Virus: Privacy protector, Spyware & malware protection, error cleaner

By Ninjakitteh
Apr 24, 2008
Topic Status:
Not open for further replies.
  1. Well. About 2 days ago, this all started, my computer has been exhibiting these problems:

    Details of the problems:

    - URL icons on Desktop named: Error Cleaner, Privacy Protector, Spyware and
    Malware Protection

    - SystemFixError
    - change of Desktop background to a red picture written:
    Your Privacy is in Danger!
    Dowload Privacy Protection Software Now (box)

    - Windows message boxes keep poping up with texts like:
    Windows has detected an Internet attack attempt...
    Somebody's trying to infect you PC with spyware
    ...
    Click here to download spyware remover for total protection
    or
    Danger, your computer is
    infected, you can loose all your data; to solve the problem
    click the yes button

    Can someone please help, it is really quite annoying. And Neither ZoneAlarm, Avira, nor Spybot will help.

    Here is my Hijackthis logfile.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:54:58 PM, on 4/24/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\system32\ZoneLabs\vsmon.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    F:\Nexon\Mabinogi\npkcmsvc.exe
    F:\WINDOWS\system32\PSIService.exe
    F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    F:\Program Files\CursorXP\CursorXP.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    F:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    F:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    F:\Program Files\Mozilla Firefox\firefox.exe
    F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = (Can't post, not enough post count.)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: DVA Gate - {AEAFB69D-EDE2-47C8-BDBA-D8938DE059D3} - F:\WINDOWS\qnmargolewk.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - F:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: dpevflbg - {CE66268D-0208-4D9E-8BC7-12D91072A34D} - F:\WINDOWS\dpevflbg.dll
    O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [googletalk] F:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Corel Photo Downloader] "F:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [CursorXP] F:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [MySpaceIM] F:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Veoh] "F:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [VirusIsolator.exe] F:\Program Files\VirusIsolator\VirusIsolator.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] F:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] F:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] F:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O8 - Extra context menu item: e&xport to microsoft excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O21 - SSODL: vadokmxt - {0A466ADE-C647-4681-898C-6B3F69B8FDD8} - F:\WINDOWS\vadokmxt.dll
    O21 - SSODL: wdpoefan - {EE793B1C-1EE9-43A9-9CF1-CEBE2279A179} - F:\WINDOWS\wdpoefan.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - F:\Nexon\Mabinogi\npkcmsvc.exe
    O23 - Service: ProtexisLicensing - Unknown owner - F:\WINDOWS\system32\PSIService.exe
    O23 - Service: StyleXPService - Unknown owner - F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O24 - Desktop Component 0: Privacy Protection - file:///F:\WINDOWS\privacy_danger\index.htm

    --
    End of file - 5292 bytes

    Edit:
    I am currently doing a Malwarebytes' Anti-malware scan, and getting combofix. As mentioned in the previous thread.

    I've attached my Combofix log
  2. pettyninja97

    pettyninja97 Newcomer, in training

    Im having the same problem

    I Beleive it's related to an Activex download. I did some research...Did your task manager become unusable?..that was one of the side effects. That problem is easily fixable.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.