Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 01-24-2007, 09:29 PM   #11
Golden Master
 
borat_sagdiyev's Avatar
 
Join Date: Feb 2006
Posts: 8,986
Send a message via AIM to borat_sagdiyev Send a message via MSN to borat_sagdiyev
Default Re: I think I've got a rootkit...

lol you got coolwwwsearch. that thing is a bitch to get rid of lmao

and ALCMTR.exe isnt that bad but i recommend shutting it down.

http://netrn.net/spywareblog/archive...coolwebsearch/
__________________

__________________
Core 2 Duo e4500 2.2ghz @ 2.8ghz
evga 650i ultra
2gb 400mhz ram OC'ed to 450
evga geforce 7600GT overclocked
borat_sagdiyev is offline   Reply With Quote
Old 01-24-2007, 09:32 PM   #12
Golden Master
 
freestyler105's Avatar
 
Join Date: Sep 2006
Posts: 7,883
Default Re: I think I've got a rootkit...

Quote:
Originally Posted by spywarebanisher
omfg lemme read ur hijack this. here fix these

C:\WINDOWS\ALCMTR.EXE (end the process, its spying on you!)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE(fix in hijack this)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

omfg once this is fixed i demand a rep point!(just kidding) but still, this a is massive spyware im helpin u remove!
Um, none of that is spyware. The first three have to do with audio drivers, there's no problem. The last thing is just the crappy toolbar that comes with AIM, you probably want to get rid of it, but it's not a rootkit or spyware...

Anyway, get your facts right before "demanding a rep point".
__________________

__________________
C2D E6600 | 4GB DDR2-800 | 9800GTX+ | Asus P5B-E | 150GB Raptor | 320GB 7200.10 | 750W Xigmatek PSU
freestyler105 is offline   Reply With Quote
Old 01-24-2007, 09:34 PM   #13
Golden Master
 
borat_sagdiyev's Avatar
 
Join Date: Feb 2006
Posts: 8,986
Send a message via AIM to borat_sagdiyev Send a message via MSN to borat_sagdiyev
Default Re: I think I've got a rootkit...

and the worst thing on there is the coolwwwsearch
__________________
Core 2 Duo e4500 2.2ghz @ 2.8ghz
evga 650i ultra
2gb 400mhz ram OC'ed to 450
evga geforce 7600GT overclocked
borat_sagdiyev is offline   Reply With Quote
Old 01-24-2007, 09:50 PM   #14
Fully Optimized
 
spywarebanisher's Avatar
 
Join Date: Dec 2006
Posts: 2,135
Default Re: I think I've got a rootkit...

the alcx is not an audio driver, get ur facts rite! look it up. its spyware. and the cool websearch can be removed with the many available cool web shredders we have today free to download. you can get one off filehippo.com
spywarebanisher is offline   Reply With Quote
Old 01-25-2007, 07:41 AM   #15
Baseband Member
 
Join Date: Mar 2005
Posts: 62
Send a message via AIM to Movieguy Send a message via Yahoo to Movieguy
Default Re: I think I've got a rootkit...

Just yesterday, Spywarewarrior.com finally provided me with the means to remove coolwwwsearch. They linked me to a file called "DelDomains.inf", which I installed, then restarted my computer. I then re-immunized with my Spybot, and presto! I ran a scan, and it found no trace of either coolwwwsearch, or smitfraud-C.

But I did check my processes, because my computer is still starting up slowly, and I didn't find that first thing you mentioned, spywarebanisher. I ran hijack this, and the only thing you mentioned that showed up on the scan was the AOL toolbar thing, which I fixed.

I just ran Hijack this again...see if I missed anything.

Logfile of HijackThis v1.99.1
Scan saved at 7:38:43 AM, on 1/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.e xe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Common Files\AOL\1124933057\ee\aolsoftware.exe
c:\program files\common files\aol\1124933057\ee\aolsoftware.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\HP_Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.retrocrush.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
(continued on next post)
Movieguy is offline   Reply With Quote
Old 01-25-2007, 07:41 AM   #16
Baseband Member
 
Join Date: Mar 2005
Posts: 62
Send a message via AIM to Movieguy Send a message via Yahoo to Movieguy
Default Re: I think I've got a rootkit...

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/cabs/A18X.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1140873191625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1140873182609
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JMOWLTKZR - Sysinternals - www.sysinternals.com - C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\JMOWLTKZR.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RZKNM - Sysinternals - www.sysinternals.com - C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\RZKNM.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Movieguy is offline   Reply With Quote
Old 01-25-2007, 11:19 AM   #17
Solid State Member
 
mdeal's Avatar
 
Join Date: Jan 2007
Posts: 11
Default Re: I think I've got a rootkit...

Ive had good luck with removing root kits etc..., with F-secure's web scanner!
mdeal is offline   Reply With Quote
Old 01-25-2007, 01:31 PM   #18
The Candyman
 
~mr mixx~'s Avatar
 
Join Date: Jun 2004
Location: USA
Posts: 11,310
Default Re: I think I've got a rootkit...

agreed, F-Secure has very good root Kit removers..
__________________
" Let the music move you "
~mr mixx~ is offline   Reply With Quote
Old 01-25-2007, 06:29 PM   #19
Fully Optimized
 
spywarebanisher's Avatar
 
Join Date: Dec 2006
Posts: 2,135
Default Re: I think I've got a rootkit...

ok happy u cured urself.
spywarebanisher is offline   Reply With Quote
Old 01-25-2007, 06:44 PM   #20
Golden Master
 
freestyler105's Avatar
 
Join Date: Sep 2006
Posts: 7,883
Default Re: I think I've got a rootkit...

Quote:
Originally Posted by spywarebanisher
the alcx is not an audio driver, get ur facts rite! look it up. its spyware. and the cool websearch can be removed with the many available cool web shredders we have today free to download. you can get one off filehippo.com
http://www.liutilities.com/products/...rary/alcxmntr/
No, it's not spyware!
Quote:
Description:
alcxmntr.exe is installed alongside hardware drivers for the Realtek AC97 audio device. This program is a non-essential system process, but should not be terminated unless suspected to be causing problems.
__________________

__________________
C2D E6600 | 4GB DDR2-800 | 9800GTX+ | Asus P5B-E | 150GB Raptor | 320GB 7200.10 | 750W Xigmatek PSU
freestyler105 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 08:28 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0