Welcome to Help4Web.co.uk - Web Design Help, Html Tutorial, Php, Asp , SQL help and CCNA, MCSE definitions!
Google
Webkpop-web.com

     Main Menu

· Home
· Free Downloads
· Computing FAQ
· Contact Us
· Free Software Downloads
· Tech Forum
· Technology News
· Web Design Help
· Your Account
· Your PM



     Web Browser

     Website Links
IT solutions
key technology solutions
Storage Area Network - Business Intelligence
Call Centre
White Papers IT
Learn Korean
Chinese Pop Music
Advertise Kpop
Korean Pop Site Map
Web Design
Pop Music
Chinese Girls
HK Pop Korean Music
Lee Hyori
Hyori
Boa Park Ji Yoon
Baby Vox YG Family
Jeon Ji Hyun
1 Tym Ha Ji Won
Shyne Bi Rain Bi
Shin Mina SM Town
Fly to the Sky
Korean Girls
Nicholas Tse
Web Traffic
보아
Edison Chen
Sung Hi Lee
Shinhwa
Andy Lau Jay Chou
White Papers
Case Study SES
Kelly Chen
Liu Yi Fei Sammi Cheng
Jordan Chan Music
IT Solutions

Computer Help Forum and Programming Advice :: View topic - "CoolWebStuff" worm
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log inLog in 

"CoolWebStuff" worm

 
Post new topic   Reply to topic    Computer Help Forum and Programming Advice Forum Index -> Adware and spyware prevention tips
View previous topic :: View next topic  
Author Message
matrix
Freshman
Freshman


Joined: Dec 24, 2004
Posts: 4
PostPosted: Sun Feb 13, 2005 12:53 am    Post subject: "CoolWebStuff" worm Reply with quote
Ok, I'm sure those of you familiar with this worm will know how annoying it is. I've read up on it quite a bit and I have got this Browser Hijack thing that will get rid of it (Hopefully). The thing is, I'm not sure exactly what should be deleted and what shouldn't. If someone who knows what they are talking about could get back to me on this I would be so greatful as I can no longer test my HTML pages in IE due to the worm disabling my browser to go anywhere but the place it wants me to, grrr!! Not so 'cool' at all.

The log file is below...

Quote:
Logfile of HijackThis v1.98.2
Scan saved at 20:46:23, on 09/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\michael pumo\Desktop\HijackThis19802.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = newmedia.leeds.ac.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {9C73DB71-3D9B-473B-ADB9-D78515DE57AD} - C:\WINDOWS\System32\dgfk.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Ultra Hal Text-to-Speech Reader Startup.lnk = ?
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball...tgameloader.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/m...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binar...ro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Filter: text/html - {287A0E02-00D3-4840-949B-6E8A6F293DAA} - C:\WINDOWS\System32\dgfk.dll
O18 - Filter: text/plain - {287A0E02-00D3-4840-949B-6E8A6F293DAA} - C:\WINDOWS\System32\dgfk.dll
Back to top
View user's profile Send private message
ci5co
Web Design Newbie
Web Design Newbie


Joined: Aug 18, 2004
Posts: 91
PostPosted: Sun Feb 13, 2005 12:55 am    Post subject: Reply with quote
Spybot Search and Destroy should remove it from your system and registry here is the link to their downloads section http://www.safer-networking.org/en/mirrors/index.html just be sure to run the updates and what not, and i see that u have microsofts anti spyware also, have u tried running a scan on your system with that?
_________________
White Papers

Internet Marketing

Boku
Back to top
View user's profile Send private message Visit poster's website
Jon
Web Design Admin
Web Design Admin


Joined: Jul 12, 2004
Posts: 73
PostPosted: Sun Feb 13, 2005 12:57 am    Post subject: Reply with quote
Try using SB S&D and Lavasoft Ad-aware. I have never liked Microsoft AntiSpyware so haven't used it much. Also, manually delete the suspicious looking entries in Hijackthis.
_________________
Free MusicCpopServer Definition
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Computer Help Forum and Programming Advice Forum Index -> Adware and spyware prevention tips All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum







CISSP | CCNA | TFT | WEP | VBScript | Server
Jpop
Kpop
Learn Chinese
Learn cantonese
Sim Free Mobile Learn Mandarin
Kaila yu
Utada Hikaru
Jet Li
Twins HK
Kelly Hu
Aaron Kwok Joey Yung
Maia Lee
Chinese Singles
Andy Lau
Sammi Cheng
JackieCheung
Nicholas Tse
Jay Zhou
Jordan Chan
Kelly Chen
Joey Yung
 Park Ji Yoon
SES
Shinhwa
Shin Mina
Shyne
SM Town
DBSK TVXQ
Sung Hi Lee
T Tasha
U;nee
Yoo Seung Jun
Won Bin
YG Family
Korean Girls
Korean Wife
Korean Dating
Korean Husband
Korean Singles
Se7en		 Epik High
FinKL
Kpop Banners
1 Tym
BabyVox
Bae Yong Jun
Bi Rain / Rain
International Sim Card
Boa
Click-B
Fly to the Sky
GOD
Ha Ji Won
Hyori
Jang Nara
Jeon Ji Hyun
JTL
Papaya
 Lee Soo Young
Grace Park
Se7en
Kpop Kim Hee Sun
Won Bin
Korean Singles
Bae Yong Jun
Speak Korean
Jang Nara
SES
YG Family
Chae Yeon
Detox Patch
Detox		 Party Promoter
Phone Card
RHUL
Web Tutorial
Programming
Loans UK
BokuMaro
CV Help Book
Chinese Music
Liu Yi Fei
Edison Chen
Andy Lau
Alyssa Chia		 Avril Lavigne
Sean Pau
Kylie Minogue
Dan Truong
Uk Chinese
Chinese Models
Music
Learn Korean
Japanese Girls
Memory Card
CCNA definitions
Freelance Jobs

Produced by Kpop-Web Design Associates, all rights not reserved.
Computer Programming with Internet Marketing and Search Engine Optimisation Software Defined Radio | Loans UK | Phil Leung Here are some sites with current affiliates and partner to our sites, they are recommended however we accept no responsibility for the content which they may contain. Printing | Kpop | Web Guide | Kpop | Korean Music 1 | Korean Music 2 | Korean Music 3 | IT White Paper | CV Help | Server Definition | Firewall | White Papaers | Case Study | Web Cast | Research Paper