Spyhunter

[bonnieview]

Hello, I realise that finding 47 trojans with this programe...that requires payment to remove them...is a bit sus. However, my daughter ran this on my puter and I was alarmed to find

dialer fairtoraci x 3
mirar toolbar x 2
netNucleus x 1
Zlob.Trojan x 41

My thinking is that surely my NOD and ewido would have found these...but to be sure I have to ask you...am II not totally covered as I thought??

Thanks in advance,
Grace

[Blackspear]

Hi bonnieview, welcome to Wilders.

As you have NOD32 I have moved your thread here.

Please check your settings against those found in the NOD32 Tutorial

AFTER this run a scan by following these steps:

1. Click on the NOD32 Control Centre (Green and White split square on the bottom right hand corner of your computers screen).
2. Click on NOD32.
3. Click on Run NOD32.
4. Click on “Scan and Clean”.
5. Reboot your Computer.
6. Click on the NOD32 Control Centre (Green and White split square on the bottom right hand corner of your computers screen).
7. Click on NOD32.
8. Click on Run NOD32.
9. Click on “Scan and Clean”.

Then download and run HijackThis from HERE and then post your log in a reply to this thread.

Cheers

[bonnieview]

hope this is right!

Logfile of HijackThis v1.99.1
Scan saved at 9:20:55 PM, on 2/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Isota\ABCSpell\ABCSpellService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Owner\Desktop\HijackThis1991.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://au7.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Microsoft office\Office\OSA9.EXE
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1134310581703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134312069468
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37470.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33AF6CBD-5E1C-4BC9-8708-C6BB936D26AF}: NameServer = 203.194.27.57 203.194.56.150
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ABCSpell Helper Service - Unknown owner - C:\Program Files\Isota\ABCSpell\ABCSpellService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[rothko]

I'll let someone else decipher that, but I believe Spyhunter was on the Rogue List, though it seems to have been taken off now but still doesnt seem to be a recommended anti-spyware application. I would trust AVG-AntiSpyware and NOD32 to keep you clean over Spyhunter

[bonnieview]

Thanks Rothko (and here's a X for your pig)

[Blackspear]

Quote:

Originally Posted by bonnieview

...that requires payment to remove them...

I have confirmed your log is indeed clean, best to keep your money tucked away in your purse, unless you'd like to shout us all a beer, but be warned we drink a lot...

NOD32 is keeping your system clean

Cheers

[Bubba]

Quote:

Originally Posted by bonnieview

I was alarmed to find

dialer fairtoraci x 3
mirar toolbar x 2
netNucleus x 1
Zlob.Trojan x 41

Hello Grace,

I am inclined to believe that what Spyhunter found were nothing more than False Positives of valid entries placed in the registry by such programs as Spywareblaster, Spybot and\or IE-Spyad for Restricted Sites protection in Internet Explorer.

Do you use such Restricted Sites protection programs and if so which ones ?

After downloading the latest version of Spyhunter and running a registry scan....there was no malware found. However....when I enabled Spywareblasters Restricted Site protection entries....Spyhunter reported the below entries....which tells me they were False positives.

Bubba

[bonnieview]

Thank you all for your help, it's a great relief to know my Nod is still up to the job!

Yes, Bubba, I have Spybot on this computer so as you said probably from their data list.

So relieved, big thank you all

Cheers,

Grace

[Bubba]

Quote:

Originally Posted by bonnieview

I have Spybot on this computer so as you said probably from their data list.

Yes indeed and glad you got it sorted out

[proactivelover]

use this free tool to remove this garbage
h**p://www.malwarebytes.org/rogueremover.php