News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
September 02, 2010, 07:56:08 AM
+  cexx.org - Support Forums
|-+  Spyware-Related Stuff
| |-+  Spyware - Help!
| | |-+  Re: Irritating warnings from some unknown software
Pages: [1]
« previous next »
  Print  
Topic: Re: Irritating warnings from some unknown software  (Read 684 times)
« on: August 18, 2007, 01:05:35 AM »
lbisot
Newbie

View Profile 		*

Karma: 0
Posts: 1
Hi,

I have the same problem. Came from an e-mail to my son's hotmail address, which he opened by mistake.

I have identified the tmxxxh.dll file, in windows/system32, but I cant delete it.

Following Mr JAK3's instructions, here is the Smitfraud report.

Thanks a lot for your help & advice.


SmitFraudFix v2.212

Scan done at 11:03:11,60, 18/08/2007
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsCtrls.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PSHOST.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\AOL\1186430408\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\user\MENUDM~1\PROGRA~1\VirusProtectPro FOUND !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user\Favoris

C:\DOCUME~1\user\Favoris\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video ActiveX Access\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}"="hirtellous"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{70d17a5f-ef27-4295-90f5-20ad6f24834f}"="dizening"

[HKEY_CLASSES_ROOT\CLSID\{70d17a5f-ef27-4295-90f5-20ad6f24834f}\InProcServer32]
@="C:\WINDOWS\system32\tmxxxh.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{70d17a5f-ef27-4295-90f5-20ad6f24834f}\InProcServer32]
@="C:\WINDOWS\system32\tmxxxh.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~3\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SiS 900-Based PCI Fast Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 205.188.146.145

HKLM\SYSTEM\CCS\Services\Tcpip\..\{89CE917C-72CF-40DC-A480-BB6B6A6EDD0C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E45DEF9D-F058-4E32-8628-55DCE70F877F}: NameServer=205.188.146.145
HKLM\SYSTEM\CS1\Services\Tcpip\..\{89CE917C-72CF-40DC-A480-BB6B6A6EDD0C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E45DEF9D-F058-4E32-8628-55DCE70F877F}: NameServer=205.188.146.145
HKLM\SYSTEM\CS2\Services\Tcpip\..\{89CE917C-72CF-40DC-A480-BB6B6A6EDD0C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
Logged
« Reply #1 on: August 21, 2007, 09:53:08 PM »
Malware Scum, Die! 		TeMerc
Countermeasures Leader
Administrator View Profile WWW
Karma: 66
Posts: 6146
Hi and welcome to CEXX forums, sorry for the delay in a reply.

Please update SmithFraud Fix there have been 3 new updates since you posted your log. You can update it thru its command prompt by hitting '4' to begin.

Then also run HJT and post its log, well continue from that point.

Please download HijackThis! SetUp from here. Save the file to your desktop.

Double-click the HijackThis! SetUp icon to begin the installation. Follow the prompts for the default install location of:'C:\Program Files\HijackThis'. Tick the 'Create a desktop' button when the option appears. Select next, then allow HijackThis! to start.

Then  press the [Scan] button. You will notice the [Scan] button will turn into a [Save Log] button. Click the [Save Log] button and notepad will open up with the contents of the scan. Right-click in the saved log, and select 'copy'. Then proceed to your original thread, unless otherwise instructed and click the '[Reply]' button and paste the saved contents to be reviewed. Do not make any modifications to the log or perform any 'fixes' until told to do so.

Also please be sure to perform only the instructions I have posted and nothing more. Instructions are given in a specific order in many cases and attempts at steps which you may think are helpful, may not be.
Logged

Malware Advisor Blog
Ultimate Countermeasures Page
 
Pages: [1]
  Print  
« previous next »
 
Jump to:  

Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC Page created in 0.412 seconds with 16 queries.