TechSpot

need expert for hijackthis.log against ad.firstadsolutions!!!!

By eeerik
Nov 14, 2005
  1. sorry, i'm in need of an expert opinion on what to do here... theres this ad that pops up from time to time when i'm browsing the net with firefox. the form name is ad.firstadsolution.com and i didn't think much of it at first (i thought it was the sites i was going to) but then it would pop up on any site i browse... i searched the net a bit and found out that the best thing to do was to run hijackthis and show an expert the log, if anyone can help it will be much appreciated, thank you.


    umm, i really don't know what to do after the log so i just closed hijack this... i'm pretty much a noob here (i just rely on my norton antivirus 2004)... if anyone could tell me how i am suppose to go about using hijackthis that would be great too :)
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Apart from this rubbish
    C:\Program Files\Azureus\Azureus.exe
    your log looks clean.

    BUT, you should immediately apply SP2 to your XP. It's irresponsible (and stupid) not to do it! Get the SP2-CD free from M$

    For anything else, follow:
    Read: How to remove Trojans and its ilk!
     
  3. eeerik

    eeerik TS Rookie Topic Starter

    ok! thanks alot RealBlackStuff, I'll install xp service pack 2 asap.
     
  4. eeerik

    eeerik TS Rookie Topic Starter

    help RealBlackStuff!!! firstadsolution still alive!!!

    hello, sorry for being a bit misleading, this help was aimed towards RealBlackStuff because he/she was the one who had previously helped me and it was his/her pin in which i followed to try to remove spyware and it's ilk!!!!

    but the problem i had before still stands, ad.firstadsolution.com still seems to pop up from time to time when browsing with firefox... i searched around the net a bit and found a forum that asked me to scan with CCleaner and MWAV antivirus, shown at http://64.233.187.104/search?q=cach...irefox+firstadsolution&hl=en&client=firefox-a (sorry i couldn't find the button to input a link, and the one i was clicking only brought me to the top of the page)...

    i was viewing through the thread and don't really think i can apply what was put to my own settings... i hope someone will be able to help me, if needed i can re-scan my computer and post the logs, i just don't want to have this adware/spyware on my computer... thanks.

    i attached a screenshot of the found adware/spyware... searchexe and bearware.

    thanks to anyone that can help me.

    EDIT: sorry, i keep gettting a 'the document contains no data' error when i try to upload the .bmp file.

    what the scan results show are:

    Object "searchexe Spyware/Adware" found in File System! Action Taken: No Action Taken.
    Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
    Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
    Object "cydoor.topicks.a Spyware/Adware" found in File System! Action Taken: No Action Taken.

    and alot of entries that include 'refers to invalid object'.

    these results were from the MWAV (MicroWorld Anti Virus & Spyware) Toolkit Utility scan.

    I merged the two posts.
    PS: I am a he
     
  5. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

  6. eeerik

    eeerik TS Rookie Topic Starter

    yea i understand RealBlackStuff, sorry. K, i'll redo the steps from noted in your pin and i'll post the log, thanks for your help!
     
  7. eeerik

    eeerik TS Rookie Topic Starter

    Spy Audit results:

    Infection Level: Manageable

    Found on Your Computer: 0 0 0 0

    Trojan Horses Detected: 0

    ---------------------------------------------------------

    Aluria results:

    Risk Level: between medium to high

    Suspect Files: 0
    Spyware Registry Entries: 1
    Identified Spyware: 1

    Spyware Registry Entries
    -----------------------------------
    VirtualBouncer

    ---------------------------------------------------------

    For Ewido... "When you run it the first time, you get a warning "Database could not be found!". Click OK." this never happened for me. and whe I clicked on Start Scan the following boxes were not shown (for me to check):
    - Binder
    - Crypter
    - Archives
    although I did go into Settings and selected scan all file types.

    The Ewido Scan Report is attached.

    Thanks again for your help RealBlackStuff!

    "PS. I am He", sorry, I tried looking at your profile but it wasn't mentioned (just a ton of system specs!) so I didn't want to be rude :)
     
  8. eeerik

    eeerik TS Rookie Topic Starter

    Reviewing my processes, I found an extra occurence of svchost.exe... I searched the net about this for a little bit and found at www.liutilities.com it is known to also be W32.Welchia.Worm... After doing a little more searching, i searched my harddrive for svchost.exe and update.exe and found them to be in the same folder... Should I delete this folder RealBlackStuff? It looks kinda fishy...

    PS. I saw the extra occurence of svchost.exe in my running processes because I always keep a screenshot of what my processes should look like when it is clean.

    The folder where the files are located in:
    C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819
     
  9. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    svchost.exe can occur many times (my XP-Pro has 6 currently). Keep your fingers off it, unless you are told to look for one specific occurrence!

    Svchost.exe (SP2, size=14,336, date=03-Aug-2004) is normally located in c:\windows\system32 and in c:\windows\servicepackfiles\i386
    The extra file could have 'arrived' from SP2.

    On my XP I find 40 occurrences of update.exe.
    Looks like you have not done any updates at all.

    I would again urge you to install SP2, then do a full update for Windows.
    Your PC is quite 'under'protected the way it is.
    Or reinstall everything from scratch, even!

    Also, stay away from that distribution folder.
    And I've never even heard of that MWAV stuff, I would not trust it.

    Only post your next message/log AFTER you have done all this! (at least SP2)

    As to gender: there are very few women who drink Guinness!
     
  10. eeerik

    eeerik TS Rookie Topic Starter

    "Looks like you have not done any updates at all."
    hmmm, I thought I had already installed Service Pack 2... I see that security shield in control panel and on the taskbar... K, I will go to microsoft site and install or re-install SP2 and every update I can find to install onto my computer, I'll let you know the next time the problem occurs, thanks RealBlackStuff.
     
  11. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Your last HJT-log from 2 days ago did not show any service pack at all!
    Do NOT install SP2 from MS-website, get the CD. It's free, or borrow it from a friend.
     
  12. toymachine2009

    toymachine2009 TS Rookie

    to fix all ur problems

    first get the antivirus called norton symantec corporate 10 then adaware se run the both through entirely i guarentee u both of them will find things then get rid of them THERE YOU GO not hard you dont need sp2 all it provides u with is this cheap crap firewall and little bugs.. but not needed. the firewall it comes with i disable anywayz and install my own. just get the right software that will take care of it

    by the way this sites quick replys dont work :mad:
     
  13. Vigilante

    Vigilante TechSpot Paladin Posts: 1,666

    Dude where are you from? I think RealBlackStuff's post count and success stories speak for themselves.
    Trying to load anything "corporate" for the most part, unless you are a large corporation who needs such a license, is probably trying to use it illegally, also not tolerated around here.

    And SP2 includes, among a firewall, loads of critical system patches that are quite necessary. Otherwise you open yourself right up to viruses such as Blaster and Nachi and other variants. And the XP firewall is better then NO firewall, for sure.

    eeerik, please do your best to follow all of the instructions in the post RBS gave you. Perhaps even print it out. Go into Safe Mode to do ALL cleaning, and don't leave safe mode until it IS clean.
    Remove everything your scanning tools find, EXCEPT for Hijackthis, as it finds the good as well as the bad.
    For a reliable online virus scan, go in Internet Explorer to housecall.trendmicro.com and run their scanner. Also delete whatever it finds.

    This popup is very likely one tiny piece of spyware that has perhaps slipped your attention thus far. One of the tools is likely to hit it for good.

    toymachine2009 - keep in mind it is not a very good idea to come here saying the "quick" advice is no good, and offer your own instead. I give you fair warning.
     
  14. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    toymachine2009
    for whatever it is worth to you, you've made it on my s-hitlist!
     
  15. toymachine2009

    toymachine2009 TS Rookie

    ok

    its really worth nothing i can careless just because everyone on this site uses hijackthis to fix a popup i no better i am not stupid so i can careless
     
  16. Vigilante

    Vigilante TechSpot Paladin Posts: 1,666

    It's ok, think what you want. But there is the idea that everybody else who comes here looking for help, does NOT know as much as you do, or we do. And starting with a HJT scan allows us to see all kinds of data that could lead to a solution, from running processes to startups to BHOs and services, as well as a ton of other stuff. Info that just running one antispyware or antivirus tool doesn't show. It's the best place to start.

    Anyhoo, back to the original problem, any luck thus far?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...