| Author | Message | Time |
|---|---|---|
| Yoni | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FunWebProducts; .NET CLR 1.0.3705; .NET CLR 1.1.4322) I've seen several people with this user-agent string already. Spyware is too easy to get on clueless users' Windows computers these days. | August 1, 2004, 8:55 PM |
| KoRRuPT | Yah.... spyware is everyware everywhere* | August 1, 2004, 9:46 PM |
| Yoni | Attention: Someone around here, who visited my localhost webserver a week ago (August 23) through a link I pasted in Op [vL], has this spyware. Mysterious spyware-infected user: Your ISP is cox.net (I won't post the exact IP here, but it's in the 68.10.*.* range). If this is your ISP and range, it might be you - so run an anti-spyware program such as Spybot Search & Destroy as soon as possible! | August 29, 2004, 8:40 AM |
| hismajesty | ew, that matches me, but I ran Spybot S&D this morning (~4 hours ago) and it came up with nothing. :o | August 29, 2004, 10:54 AM |
| Newby | [quote author=Yoni link=board=2;threadid=7990;start=0#msg77964 date=1093768803] Mysterious spyware-infected user: Your ISP is cox.net (I won't post the exact IP here, but it's in the 68.10.*.* range). If this is your ISP and range, it might be you - so run an anti-spyware program such as Spybot Search & Destroy as soon as possible! [/quote] I started panicking when you said cox.net, and I read 68. and was like "Ohhh shit", but I'm .107.*.* :) So am I safe? :D | August 29, 2004, 3:32 PM |
| Kp | [quote author=Newby link=board=2;threadid=7990;start=0#msg77979 date=1093793563] [quote author=Yoni link=board=2;threadid=7990;start=0#msg77964 date=1093768803] Mysterious spyware-infected user: Your ISP is cox.net (I won't post the exact IP here, but it's in the 68.10.*.* range). If this is your ISP and range, it might be you - so run an anti-spyware program such as Spybot Search & Destroy as soon as possible![/quote]I started panicking when you said cox.net, and I read 68. and was like "Ohhh shit", but I'm .107.*.* :)So am I safe? :D[/quote] Maybe, but you should check it anyway. I'm presently 69.*, but my ISP used to issue me 24.* addresses. The change just happened one day, and they never announced/explained it. So, I'd suggest scanning even if you don't have the IP mask Yoni posted. | August 29, 2004, 4:04 PM |
| Maddox | I did a fresh install of Windows 2000, and while I was doing windows update I decided to check out some websites. 10 minutes later I had 10-15 spyware programs installed on my computer. I've cleaned them all out, but my computer is still not working properly. Running ipconfig outputs nothing in the console now. It also looks like cmd.exe has been deleted. Has anyone else had this problem? | August 30, 2004, 12:59 AM |
| hismajesty | After Yoni telling me this, I started getting really paranoid. Neither Spybot S&D or Adaware picked up FWP, though they both have in the past. I'm still reluctant to use Firefox on a regular basis, so I installed Guard Bar about 3 spyware detection programs, updated to XP SP2, installed a software firewall, etc. I like to think I'm safe from all but that dragging and dropping of the scrollbar thing. :( | August 30, 2004, 1:51 AM |
| LW-Falcon | [quote author=hismajesty[yL] link=board=2;threadid=7990;start=0#msg78069 date=1093830708] Neither Spybot S&D or Adaware picked up FWP [/quote] Is there another program that does? | August 30, 2004, 1:58 AM |
| hismajesty | [quote author=Falcon[anti-yL] link=board=2;threadid=7990;start=0#msg78071 date=1093831127] [quote author=hismajesty[yL] link=board=2;threadid=7990;start=0#msg78069 date=1093830708] Neither Spybot S&D or Adaware picked up FWP [/quote] Is there another program that does? [/quote] They're both supposed to, and have in the past. Possibly I deleted it within the past 7 days, but I don't remember running any anti-spyware software within that time period. | August 30, 2004, 3:11 AM |
| Undeference | [quote author=hismajesty[yL] link=board=2;threadid=7990;start=0#msg78069 date=1093830708]I'm still reluctant to use Firefox on a regular basis[/quote] Notice the user-agent: "Mozilla/4.0 (compatible; MSIE 6.0;..." Only spoofs and IE identify themselves in this way. | August 30, 2004, 4:46 AM |
| Yoni | You guys should go to www.ipchicken.com - it tells you your User-Agent. | August 30, 2004, 12:42 PM |
| hismajesty | [quote]Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FunWebProducts-MyWay; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.40607) [/quote] Apparently I still have it installed. Which is odd since _nothing_ is showing I have it! | August 30, 2004, 2:08 PM |
| LW-Falcon | [quote]Browser: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2[/quote] Yay :) Whats Gecko? | August 30, 2004, 8:32 PM |
| hismajesty | [quote author=Falcon[anti-yL] link=board=2;threadid=7990;start=0#msg78205 date=1093897944] [quote]Browser: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2[/quote] Yay :) Whats Gecko? [/quote] http://wp.netscape.com/browsers/future/gecko.html | August 30, 2004, 8:43 PM |
| hismajesty | Anybody have any suggestions as far as FWP? It's still showing up in my user agent, but I've scanned with Spybot S&D, Adawre, Hijackthis, Pest Patrol, and Spyware Blaster. Nothing is even detected it, and they're all fully updated. :o | August 30, 2004, 9:08 PM |
| kamakazie | [quote author=hismajesty[yL] link=board=2;threadid=7990;start=15#msg78215 date=1093900127] Anybody have any suggestions as far as FWP? It's still showing up in my user agent, but I've scanned with Spybot S&D, Adawre, Hijackthis, Pest Patrol, and Spyware Blaster. Nothing is even detected it, and they're all fully updated. :o [/quote] Maybe it is in the registry? | August 30, 2004, 9:32 PM |
| hismajesty | Apparently, it's not. | August 30, 2004, 10:13 PM |
| crashtestdummy | http://www.funwebproducts.com/eula/ removal: http://www.funwebproducts.com/uninstall.html If that doesn't work are you booting into safe mode after you update your spy removal software? | August 31, 2004, 12:27 AM |
| hismajesty | I went to fwp.com/uninstall.html earlier - I have none of those programs installed. | August 31, 2004, 2:42 AM |
| crashtestdummy | Post your hijack this log. Or email it to me at gawdless@gmail.com | August 31, 2004, 2:47 AM |
| hismajesty | Logfile of HijackThis v1.97.7 Scan saved at 11:09:40 PM, on 8/30/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Winamp\Winampa.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Winamp\winamp.exe C:\Documents and Settings\Matthew\My Documents\Bots\PandaChat\PandaChat.exe C:\Documents and Settings\Matthew\My Documents\Bots\Copy of PandaChat\PandaChat.exe C:\Program Files\Gaim\gaim.exe C:\Program Files\eclipse\eclipse.exe C:\WINDOWS\system32\javaw.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Matthew\Desktop\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {62F5BBB6-A71E-46E7-AE78-73D25185EDC8} - C:\Program Files\GuardBar\GuardBar.dll O3 - Toolbar: GuardBar - {7F4D8DE6-AC92-4A13-9DE9-F360736F2464} - C:\Program Files\GuardBar\GuardBar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe O4 - HKLM\..\Run: [PC-CAM 350 STI App Registration] RunDLL32.exe P1060pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\Windows Registry Repair Pro.exe -X O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe" /minimized O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1092366150437 O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38211.7910069444 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab | August 31, 2004, 3:08 AM |
| crashtestdummy | I didn't see but a couple of things that were suspicious so I got with someone else and he asked about the same things that came to my attention. O2 - BHO: (no name) - {62F5BBB6-A71E-46E7-AE78-73D25185EDC8} - C:\Program Files\GuardBar\GuardBar.dll O3 - Toolbar: GuardBar - {7F4D8DE6-AC92-4A13-9DE9-F360736F2464} - C:\Program Files\GuardBar\GuardBar.dll C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe | August 31, 2004, 4:53 AM |
| hismajesty | Guard Bar is a toolbar for IE I installed after Yoni warned me of this. I posted about it earlier in this thread, it's safe. It's just a popup blocker/spyware detecter for IE basically. Bandwidth Monitor Pro monitors my download/upload levels. Registry Cleaner is a registry checker, if a problem is found I can fix it/restore it. | August 31, 2004, 4:55 AM |
| Myndfyr | Info on this ad-ware: http://www.nwfusion.com/newsletters/web/2003/1208web2.html | August 31, 2004, 3:14 PM |