Page 1 of 5 12345 LastLast
Results 1 to 15 of 63
  1. #1
    Joined
    Jan 2004
    Posts
    7,499

    Leave my ••••• alone!

    I cant get this damn vimax banner hijacker off my comp! Spybot, avgn, adaware, nothing seems to work!

    What else can I do?

  2. #2
    Joined
    Jan 2001
    Location
    Auckland
    Age
    40
    Posts
    30,912

    Re: Leave my ••••• alone!

    1. Restore backups
    2. Let Spybot/AVG/Adaware know of this banner hijacker that they can't remove
    3. Reinstall Windows (This option sucks)
    4. Linux

  3. #3
    Joined
    Aug 2003
    Location
    USA
    Posts
    5,843

    Re: Leave my ••••• alone!

    Try bitdefender.com Either download their free version or do their online scan. HOpe it helps a bit!

  4. #4
    Joined
    May 2000
    Posts
    7,927

    Re: Leave my ••••• alone!

    how do you get infected with this, "vimax banner hijacker"?


    Main Box: BioStar TpowerX58 LGA 1366, Intel i7 920 Nehalem 2.66GHz Quad-Core, 3GB Corsair DDR3 1600, 2X250GB WD SATA, VisionTek Radeon 4870, Corsair 620w PS, Asus DRW-1608P3S & DRW-1814BL, Win7 SP1 & LinuxMint 10

    Red Hour Video

    RedHour Gaming

  5. #5
    Joined
    May 2001
    Location
    Westfield,MA
    Posts
    8,386

    Re: Leave my ••••• alone!

    Well according to some posts in this thread it has to do with ads on websites and not your computer. Check it out if true it is nothing to do with your system.

    http://discussions.apple.com/thread....49920&tstart=7
    Case Lian Li LanCool PC-K62 PSU Corsair HX850 Motherboard EVGA X58 E757 Video Card EVGA HD 570
    CPU Intel I7 930@3.5GHz Cooler CoolerMaster V8 Memory 6GB(2GB x 3) GEIL BLACK DRAGON PC3 12800
    DVD Drive LiteON DH401S DVD Burner LG GH22NS50 System Drive 60GB SSD Mushkin Callisto
    Additional Storage 300GB VelociRaptor 74GB Raptor Seagate 1.5TB Operating System Windows 7 Ultimate 64 bit
    Soundcard SB X-FI XtremeGamer Fatal1ty PCI-E Headphones Razor Barracuda

  6. #6

    Re: Leave my ••••• alone!

    Quote Originally Posted by Eldest_One View Post
    it has to do with ads on websites and not your computer.
    http://www.admuncher.com/
    It's All About Having Fun ..... Isn't It?

    Gigabyte GA-990FXA-UD3 | AMD FX8350 Black Edition | CoolerMaster Hyper 212 EVO | Corsair XMS3 16GB DDR3
    XFX Radeon HD 7950 3GB DDR5 | Acer G246HL 24" WideScreen
    Samsung 840 EVO 500GB | Western Digital Caviar Black 500GB (Storage) | Samsung SH-S224 DVD Burner
    HT|Omega Claro | Technics SL-1210 MKll ~ Stanton 681EEE MKlll
    Esoteric Sounds Rek-O-Kut Professional Phono Preamp MKII
    Klipsch Pro Media v4.1 | Sennheiser HD 580 Precision ~ Sennheiser PC165 (Mic/Headset)
    Lian Li Lancool PC-K7B w/ Enermax NAXN 82+ 750W
    Win7 x64

  7. #7
    Joined
    Jan 2004
    Posts
    7,499

    Re: Leave my ••••• alone!

    I dont know how I got infected - or when for that matter. I thought [H] just hit a new low in acquiring ads. Then I started seeing them on ebay, and noticing them on numerous other sites. I think Norman stinger got it. I am no longer constantly reminded of my inadequacy! Thanks!

    Oh no! Its back!
    Last edited by fatlazyhomer; 01-15-2009 at 04:30 AM.

  8. #8
    Joined
    Jan 2004
    Posts
    7,499

    Re: Leave my ••••• alone!

    ARGH! ITS BACK! I think its lodged in the registry.

  9. #9
    Joined
    Jul 2003
    Location
    Australia
    Posts
    14,223

    Re: Leave my ••••• alone!

    Download ComboFix and HijackThis, rename them and then run them. Post the logs here. Don't fix anything in HijackThis. It also lists essential processes.

  10. #10
    Joined
    Jul 2002
    Location
    Corvallis, Oregon
    Age
    48
    Posts
    6,674

    Re: Leave my ••••• alone!

    you can try fsecure, their on-line scanner finds stuff that others can't.

    http://support.f-secure.com/enu/home/ols.shtml



  11. #11
    Joined
    May 2000
    Posts
    7,927

    Re: Leave my ••••• alone!

    If you can't get rid of it, then it has to be some type of Trojan.


    Main Box: BioStar TpowerX58 LGA 1366, Intel i7 920 Nehalem 2.66GHz Quad-Core, 3GB Corsair DDR3 1600, 2X250GB WD SATA, VisionTek Radeon 4870, Corsair 620w PS, Asus DRW-1608P3S & DRW-1814BL, Win7 SP1 & LinuxMint 10

    Red Hour Video

    RedHour Gaming

  12. #12
    Joined
    Jul 2001
    Location
    UK
    Age
    51
    Posts
    20,229

    Re: Leave my ••••• alone!

    Quote Originally Posted by Mjφlnir View Post
    Download ComboFix and HijackThis, rename them and then run them. Post the logs here. Don't fix anything in HijackThis. It also lists essential processes.
    Guys - please let Mjφlnir handle the infection from here.

    If you want to have a discussion, then start a new thread for Mjφlnir to help you handle the cleanup. It doesn't help with everyone chipping in with different advice. Let Mjφlnir work through the situation with you.

  13. #13
    Joined
    Feb 2003
    Location
    California to Alberta commuter
    Posts
    2,697

    Re: Leave my ••••• alone!

    It doesn't help with everyone chipping in with different advice
    Apologies, had not read Mjolnirs name in the thread title. Deleting my "advice".

    What else can I do?
    Your in good hands.
    Rock the Jukebox:
    2x Intel XEON E5405
    Asus DSBV-DX
    4x Kingston 2Gb FBuffered 667mhz w/4x MemCooler
    FSP 650w PSU
    MS Server 2008 STD

    M3ltD0Vvn:
    Intel Q9550 w/Coolermaster Hyper 212 - 2x 120mm
    Asus P5N-D
    2x Transcend 2Gb 800Mhz
    FSP 550w SLI Certified <~~Bullet Proof
    EVGA GTX560Ti SC (Asus 22" 1680x1050)
    MS Windows 7 Ultimate 64bit

  14. #14
    Joined
    Jan 2004
    Posts
    7,499

    Re: Leave my ••••• alone!

    End Result: Still getting the ads

    Initial hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:50:25 AM, on 1/15/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\lxcycoms.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system\HsMgr.exe
    C:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe
    C:\Program Files\ASUS Xonar DX Audio\Customapp\Program\ASUSAUDIOCENTER.EXE
    C:\Program Files\Lexmark 3400 Series\lxcymon.exe
    C:\Program Files\Lexmark 3400 Series\ezprint.exe
    C:\Program Files\ASUS Xonar DX Audio\Customapp\Program\MXMon.exe
    C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Cmaudio8788GX] C:\WINDOWS\system\HsMgr.exe Envoke
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe
    O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
    O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Antispyware] C:\Program Files\Antispyware\Antispyware.exe -boot
    O4 - HKUS\S-1-5-21-1801674531-1708537768-725345543-1003\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User 'David')
    O4 - HKUS\S-1-5-21-1801674531-1708537768-725345543-1003\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User 'David')
    O4 - HKUS\S-1-5-21-1801674531-1708537768-725345543-1003\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent (User 'David')
    O4 - HKUS\S-1-5-21-1801674531-1708537768-725345543-1003\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" (User 'David')
    O4 - HKUS\S-1-5-21-1801674531-1708537768-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'David')
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{82D73AC1-FEC1-422F-8958-4DE22B2A4EAB}: NameServer = 85.255.113.110,85.255.112.151
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.110,85.255.112.151
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.110,85.255.112.151
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 5745 bytes

  15. #15
    Joined
    Jan 2004
    Posts
    7,499

    Re: Leave my ••••• alone!

    Combofix Log (too large to paste)-
    http://www.scribd.com/doc/10487624/Log

    Post Scan Hijack This Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:01:20 AM, on 1/15/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system\HsMgr.exe
    C:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe
    C:\Program Files\Lexmark 3400 Series\lxcymon.exe
    C:\Program Files\Lexmark 3400 Series\ezprint.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\lxcycoms.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Cmaudio8788GX] C:\WINDOWS\system\HsMgr.exe Envoke
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
    O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 4815 bytes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •