TechSpot

Unknown Icons on the Desktop

By Fairly
Aug 27, 2007
  1. Hi there

    I have got three unknown desktop icons. 1. Error Cleaner 2. Privacy Protector
    3. Spyware and malware protection
    The properties show the follwing link.
    http://virusprotectionproonline.com/shandler.php?sid=502&aid=398&said=0&pn=0&sg=1

    When the Pc is switched on (not connected to the internet) a message appears "windows has detected an internet attack attempt ....... Click here to download the protector. Even if I close the message it attemps to connect to the internet and even when I click of Off line it tries to load the following pages

    http://www.safewebnavigate.com/index.php?sid=502&aid=398&said=0&pn=0&pid=1

    http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2


    I already had Hijackhtis Software and ran a scan report which is copy pasted below. However I have read some instructions on this forum and let me know whether I need to do a new download. Please assist me further. Help much appreciated.
     
  2. rahul_intlad

    rahul_intlad TS Rookie

    Your HJT shows a malware called webHancer ,don't delete it directly from your program files folder or it would block your internet access,use the control panel -> add/remove programs option.
    ************************************************
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab

    This is also a malware and you need a anti-spyware or malware cleaner for this.You could post logs of that.
     
  3. Did you read howard_hopkinso's step-by-step instructions on how to get rid of malware/viruses/spyware? Read it carefully and you will most likely get rid of your problems.

    - http://www.techspot.com/vb/topic58138.html
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :)

    This thread is for the use of Fairly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. Fairly

    Fairly TS Rookie Topic Starter

    New file Analyze

    Hi
    Downloaded the HJT changed the name to Analyze.exe and the scan report is attached.
    I tried to remove the Webhancer from the Add/Remove programs but could not find there.
    I will do the next step once I know the results of this file.
    many thanks
     

    Attached Files:

  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log shows your system is badly infected with malware.

    Follow the instructions, then once you`ve completed them, post the requested log files.

    Regards Howard :)

    This thread is for the use of Fairly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. Fairly

    Fairly TS Rookie Topic Starter

    Scanning

    Hi there

    Please let me know when step 11 (or when any other scan is done) whether this can be performed in the Safe mode. When I attempt to do this in the normal windows mode the usual popus come and start opening new Internet pages.
    many thanks.
    fairly
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Steps 11 and 12 are meant to be done from normal mode. Only when you get to step 13 are you supposed to boot into safe mode.

    Just try and follow the instructions as exactly as you can.

    Regards Howard :)

    This thread is for the use of Fairly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. Fairly

    Fairly TS Rookie Topic Starter

    latest reports

    Hi there
    Ran the processes several times.
    The Rootkits message said there are no installed rootkits.
    The Norton scan found one file wr-1-32-exe. the directory is given as c:/Windows/wr.exe. Could not delete.
    Ran the processes again and ran the AVG antivirus. - message was nothing found.
    The latest Hijack this is attached. (there are two files ran at different times)
    Please let me know whether I should continue the process once more.
    Many thanks.
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download Vundofix from HERE.

    Double click the Vundofix.exe to run it.

    Right click in the vundofix window and click add files.

    Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

    These are the filepaths you need to enter into Vundofix.

    C:\WINDOWS\wmpdev.dll
    C:\WINDOWS\wmphost.dll
    C:\WINDOWS\mxduo.dll

    Once you`ve done the above, post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of Fairly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. Fairly

    Fairly TS Rookie Topic Starter

    new files

    hi
    I have done the Vundofix. However at the time of last reading the Combofix was apparently not working (you mentioned to skip that step). So I will do that run separately and attach the files. Meantime the HJT and AVG reports are attached.
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=zuzed004YYID_ZZzer0 00

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://www.google.com

    Click on the fix checked button.

    Close HJT and reboot your system.

    Post fresh HJT and Combofix logs.

    Regards Howard :)

    This thread is for the use of Fairly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. Fairly

    Fairly TS Rookie Topic Starter

    new files

    hi everyone
    Here are the new files.
    I have not run the Norton yet
     
  14. Fairly

    Fairly TS Rookie Topic Starter

    Scan results

    Norton had a problem. I tried the online virus and also downloaded AGV antivirus. The AGV identified Hijack this (analyse this) as a potential virus and deleted. there were no other files identified.
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    I asked you to post a fresh Combofix log, instead you posted a Combfix quarantine log.

    AVG`s detection of HJT as a virus, is a false positive.

    Regards Howard :)

    This thread is for the use of Fairly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...