Popups have seized my computer

[Daemon]

Yes, this latest variant is a real pain in the @$$ to remove. Miss one little bit and it respawns.

[skinsfan87]

heres the newest mwav scan:

File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "VX2 Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "myway Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\!Submit\bqxbrrq.exe infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\!Submit\ncun.exe infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\!Submit\pygpb.dat infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\!Submit\tbethhb.dll infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\!Submit\vlavmm.exe infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\!Submit\winup2date.dll infected by "Trojan-Clicker.Win32.Small.et" Virus. Action Taken: No Action Taken.
File C:\j2sdk1.4.2_06\demo\applets\BarChart\BarChart.cl ass tagged as not-a-virus:JavaClass.Chart. No Action Taken.
File C:\j2sdk1.4.2_06\demo\plugin\applets\BarChart\BarC hart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken.
File C:\Program Files\America Online 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Common Files\Java\Update\Base Images\j2sdk1.4.2-b28\demos.zip tagged as not-a-virus:JavaClass.Chart. No Action Taken.
File C:\Program Files\Common Files\Java\Update\Base Images\jdk1.5.0.beta2.b51\demos.zip tagged as not-a-virus:JavaClass.Chart. No Action Taken.
File C:\Program Files\Java\jdk1.5.0\demo\applets\BarChart\BarChart .class tagged as not-a-virus:JavaClass.Chart. No Action Taken.
File C:\Program Files\Java\jdk1.5.0\demo\plugin\applets\BarChart\B arChart.class tagged as not-a-virus:JavaClass.Chart. No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\20826335-8350-4065-892A-7BAE6F.asq infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\F5232D70-481B-4A00-89AD-EBE1CD.asq infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.
File C:\Program Files\Quake III Arena\Extras\WorldNet\PCVKIT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

[skinsfan87]

and the hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 7:53:44 PM, on 4/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.ex e
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.ex e
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.ex e /auto
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Graffiti - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: Yahoo! Word Racer - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F0648E8-D53B-478A-91DC-9725A4A8F600}: NameServer = 199.45.32.43 199.45.32.38
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

[Mobo]

First i would say to uininstall that version of java through add/remove programs, reboot then get the latest release here [Only Registered and Activated Users Can See Links. Click Here To Register...]

Then open microsoft antispyware, click tools/ spyware scan / manage quarantine. From there delete all the quarantines items.


Then open windows explorer, locate then delete:\
C:\Program Files\Quake III Arena\Extras\WorldNet\PCVKIT.EXE

Get The latest version of Adaware
You can download the free version here:
[Only Registered and Activated Users Can See Links. Click Here To Register...]

or here (alternate download location)
[Only Registered and Activated Users Can See Links. Click Here To Register...]

You need to be logged on as Adminstrator through the installation.
For ease in installation and operation, view the tutorial here [Only Registered and Activated Users Can See Links. Click Here To Register...]

Just download it to your desktop and then to install click on the file you just downloaded (aawsepersonal.exe). You will be guided through the installation. It is recommended to use the default setting of "Protect anyone who uses this computer".

On the main screen of Adaware please look for the *check for updates now* link, just above the start button in the bottom right corner or you can click on the Webupdate button that looks like a globe icon at the top. Press * connect* to let it check for any recent updates. If any are found, please let it download and install them.

Now, configure your settings. Click the gear icon at the top. These are the recommended settings:

AAW SE settings

General Button
Safety:
Check (Green) all three.

Advanced Button
Logfile Detail Level:
All options under this should be checked (Green).

Tweak Button
Check (Green) the following:
Log Files
Include basic Ad-Aware settings in logfile:
Include additional Ad-Aware settings in logfile:
Please do not check (Green): Include Module list in logfile:

On your first scan, use the Full Scan (Perform full system scan) mode.

Let Adaware remove any *bad* objects found. Reboot your PC and scan again. Repeat this process until no more bad items are found. It may take several scans to clean everything, depending on the type of infections found.
________________________
Download Spybot - Search & Destroy, from here [Only Registered and Activated Users Can See Links. Click Here To Register...] if you haven't already got the program.
For ease in installation and operation you can opt to view the tutorial here [Only Registered and Activated Users Can See Links. Click Here To Register...]

Click on Settings, and Settings again. Go to the Webupdate section, and check Display also available beta versions.

Now press Online, and search for, and put a check mark next to all updates, and install following the prompts.

Next, close all Internet Explorer windows, and click Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in RED.


Reboot then once again run and post a mwav scan

[skinsfan87]

when i was working with a mcafee tech specialist the guy asked me to uninstall msas. how should i delete the quarantines?

[Mobo]

I dont have any in my quarantine folder so I was hoping there wouild be an option to delete them there. Is ther no such option ?

[skinsfan87]

an option where?

[Mobo]

If you highlight one does it then give any option to delete ?

[skinsfan87]

i told you. microsoft antispyware got uninstalled

[Mobo]

You sure ? I see these present

File C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\20826335-8350-4065-892A-7BAE6F.asq infected by "Trojan-Downloader.Win32.Qoologic.i" Virus. Action Taken: No Action Taken.


File C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\F5232D70-481B-4A00-89AD-EBE1CD.asq infected by