Jump to content

Change Mode

Recommended Posts

Ok...I've fought with this thing for the past 4 days...with no success. I've run Spybot and McAffee, both have removed things. I've scanned them over and over until they showed a clean scan. Here's what I've found so far...

 

Mcaffee and Spybot both found entries for Zango and Warezp2p. I've searched for an uninstaller but have found nothing. I've done registry searches for both and found nothing. But here is the only evidence I have...

 

Image Name Mem Usage VM Size

iexplorer.exe 9,984k 19,852k

iexplorer.exe 64,464k 80,012k

 

If I reboot, they're not in the process list...but as soon as I access the internet...they appear. Does the same thing if I get on the web with Firefox. If you end the largest iexplorer task...a random named process pops up (usually named something like ******~.EXE) and relaunches the iexplorer task. The new task will use 100% CPU until it hits around 50-60mb of memory usage. Running the PCPitstop full test and looking at the process list scan, it shows one of the iexplorer tasks as regular IE but shows the second one as coming from the same file path but not from Microsoft.

 

If I use IE for the internet...I get tons of random pop-ups...

 

Spybot's TeaTimer keeps showing that something is trying to write a "film meal" startup entry but I've told it deny access.

 

I've run HJT and found nothing...the list looks clean.

 

I can usually get rid of this crap by myself...but this one's thrown me for a loop :(

Link to post
Share on other sites

Hiya Racer :wp:

Can you post the PcPitStop test you took please. After test is done you will see a "TechExpress" link upper right side, click it, then copy/paste that link back here. We can help you better by seeing the test.

You said you looked over your own hjt log. I must ask do you have formal training in analyzing hjt logs? It takes a great deal of training to be able to fully analyze a hjt correctly. Just thought I would ask since I am in training for the hjt and it takes a LOT of hard, dedicated work to be able to analyze the hjt log.

In the mean time, see what this free scanner finds> http://www.superantispyware.com/ select the Blue box "free version for home users", update it after downloading, then run FULL scan. Also try 2 online av scanners> http://www.pandasoftware.com/products/activescan and>> http://www.bitdefender.com/scan8/ie.html ( select the red arrow I agree button )

So post the pit test and do the 3 scans above,post back with the results.. :)

Wademan

Edited by Wademan
Link to post
Share on other sites

This is the exact scan I ran yesterday...

http://www.pcpitstop.com/techexpress.asp?id=M6XFHWGX7MWS8PHW

 

When it comes to HJT logs...I've made it a part of my regular maintenance routine to run a scan. I've basically learned to recognize everything in the list and I can tell when something's changed. Some of it I know well...but some of the IE stuff I don't understand lol ;)

 

Running those scans now...

Link to post
Share on other sites

:sparkle: Hi

 

 

In your Add/Remove programs list

 

CiD Help <-can be part of LOP infection usually bundled with a download of Messenger 3 plus! or BitRoll and likely involving Purity Scan infection as well.

Link to post
Share on other sites

Your test looks pretty good.. You java is way out of date though, get the latest one here> http://java.sun.com/javase/downloads/index.jsp scroll down to> Java Runtime Environment (JRE) 6u1

The Java SE Runtime Environment (JRE) allows end-users to run Java applications. Then remove all the other older forms of java. You only need the latest one, others just take up space.

The 2 things spybot picked up are file sharing/peer sharing type software. Most who help in the fight against spyware will tell you that those programs are very risky to use. Did you install those 2? I didnt see them on your installed software list. I did see some other p2p file sharing programs though, such as bitlord. You can pick up virus's/malware from using these types of programs. I suspect maybe you have an infection from using those.

You do have lots of software installed, some really cool stuff I might add. But it would help the main drive if you could move some to the other 2 drives I see you have. Your Uncached speed 18 MB/s (43%) is on hard drive test. Its slow probably because its getting more full. You have 58% free space. That is not bad, but I bet performance would increase if you got the free space above 70% free.

That is all I see wrong with test, other than those 3 tips ( under test details ), which if you click on each one it will give you step by step fixes for those.

So I highly suspect malware is on your pc. lets see what the 3 scans find, and go from there, and update your java.

Wademan

Edited by Wademan
Link to post
Share on other sites

CiD Help? It'll be gone as soon as I get done scanning lol

 

I've been meaning to fix my Java...just had been to nervous to mess with it. Last time I tried to clear out all the old versions...I freaked out all of it and had to reinstall windows (my registry was very very screwed up lol)

 

No...the only file sharing program that I've installed is Bitlord. I don't know where the other two came from. And yes...I understand the dangers of torrents but between TeaTimer and McAffee, I've never had a problem. It's literally been about 3 years since I had any viruses :)

 

When it comes to the hard drives, I'm not sure moving stuff around will help because C and E are actually the same drive. I've got a 180gb Raid 0 that I partitioned into C and E. D is another Raid 0 (80gb) that I use for storage. Whenever I get the money to upgrade, I'm gonna get rid of the C and E partition and just make it one big drive lol

 

The 2 of the tips on the scan...I did intentionally lol. I turned off IE cache because I never use it...I run completely off of Firefox. Helps cut down on fragmentation. Turning off system restore...again helps cut down on fragmentation. Also, I don't trust the dumb thing. The two times that I used it, it only restored certain parts of my hard drive and caused a major registry problem (blue screens and memory errors). And the hard drive performance...I've never understood lol. Been like that since I built this system :/

 

 

 

Update on the scan. I started with the Panda scan...first scan showed up this:

Adware:adware/superspider c:\windows\system32\d2kpax.dll

Spyware:spyware/web3000 c:\windows\hh.ico

Potentially unwanted tool:application/mywebsearch hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179}

 

I stopped it early because it said that one of them was a possible rootkit and figured I needed to take care of that right away. After deleting all of those, I've restarted the scan and it's found 7 spywares so far :/ Is Spybot not just as good as it used to be? lol

Link to post
Share on other sites

Ok, get this and scan asap, dont clean yet just scan and see if it shows a rootkit> http://www.grisoft.com/doc/download-free-a...ootkit/us/crp/0 download is to the right ( free ) You have the mywebsearch Infection too, hate to say this, but you WILL need to post a hjt in out hjf fourms, and let an expert look at it. But you can finish the scans, as well as the avg anti-rootkit. Then you post a new hjt log here> http://forums.pcpitstop.com/index.php?showforum=25 here is someone else who that infection> http://forums.pcpitstop.com/index.php?showtopic=142173 and as you can see its going to take several tools to clean up his pc. When you post the log include a link to this thread so they can see steps we have done. The others that panda found, one is this > http://accs-net.com/smallfish/web3000.htm another bad infection and more info in it> http://www.securityspace.com/smysecure/catid.html?id=12006 and example of the supersider infection > http://forums.thatcomputerguy.us/index.php?showtopic=5167 ( note dont follow the hjt help in those links, as they were for that SPECIFIC user )

Also get this> http://www.intermute.com/spysubtract/cwshr...r_download.html download and let it scan, its fast. I want to see if any variants of coolwebsearch is found. I would complete the Panda an bitdefender, and the avg anti-rootkit, as well as the cwshredder. and superAntiSpyware scan. But, in the end, it will take the hjt log, along with a Trusted Advisor to fully clean your pc. That is my recomendation. So post what the above finds..

Wademan

Edited by Wademan
Link to post
Share on other sites

Ok...the Panda scan just did finish and here's what it found:

Adware:adware/superspider c:\windows\system32\jac.dll

Adware:Adware/Lop C:\Documents and Settings\All Users\Application Data\partmeetdentcake\Axis less.exe

Adware:Adware/Lop C:\Documents and Settings\Racer X\Application Data\Junk spam setup\asdnjjbx.exe

Adware:Adware/Lop C:\Documents and Settings\Racer X\Application Data\Junk spam setup\Lite four.exe

Spyware:Cookie/Searchportal C:\Documents and Settings\Racer X\Cookies\racer [email protected][1].txt

Adware:Adware/IST.ISTBar C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.041

Adware:Adware/IST.ISTBar C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.047

Adware:Adware/KeenValue C:\WINDOWS\system32\w32topld.dll

 

The axis less.exe and lite four.exe are the two filenames I kept seeing pop up when I closed the larger iexplorer task. Looks like Juliet pegged it ;)

 

Just ran CWShredder and came up clean. What Panda found may have been a piece left over from long ago when I did have CoolWebSearch and cleaned it off. Since I'll have to reboot to finish the AVG rootkit install...I'm gonna uninstall that CiD help thing and see if it fixes to problem.

 

Be right back lol

Link to post
Share on other sites

Good job,. :tup: .Yes Juliet is one smart gal ,I figured she was right about the Lop infection. Did you run SuperAntiSpyware yet? Lets hope avg anti-rootkit finds nothing, rootkits are very bad infections. Have you done a FULL scan with your McAfee lately?I Still think we will need hjt, along with special tools to clean your pc fully.

Wademan

Link to post
Share on other sites

Run whatever scans you like, let them delete or quarantine what is found.....Save your logs to desktop in case these are needed later for diagnosis.

 

It's actually best to post a HJT log, for complete removal and to check for hidden items as well.

Link to post
Share on other sites

Ok...AVG came back clean. *wipes sweat from brow* lol

 

I ran a full McAfee scan yesterday...it found one PUP. I think it was related to the warezp2p stuff. Secured and deleted.

 

Installed superantispyware and am currently running. It's already gone through the memory and the registry and found nothing. Also, I'm connected to the internet right now (duh) and I don't have any iexplorer's in my process list. I should have looked closer at that CiD Help entry when I saw it didn't have any info on it :/ Mental note there lol

 

As soon as this thing gets done...I'll make another HJT log and post it in that thread. I really think the problem is gone...but i'll post the log to ease your mind :P;)

Link to post
Share on other sites

Ok...that superantispyware finished, came up clean, i've rebooted, and everything it comin' up clean :)

 

Posting the HJT log...

 

Good job, and guess what?..Juliet is on the case in hjt forum for you!..I was betting she would.. :shifty::lol: Ill follow it over there too..

Wademan

Link to post
Share on other sites
  • 4 years later...

Hello,

 

we are the developer of a software platform which is under ongoing patent and trademarks steps with the name WEB3000 and W3K.

 

It came to our attention, that there was in the time span from 2000 to 2003 another company using the name "WEB3000" which had as intention to spread malware or spyware.

 

crocon media's complete software products do not contain any of this nor are we in any way related to the former developers and publishers of the WEB3000 malware products.

 

The old articles about WEB3000 developed by this malware company back from the early 2000's, which to our knowledge does not even exist anymore, does affect us in a very bad way.

 

Thank you.

 

Dario Goldsmith

Marketing & Sales

crocon media

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...