Oh dear, i just dropped AVG 9 on a clients PC tonight... i hope the same doesn't happen.
I must admit, i didn't like the way AVG 9 loaded, lots of 3rd Party shit gets added, what a shame.
Can someone please tell me the url for AVG 9s definitions updates, methinks I have a bug ... keep getting popups wanting me to buy porn etc even when I don't have a browser open. Malwarebytes chits itself when I try to update and AVG says I have the latest but the url looks sus.
TIA
Last edited by MrRadio; 19-03-10 at 08:13 PM. Reason: More info
Look Here -> |
Oh dear, i just dropped AVG 9 on a clients PC tonight... i hope the same doesn't happen.
I must admit, i didn't like the way AVG 9 loaded, lots of 3rd Party shit gets added, what a shame.
I am not suggesting that AVG is the culprit but I am wondering if the bug has changed the url somehow to protect itself. I may have saved the day as it is by deleting the mals with Malwarebytes (5 day old update) and restoring to yesterday .. no problems since ... but still a bit sus of the AVG update url, it looks like ect. I dont trust URLs with something before the product name.
Edit: In fact I'm pretty sure the culprit was bodgy Nero 9 update.
Last edited by MrRadio; 19-03-10 at 11:40 PM. Reason: More
not grisoft was it? i haven't used avg for for while.
These are the update urls for my AVG
Code:http://guru.avg.com/softw/90free/update/ http://bguru.avg.cz/softw/90free/update/
MrRadio (20-03-10)
I seriousy dont why you guys use AVG. Though it is good at alerting you when you have issues after it has let them all in.
Almost every PC I fix has AVG on it and is chockablock full of viruses trojans and spyware.
I got rid of AVG ages ago as it was slowing my system down too much. I now use Microsoft security essentials it's free and seems to work ok.
all av are same .. none stop before shit hits fan ... there bad as each other
Trust thyself only, and another shall not betray thee.
http://s18.postimage.org/h9xu3rrhx/fb_sevapers.jpg
Microsoft security essentials also seems to do a good job at stopping dodgy websites before they can install malware etc.
AVG can be a bugger to remove as well.
i get mine here
Ok, since I first posted I have been doing battle with a series of replicating trojans. varying names but mostly FakeAV.***.
AVG does not detect them during a scan but AVG residentshield does detect them when Malwarebytes opens them for a scan.
So far I have ran AVG scan, Malwarebytes scan (multiple), trojan remover and a full system scan using Kasper rescue disk, all of which find and delete trojans but still the problem lingers.
At wits end on this one, any ideas.
Maybe they are what their names suggests fakes embeded in Malwarebytes by the original infection
H E L P
I have a clean image of system from a few days before infection but I am hesitant to use it because I have never had success bringing an image back to a partition with Ghost ... prolly need a tut.
Latest:
AVG scan ... Nil found
MBAM ......... Nil found but one detected and deleted by Resident shield
Trojan Remover Nil found
I am expecting a similar scenario on next scans.
Fingers Crossed X
TR, AVG & MBAM all negative this morning.
Same result tomorrow & I'll start to feel beter.
wheres ya hijackthis log?
thats best way
https://www.facebook.com/philquad68
Here you go then
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 432 PM, on 22/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INTERN~2\mum.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~2\mum.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD2511B2-19D3-4217-B93B-75F5088335D2}: NameServer = 192.231.203.132,192.231.203.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDD13411-6693-4F15-8FE0-D38AB8E6D244}: NameServer = 192.231.203.132,192.231.203.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
--
End of file - 7413 bytes
looks pretty clean to me
your with internode? mum.exe
just check your msconfig now & then
to see if nothing is getting in the startup
https://www.facebook.com/philquad68
MrRadio (22-03-10)
have you got another pc to chuck the drive in as slave/usb and then run scans on it
Bookmarks