SunQuest
           Antivirus Protection
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsSystem AdministrationAntivirus Protection
Reload this Page

Pop-ups Pop-Unders, Adware.TargetSaver.100 / Smartpops.100 (HJT log inside)

Discuss Pop-ups Pop-Unders, Adware.TargetSaver.100 / Smartpops.100 (HJT log inside) in the Antivirus Protection forum on Dev Shed.
Pop-ups Pop-Unders, Adware.TargetSaver.100 / Smartpops.100 (HJT log inside) Antivirus Protection forum discussing issues relating to antivirus programs, spyware, hijack protection, and personal firewalls for all operating systems. Keep your systems protected from hackers and other hazards.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
Get inside! Sample the range of functionality easily built with JMSL Library for Time Series Data Analysis, Heat Maps, Portfolio Optimization, Monte Carlo Simulation, Stock Price Charting and more. Download Now!
  #1  
Old December 21st, 2004, 08:27 AM
J_Tree's Avatar
J_Tree J_Tree is offline
Rocking my php-ness
Dev Shed Intermediate (1500 - 1999 posts)
  
Join Date: Dec 2004
Location: Boston, MA
Posts: 1,968 J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level)J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level)J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level)J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level)J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level)J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level)J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level)J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level) 
Time spent in forums: 2 Weeks 2 Days 15 h 11 m 47 sec
Reputation Power: 145
Send a message via ICQ to J_Tree Send a message via AIM to J_Tree Send a message via MSN to J_Tree Send a message via Yahoo to J_Tree
Adware.TargetSaver.100 / Smartpops.100 HJT log inside (Problem Sloved)
I've ran trojanhunter, AdAware, Spybot, VirusScan (My corporate virus scanner) and even removed a few bugs manually but I am still getting these ads. They usually happen when I search from the google toolbar. It seems most ads are served from clkoptimizer.com. Can anyone shed some light on this situation?

Here's my log.

Logfile of HijackThis v1.99.0
Scan saved at 9:25:48 AM, on 12/21/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\EPOAgent\naimas32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\EPOAgent\naimag32.exe
C:\WINDOWS\system32\yyqugy.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\TrojanHunter 4.0\THGuard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HIJACK\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://safetynet/core/Default.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://safetynet/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O1 - Hosts: 192.1.1.2 sec02 # HP MPE
O1 - Hosts: 192.14.16.244 apserver # Application Server
O1 - Hosts: 172.20.1.11 sec16 # VPD MIS HP-UX System
O1 - Hosts: 192.14.16.239 sec10 # ERP Production
O1 - Hosts: 192.14.16.248 sysdev # Systems Testing
O1 - Hosts: 192.14.16.245 sec30 dbserver # Database Server
O1 - Hosts: 192.14.16.250 sec04 ov ov.sensormatic.com # ADP Development
O1 - Hosts: 192.14.16.247 sec09 # Developement Database Server
O1 - Hosts: 192.14.16.238 sec12a sec12 # Developement Database Server
O1 - Hosts: 192.1.1.29 sec01 # HP 995 2nd backbone
O1 - Hosts: ;10.40.142.13 dragonfly dragonfly.engr.srm.com
O1 - Hosts: 192.12.4.152 INFOSERV
O1 - Hosts: ;192.168.5.248 FLDISNT1
O1 - Hosts: ;192.14.12.244 FLGWYEX1
O1 - Hosts: 192.14.4.252 SENTRANET
O1 - Hosts: 192.14.3.6 FLMFGRA1
O1 - Hosts: 192.14.4.253 FLBOCBDC01
O1 - Hosts: 192.14.12.253 FLBOCPDC01
O1 - Hosts: 192.62.1.246 GAATLNT1
O1 - Hosts: ;192.12.2.26 FLMFGMTE #Manufacturing Test Engineering, Alexis
O1 - Hosts: ;192.12.5.181 CI3-LJ4P
O1 - Hosts: ;192.14.16.6 MIS8-8000
O1 - Hosts: ;192.92.1.250 DA1-LJ4
O1 - Hosts: ;192.13.6.141 FLCOMS21CLR5
O1 - Hosts: ;192.13.6.46 FLMFGS21LJ4P
O1 - Hosts: ;192.13.4.70 FIN-5S1
O1 - Hosts: ;192.13.4.72 FIN-5S2
O1 - Hosts: ;192.12.5.57 MIS3-HP3
O1 - Hosts: ;192.12.5.38 MIS4-4SIMX
O1 - Hosts: ;192.12.5.185 MIS7-1200C
O1 - Hosts: ;192.12.4.177 print_5799
O1 - Hosts: ;192.12.4.44 TSUP1-4SIMX
O1 - Hosts: ;192.12.4.140 TSUP3-LJ4P
O1 - Hosts: ;192.12.5.29 MIS8-N32
O1 - Hosts: ;192.12.6.115 USFIN-LJ3
O1 - Hosts: ;192.13.2.75 FlEng02NEcp3
O1 - Hosts: ;192.13.2.190 FlEng02NHp5000
O1 - Hosts: ;192.13.2.87 FLADM01N2LJ4
O1 - Hosts: ;192.13.2.57 FLADM02N2LJ4SI
O1 - Hosts: ;192.13.2.50 FLMECH01N2LJ4
O1 - Hosts: ;192.13.2.23 FLDESN01N2LJ4V
O1 - Hosts: ;192.13.2.22 FLDESN02N2LJ4
O1 - Hosts: ;192.13.2.88 FLRND01N2LJ5M
O1 - Hosts: ;192.13.2.190 FLENG02NHP5000
O1 - Hosts: ;192.13.2.75 FLENG02NECP3
O1 - Hosts: 192.13.2.90 FLRND04N2LJ4
O1 - Hosts: 192.13.2.59 FLPUBS01N2LJ4MP
O1 - Hosts: 192.13.2.58 FLPUBS02N2LJ4MP
O1 - Hosts: 192.13.5.77 FLPOSEM01S1LJ4
O1 - Hosts: 192.13.5.78 FLVID04S1LJ4
O1 - Hosts: 192.13.5.79 FLVID02S1LJ4
O1 - Hosts: 192.13.5.56 FLVID01S1LJ4V
O1 - Hosts: 192.13.5.80 FLIIS01S1LJ5N
O1 - Hosts: 192.13.5.55 FLVID03S1LJ4P
O1 - Hosts: 192.13.3.79 MAX-16C
O1 - Hosts: 192.13.3.35 MAX-L4V
O1 - Hosts: 192.13.3.83 MAX-LJ4
O1 - Hosts: 192.13.6.133 FlProd1S2Lj4
O1 - Hosts: 192.13.7.10 FLRFID01PDD16C
O1 - Hosts: 192.13.10.240 BOCA_CIC_SHIVA_1
O1 - Hosts: 12.14.40.190 FIREWALL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NaimAgent_UI] C:\EPOAgent\naimag32.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autoclose
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - Startup: Microsoft Outlook.lnk = C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://safetynet/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103295031926
O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NAI ePolicy Orchestrator Agent - Network Associates, Inc. - C:\EPOAgent\naimas32.exe
Last edited by J_Tree : December 22nd, 2004 at 07:12 AM. Reason: fixed it myself
Reply With Quote
  #2  
Old December 21st, 2004, 03:08 PM
J_Tree's Avatar
J_Tree J_Tree is offline
Rocking my php-ness
Dev Shed Intermediate (1500 - 1999 posts)
  
Join Date: Dec 2004
Location: Boston, MA
Posts: 1,968 J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level)J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level)J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level)J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level)J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level)J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level)J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level)J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level) 
Time spent in forums: 2 Weeks 2 Days 15 h 11 m 47 sec
Reputation Power: 145
Send a message via ICQ to J_Tree Send a message via AIM to J_Tree Send a message via MSN to J_Tree Send a message via Yahoo to J_Tree
No guesses? It seems a short while afterwards AdAware found some CWS and Vx2 files. The Vx2 removal ad-on for AdAware didnt' find the Vx2 though. odd.
Reply With Quote
  #3  
Old December 22nd, 2004, 07:11 AM
J_Tree's Avatar
J_Tree J_Tree is offline
Rocking my php-ness
Dev Shed Intermediate (1500 - 1999 posts)
  
Join Date: Dec 2004
Location: Boston, MA
Posts: 1,968 J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level)J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level)J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level)J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level)J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level)J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level)J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level)J_Tree User rank is First Lieutenant (10000 - 20000 Reputation Level) 
Time spent in forums: 2 Weeks 2 Days 15 h 11 m 47 sec
Reputation Power: 145
Send a message via ICQ to J_Tree Send a message via AIM to J_Tree Send a message via MSN to J_Tree Send a message via Yahoo to J_Tree
Fixed. Figured it out myself.
Reply With Quote
  #4  
Old December 27th, 2004, 11:18 PM
Tom Myboy Tom Myboy is offline
Contributing User
Dev Shed Regular (2000 - 2499 posts)
  
Join Date: Aug 2003
Posts: 2,491 Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level)Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level)Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level)Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level)Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level) 
Time spent in forums: 3 Days 20 h 13 m 41 sec
Reputation Power: 13
Hi J_Tree,

If you would like to post a final log, I'd be happy to look at it.

Tom
__________________
HijackThis
Ad-aware
Spybot Search & Destroy
SpywareBlaster
SpywareGuard
Housecall Online A/V Scan
Please read the stickys at the top of the forum before posting!
Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationAntivirus Protection > Pop-ups Pop-Unders, Adware.TargetSaver.100 / Smartpops.100 (HJT log inside)

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 5 hosted by Hostway