|
|
#1
November 16th, 2003, 04:09 AM
|
|||
|
|||
dataminer
I seem to be inundated with files shown as eAcceleration and classed as Dataminer.
Does anyone know what they are, where they come from and how do I stop them? |
|
#2
November 16th, 2003, 04:49 AM
|
||||
|
||||
|
Re:dataminer
Hi neversweet, and welcome to Wilders
 One of the Moderators will probably move your post to a more suitable forum. But to assist you with more information on eAcceleration, there is a 5-page thread about eAcceleration and the spyware it installs and related problems that can come with it. http://www.dslreports.com/forum/rema...e=flat;start=0 At the moment, i would ask that you download HijackThis, http://mjc1.com/mirror/hjt/ Unzip it and run a scan. Then after you have saved the log, open it in Notepad and copy and paste the contents here so the Experts can see what is running and help you remove this from your system. Please do NOT *fix* anything as most of what HijackThis will list is necessary to your operating system and not harmful. regards, snap
__________________
@-`-,-- |
|
#3
November 16th, 2003, 06:57 AM
|
|||
|
|||
|
Re:dataminer
Logfile of HijackThis v1.97.6
Scan saved at 11:51:07, on 16/11/2003 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\system32\crypserv.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\Fast.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\taskswitch.exe C:\WINDOWS\System32\fast.exe C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe C:\Program Files\Real\RealPlayer\realplay.exe C:\Program Files\IHP\ihp.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Real\RealJukebox\tsystray.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\INCRED~1\bin\IncMail.exe C:\WINDOWS\System32\ctfmon.exe C:\PROGRA~1\PANICW~1\POP-UP~3\POPUPS~1.EXE C:\Program Files\Netscape\Netscape\Netscp.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\INCRED~2\bin\IBMain.exe C:\Documents and Settings\Chris Bolton\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O1 - Hosts: 216.177.73.139 auto.search.msn.com O1 - Hosts: 216.177.73.139 search.netscape.com O1 - Hosts: 216.177.73.139 ieautosearch O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll O2 - BHO: IBBHO - {12BA043E-293E-4CE4-A8C7-8460934FE801} - C:\Program Files\IncrediBar\bin\IBBHO.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: IncrediBar - {D8073790-84C7-4602-BF77-C6ACBF1612E4} - C:\Program Files\IncrediBar\bin\IBToolBar.dll O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [IHP] C:\Program Files\IHP\ihp.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS O4 - HKLM\..\Run: [RealJukeboxSystray] C:\Program Files\Real\RealJukebox\tsystray.exe O4 - HKLM\..\Run: [WebScan] C:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~3\POPUPS~1.EXE" O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: IncrediBar (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37591.4596296296 O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{33183AB3-679B-406D-AE45-0FF67448C307}: NameServer = 207.44.140.102 64.191.22.247 Above is a copy of my file log as requested. What do I do now? |
|
#4
November 16th, 2003, 07:01 AM
|
||||
|
||||
|
Re:dataminer
Hi neversweat,
Check the following items in HijackThis. Close all windows except HijackThis and click Fix checked: R3 - Default URLSearchHook is missing O1 - Hosts: 216.177.73.139 auto.search.msn.com O1 - Hosts: 216.177.73.139 search.netscape.com O1 - Hosts: 216.177.73.139 ieautosearch O4 - HKLM\..\Run: [WebScan] C:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.exe O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab Reboot after doing so, preferably into safe mode and delete: C:\PROGRAM FILES\ACCELERATION SOFTWARE <= entire folder Could you tell us, if you know what this does: O4 - HKLM\..\Run: [IHP] C:\Program Files\IHP\ihp.exe Regards, Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. Remove & Prevent spyware It's human to make mistakes. It's even more so to blame the computer for it. |
|
#6
November 16th, 2003, 03:05 PM
|
||||
|
||||
|
Re:dataminer
Hardly the champ, bill.
A well-trained monkey at best. Neversweat, thanks for your e-mail. Glad we could help. Regards, Pieter
__________________
Regards, Pieter Itīs nice to be important, but itīs more important to be nice. Remove & Prevent spyware It's human to make mistakes. It's even more so to blame the computer for it. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
Good job there my friend. 
