Winfixer

Problems? Post here...
Post Reply
User avatar
seifer699
forum buddy
forum buddy
Posts: 10
Joined: 25 Oct 2005, 16:00
15

Winfixer

Post by seifer699 »

Can somone help me get rid of this spyware. Extremly hard to take out. I use Win98se. I first went to those "anti virus/spyware" sites which help you to take it out but they did no good. So i decided to go to you guys, a hacker should know how to take out a infection more clearly right?

If you search winfixer on google you will see, how many people get screwed over this crap. Could somone please help me?? There are 3 files which are the "leaders" and have anti-deletion. awvww.dll and the reverse WWVWA.ini

Here is a hijackthis log:

Logfile of HijackThis v1.98.2
Scan saved at 6:32:49 PM, on 27/10/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\PROGRAM FILES\MESSENGERPLUS! 3\MSGPLUS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\E_S10IC1.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\AXON DATA\AXCRYPT\1.6.1\AXCRYPT.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lacnfamily.com/forum
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\6sfmn7e1.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\SYSTEM\AWVWW.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\SYSTEM\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O5 "LPT1:" /M "Stylus C42"
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [Windows] SYSTEM.EXE
O4 - HKLM\..\RunServices: [Synchronization Agent] "C:\PROGRAM FILES\SYNC MANAGER DEMO\agent\syncagent.exe"
O4 - HKLM\..\RunOnce: [*AWVWW] rundll32.exe C:\WINDOWS\SYSTEM\AWVWW.DLL,CreateProtectProc rerun
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

Help me out please, the infection is getting worse. Thx for your time guys.

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11598
Joined: 06 Apr 2005, 16:00
16
Location: The zone.
Contact:

Post by bad_brain »

have you tried to delete the files when in safe mode?
INTERNAT.EXE seems to be malware too, the file should normally be in sys32.....
and dude,don´t you have a firewall? 8O

User avatar
seifer699
forum buddy
forum buddy
Posts: 10
Joined: 25 Oct 2005, 16:00
15

Post by seifer699 »

deleting in safe mode does not work, yes i have a firewall. this is a complicated piece of spyware...harder to extract then you think...

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11598
Joined: 06 Apr 2005, 16:00
16
Location: The zone.
Contact:

Post by bad_brain »

hm,to be honest: if my system would be this damaged I would backup my important files and format the HDD. is there a specific reason why you use 98?
oh,and which browser do you use?

User avatar
seifer699
forum buddy
forum buddy
Posts: 10
Joined: 25 Oct 2005, 16:00
15

Post by seifer699 »

Waiting for response for problem...(your questions dont really have anything to do with my problem). And this is spyware, it has not affected my files. So backup is not needed. This is just a simple issue of spyware removal.

PLeXroD
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 146
Joined: 25 Oct 2005, 16:00
15
Location: Denmark
Contact:

Post by PLeXroD »

have you tried out Norton Antivirus 2005?.... :idea:
or Evidence Eliminator? :idea:
this problem you have the that can help you i think is Evidence Eliminator! :roll:
if you got MSNM or YIM them PM me and ill send Evidence Eliminator to you.... :wink:

btw my YIM ID is: nerdz4sunrise
-Never try to be uncommon, instead of that only realize it's you that is common...-

-In grater common sence Linux is better than MS Windows-

-Never try to hack platform, instead of that, only make security and teach other to do that to-

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11598
Joined: 06 Apr 2005, 16:00
16
Location: The zone.
Contact:

Post by bad_brain »

Waiting for response for problem...(your questions dont really have anything to do with my problem). And this is spyware, it has not affected my files. So backup is not needed. This is just a simple issue of spyware removal.
well, if it´s that simple why do you have to ask how to remove it then? :lol:
and my questions HAVE to do something with it:
-when you use a OS for which the support has been ended you don´t have
wonder when your system is a ideal target for malware
-and when you use IE (I´d bet you do) it´s even more dangerous.

so: you use a total unsecure system, come to a board acting like you know everything and think others will fix your problems for you?
use this link until you've learned some good manners: http://www.google.com

User avatar
CommonStray
Forum Assassin
Forum Assassin
Posts: 1214
Joined: 20 Aug 2005, 16:00
15

Post by CommonStray »

hmm, yea id say, the same as brain has to say...we ask our questions to better understand your problem, that how we help you...oh n brain..unloock to de lock eh :lol:

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11598
Joined: 06 Apr 2005, 16:00
16
Location: The zone.
Contact:

Post by bad_brain »

*grumbles* 8)

Post Reply