TV Media...Im sooo fustrated...PLEASE HELP

Discussion in 'adware, spyware & hijack cleaning' started by geninblaze, Jun 18, 2004.

Thread Status:
Not open for further replies.
  1. geninblaze

    geninblaze Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    15
    OK, I cant delete certain keys in the registry including that one time run of TV Media, the thing behind the CleverIEHooker...There doesnt seem to be TV Media running right now but I cant delete the folder with the TV Media Files. I delete the things that tell it to run at startup in the registry and it comes back.

    My Os is Windows 2000 Advanced Server
    My Computer is Dual Boot with Mandrake Linux 8.2
    I ran spybot beforehand.
    I ran adaware after.

    Yea, thats all the info I can provide; at least all I know on the top of my head...

    this is it...after doin Spybot Search and Destroy...I didnt do anything though...someone is uploadin these adwares I think. I run a web server on a windows 2000 advanced server comp. I use Apache and IIS 5. You can see at http://geninblaze.sytes.net

    Logfile of HijackThis v1.97.7
    Scan saved at 4:01:57 PM, on 6/17/2004
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\msdtc.exe
    C:\CFusionMX\runtime\bin\jrunsvc.exe
    C:\WINNT\system32\crypserv.exe
    C:\CFusionMX\runtime\bin\jrun.exe
    C:\WINNT\System32\tcpsvcs.exe
    C:\WINNT\System32\llssrv.exe
    C:\WINNT\System32\sfmprint.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
    C:\apache\mysql\bin\mysqld-nt.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\snmp.exe
    C:\WINNT\System32\termsrv.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\wins.exe
    C:\WINNT\system32\Dfssvc.exe
    C:\WINNT\System32\dns.exe
    C:\WINNT\System32\inetsrv\inetinfo.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
    C:\Documents and Settings\Administrator.AEO2\Desktop\HijackThis.exe

    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - Startup: BRS WebWeaver.lnk = C:\Program Files\WebWeaver\WebWeaver.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O9 - Extra button: AIM (HKLM)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared...81/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared...,19/mcgdmgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/i...367/mcfscan.cab


    Please help me...I ran Mcafee antivirus and "quarantined" the file, then deleted it, but when I looked it wasnt gone. And I still couldnt delete it. I cant delete some of these keys either in this log, I tried many times. I dunno what to do!
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi geninblaze,

    Before you start, please unzip hijackthis to a separate folder. The program will make backups in the folder in the folder it's in.
    These will end up on your desktop.

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

    O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

    Then reboot into safe mode and delete:
    C:\Program Files\TV Media <= entire folder

    (Or put Linux to use and delete the folder from there ;) )

    Regards,

    Pieter
     
  3. geninblaze

    geninblaze Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    15
    But when I click fix these problems and scan again they come back...

    I'm not familiar with how to access the windows partition on linux either...Because Im a n00b in computers.... ^_^

    And Oh yeah, my computer, is it classified as NT5? Cause it is WIndows 2000 advanced server. I read the symantec thing and it says you can only start a computer in safe mode if it is not NT or 3.1...I'll try anyway...Thanks very much for your help!

    EDIT
    I cant boot into safe mode...It wont let me...I cant even boot normally anymore..

    I think I'll just reinstall windows...
     
    Last edited: Jun 18, 2004
Thread Status:
Not open for further replies.