are getting messages off other people ? But your msn isn't spamming other people ?


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    There is a setting on msn to stop people messaging you unless you have added them

    I had this problem as well, not malware related, just your email has been used somewhere


  • Registered Users, Registered Users 2 Posts: 3,008 ✭✭✭delija_sever029


    So if I have this straight, you are getting messages off other people ? But your msn isn't spamming other people ?


    Thats right

    sugarman wrote: »
    ..messages are usually some cheesey shoite ..like "hey there, come on cam and chat with me and ambre were soo horny" etc etc..

    Same thing with me
    There is a setting on msn to stop people messaging you unless you have added them

    I had this problem as well, not malware related, just your email has been used somewhere


    Is there a way to stop this and locate the problem except blocking?


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Not as far as I know, its not malware anyway

    Assuming you are using msn, do this

    Click Tools > Options > Privacy > Check the box beside only allow people on my allow list to see my status and send me messages > Click Apply > Ok

    Should stop it


Advertisement