TechSpot

Help with viewpoint mgr pop ups

By tr1
Mar 2, 2007
  1. Hi All,
    I am having a devil of a time getting rid of IE7 pop ups, I understand that Viewpoint Mgr may be responsible. I am attatching my HJT log file.
    Any help would be greatly appreciated.
    Thanks
    TR1
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your sysytem is infected with at least the lop trojan.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Please Download NoLop to your desktop from one of the links below...
    http://www.spywareedge.net/nolop/NoLop.exe
    http://www.thespykiller.co.uk/forum/...pmod;dl=item16

    First close any other programs you have running as this will require a reboot
    Double click NoLop.exe to run it
    Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
    When scanning is finished you will be prompted to reboot only if infected, Click OK
    Now click the "REBOOT" Button.
    A Message should popup from NoLop.
    If not, double click the program again and it will finish.

    --If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.-- http://www.boletrice.com/downloads/mscomctl.ocx

    Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, the C:\NoLop.log and an AVG Antispyware logs as attachments into this thread, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of tr1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. tr1

    tr1 TS Rookie Topic Starter

    Howard,
    Thanks for the info, I have completed all tasks (took all day).
    Here are the logs, please look them over and advise.
    My upload of the AVG file is too big I will try to repost.
    Thanks
    TR

    I cant get the avg file to upload it's too long.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    EXIT TEST.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKCU\..\Run: [SHIM BEEP] C:\DOCUME~1\TR\APPLIC~1\DOGTIM~1\EXIT TEST.exe

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=eb9bd6a7 9bd90545629244b92d314bf2&url=http%3A%2F%2Fd.69.25.47.79.downloads.estara.com.%2F as%2FOneCCDM.php&template=12825&sessionid=361889031_69.25.47.79_41696&=&req=1123 717287632OneCC.cab

    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/GeneralMills/Coupon s.cab

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\DOCUME~1\TR\APPLIC~1\DOGTIM~1<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Can you tell me what this programme is? IMLogic\IM Detector\detector.exe

    Go HERE and follow the instructions for the CCleaner programme.

    Then, run a fresh AVG Antispyware scan. Attach the AVG Antispyware log as well as a fresh HJT log and the Nolop log I requested.

    Regards Howard :)

    This thread is for the use of tr1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. tr1

    tr1 TS Rookie Topic Starter

    Task Completed

    Hey,
    Ihave completed all tasks, when I run the avg spyware program it incurs multiple errors when trying to delete some infected files. Also I cannot find a way to get a NO LOp log, but I ran the program and it says no infection found. I googled IM LOGIC and it is either a synatec file or an IM worm, either way we can get rid of it because I no longer use NOrton and have deleted it from my system. Here are the new logs.
    Once again thanks for your help. You are one smart dude.
    TR
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    IMLogic
    IM Detector

    Close control panel.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    IM Detector (imdetector)

    Close the services window.


    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    detector.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O23 - Service: IM Detector (imdetector) - Unknown owner - C:\Program Files\IMLogic\IM Detector\detector.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\IMLogic<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    According to your AVG Antispyware log, your system has or is infected with a rootkit. It says it has cleaned it, but I would like to make absolutely sure. Therefore I`d like you to do the following.

    Go HERE and follow the instructions exactly, for removing the Rustock rootkit

    Then, go HERE and follow the instructions for running the Ccleaner programme.

    Post a fresh HJT log and let me know the results of the rootkit scan. Also, let me know if you`re having any problems.

    Regards Howard :)

    This thread is for the use of tr1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. tr1

    tr1 TS Rookie Topic Starter

    Task Completed

    Hey Howard,
    Thanks again for the help.
    I ran all the tasks that you specified, the only one that I could not get to work was from the Add Remove programs,the IM Detector program would not uninstall. I got the following error message (Error extracting support files. The system cannot find the file specified). All else seemed to work. I ran the root kill program and it found and deleted the file. Here is my updated HJT file.
    You DA MAN!
    Thanks
    TR
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is now clean.

    In order to remove the IM Detector entry from your add remove programmes list, do the following.

    Run the Ccleaner programme as per the instructions in step9 of this thread HERE.

    With the Ccleaner programme still open, click on the Tools button. Locate the IM Detector entry in the list and highlight it. Click the Delete entry button and click ok. Close Ccleaner.

    The entry should now have gone from your add remove programmes list in your control panel.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of tr1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. tr1

    tr1 TS Rookie Topic Starter

    Thanks

    Great Job Howard!!
    As usual you were right on the money.
    Thanks SO MUCH for your expertise and patience.
    I couldnt have done it without you.
    You are the best.
    Thanks from Paducah, KY and may all your trails be Happy.
    Thanks
    TR
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...