Go Back   Computer Forums > General Computing > Hardware
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 03-16-2009, 05:52 PM   #1
Baseband Member
 
Join Date: Jul 2008
Posts: 56
Default Random "antivirus software" popups problem

No Idea what I downloaded but firefox seems to be opening up random "antivirus software" or "spyware fixing" websites. This is happening about every minute or so as i browse the internet. Anyone have any ideas? Heres a HijackThis Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:11 PM, on 3/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorerpickles.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.netscape.com
F2 - REG:system.ini: Shell=Explorerpickles.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {090e7bc4-bf73-409f-b89c-24ac0b45c447} - C:\WINDOWS\system32\tebalolo.dll
O2 - BHO: {b158bc81-39bf-4028-62a4-6e8ecd31fefc} - {cfef13dc-e8e6-4a26-8204-fb9318cb851b} - C:\WINDOWS\system32\yetowk.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.22\RivaTuner.exe" /S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [jojiwitawo] Rundll32.exe "C:\WINDOWS\system32\luduheso.dll",s
O4 - HKLM\..\Run: [58e0a020] rundll32.exe "C:\WINDOWS\system32\zotemiso.dll",b
O4 - HKLM\..\Run: [CPM5bd393bc] Rundll32.exe "c:\windows\system32\hedukage.dll",a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [jojiwitawo] Rundll32.exe "C:\WINDOWS\system32\luduheso.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [jojiwitawo] Rundll32.exe "C:\WINDOWS\system32\luduheso.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\zuhukowa.dll yetowk.dll c:\windows\system32\hedukage.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hedukage.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hedukage.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4672 bytes
__________________

syvmn is offline   Reply With Quote
Old 03-16-2009, 06:42 PM   #2
Omnipotent One
 
Atomic Rooster's Avatar
 
Join Date: Apr 2006
Location: USA
Posts: 11,161
Send a message via AIM to Atomic Rooster Send a message via Yahoo to Atomic Rooster
Default Re: Random "antivirus software" popups problem

These things should be checked and/or fixed:

C:\WINDOWS\Explorerpickles.exe
F2 - REG:system.ini: Shell=Explorerpickles.exe
O2 - BHO: (no name) - {090e7bc4-bf73-409f-b89c-24ac0b45c447} - C:\WINDOWS\system32\tebalolo.dll
O2 - BHO: {b158bc81-39bf-4028-62a4-6e8ecd31fefc} - {cfef13dc-e8e6-4a26-8204-fb9318cb851b} - C:\WINDOWS\system32\yetowk.dll
O4 - HKLM\..\Run: [jojiwitawo] Rundll32.exe "C:\WINDOWS\system32\luduheso.dll",s
O4 - HKLM\..\Run: [58e0a020] rundll32.exe "C:\WINDOWS\system32\zotemiso.dll",b
O4 - HKLM\..\Run: [CPM5bd393bc] Rundll32.exe "c:\windows\system32\hedukage.dll",a
O4 - HKUS\S-1-5-19\..\Run: [jojiwitawo] Rundll32.exe "C:\WINDOWS\system32\luduheso.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [jojiwitawo] Rundll32.exe "C:\WINDOWS\system32\luduheso.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: C:\WINDOWS\system32\zuhukowa.dll yetowk.dll c:\windows\system32\hedukage.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hedukage.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hedukage.dll

You cn use the HijackThis progrma to remove them. I would also advise using Malwarebytes' Anti-Malware to scan and get rid of any nasty viruses and malware.
__________________

Atomic Rooster is offline   Reply With Quote
Old 03-16-2009, 08:29 PM   #3
Daemon Poster
 
Dodge1970's Avatar
 
Join Date: Apr 2008
Posts: 595
Default Re: Random "antivirus software" popups problem

There are some new trojans designed for FireFox most are not aware of. http://arstechnica.com/security/news...easemonkey.ars

Due to the popularity of the browser it was only a matter of time before someone wrote a malware for it.

Another free bug stopper called Spyware Terminator places a guard around the system registry to alert on any new changes. Even when you go to remove a program you will be prompted like a firewall or UAC to allow or deny. http://www.spywareterminator.com/

If you are still running IE 6 on XP there you will want to dump that for IE 7 since the older IE was full of security holes to start with even if you use FF for the default browser. That will help to increase security. http://www.microsoft.com/downloads/d...displaylang=en
Dodge1970 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 10:28 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0