Jump to content

Change Mode

mssearchnet.exe and SpyAxe removal


Guest lngbrds021

Recommended Posts

Guest lngbrds021

I have an annoying pop up from my system toolbar saying that my computer is infected and I need to click it to download special software to remove the problem. I didn't click it because I was suspicious of the pop up. Instead I ran Ad-Aware Se and it couldn't find anything. I then ran SpyBot and it found a bunch of spyware including SpyAxe and Smitfraud-c. Both of which couldn't be removed. I ran HJT and when the log was parsed nothing was found as well. I have noticed in my task manager that the process mssearchnet.exe is running and I am unable to end this process. It keeps reloading itself, which leaves me to believe it is a problem. Please Help. I will submit my HJT log in a bit when Iget home to that computer. In the mean time if you have any suggestions that would be great.

Link to post
Share on other sites

I have an annoying pop up from my system toolbar saying that my computer is infected and I need to click it to download special software to remove the problem. I didn't click it because I was suspicious of the pop up. Instead I ran Ad-Aware Se and it couldn't find anything. I then ran SpyBot and it found a bunch of spyware including SpyAxe and Smitfraud-c. Both of which couldn't be removed. I ran HJT and when the log was parsed nothing was found as well. I have noticed in my task manager that the process mssearchnet.exe is running and I am unable to end this process. It keeps reloading itself, which leaves me to believe it is a problem. Please Help. I will submit my HJT log in a bit when Iget home to that computer. In the mean time if you have any suggestions that would be great.

 

 

Yea you need to post your HJT log over the HJT forum for those nasties you got there :crash: :wp:

Link to post
Share on other sites

:sparkle:Process File: mssearchnet or mssearchnet.exe

Process Name: Trojan.Zlob.D Trojan

Description:

mssearchnet.exe is registered as the Generic Downloader.aa and Trojan.Zlob.D Trojans. This process usually comes bundled with a virus and it’s main role is to do nothing other than download other viruses to your computer. It is a registered security risk and should be removed immediately.

Trojan.Zlob.D...Symantec Security Response

This is one that requires moderate removal techniques......Others that I have seen needed HJT help from the expert trusted advisors here at the Pit with complete removal. :sparkle:

Link to post
Share on other sites

The exact same thing just happened to me except I think I may have dupped by the pop up and got heavily infested with spyware and viruses. Supposedly it is a SpyAxe problem as well. Check out my forum as I did get some very helpfull info.

Nomad

 

I have an annoying pop up from my system toolbar saying that my computer is infected and I need to click it to download special software to remove the problem. I didn't click it because I was suspicious of the pop up. Instead I ran Ad-Aware Se and it couldn't find anything. I then ran SpyBot and it found a bunch of spyware including SpyAxe and Smitfraud-c. Both of which couldn't be removed. I ran HJT and when the log was parsed nothing was found as well. I have noticed in my task manager that the process mssearchnet.exe is running and I am unable to end this process. It keeps reloading itself, which leaves me to believe it is a problem. Please Help. I will submit my HJT log in a bit when Iget home to that computer. In the mean time if you have any suggestions that would be great.

 

Link to post
Share on other sites
Guest lngbrds021

After running Norton, it was able to remove a lot of virus. However, it still cannot remove trojan.download.spaxe...Also the pop up that I talked about before is still occuring and the mssearchnet.exe process is still running. here is my latest HJT log

 

Logfile of HijackThis v1.99.1

Scan saved at 8:37:16 PM, on 12/8/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\mssearchnet.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Messenger\MSMSGS.EXE

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\Program Files\Common Files\Aol\aoltpspd.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\McCann\Desktop\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.heritagesurf.com/wavecam.php

O2 - BHO: HomepageBHO - {724510c3-f3c8-4fb7-879a-d99f29008a2f} - C:\WINDOWS\system32\hp76D0.tmp (file missing)

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe

O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1116383339562

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://68.45.238.185/activex/AxisCamControl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://138.89.254.141/wg_webeye.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2A008F31-4203-4F81-B177-3FAB8C5ABECE}: NameServer = 205.188.146.145

O17 - HKLM\System\CS3\Services\Tcpip\..\{2A008F31-4203-4F81-B177-3FAB8C5ABECE}: NameServer = 205.188.146.145

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

Thanks.

Link to post
Share on other sites
×
×
  • Create New...