Valhalla Legends Forums Archive | General Discussion | Fun Web Products

AuthorMessageTime
Yoni
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FunWebProducts; .NET CLR 1.0.3705; .NET CLR 1.1.4322)

I've seen several people with this user-agent string already.

Spyware is too easy to get on clueless users' Windows computers these days.
August 1, 2004, 8:55 PM
KoRRuPT
Yah.... spyware is everyware

everywhere*
August 1, 2004, 9:46 PM
Yoni
Attention: Someone around here, who visited my localhost webserver a week ago (August 23) through a link I pasted in Op [vL], has this spyware.
Mysterious spyware-infected user: Your ISP is cox.net (I won't post the exact IP here, but it's in the 68.10.*.* range). If this is your ISP and range, it might be you - so run an anti-spyware program such as Spybot Search & Destroy as soon as possible!
August 29, 2004, 8:40 AM
hismajesty
ew, that matches me, but I ran Spybot S&D this morning (~4 hours ago) and it came up with nothing. :o
August 29, 2004, 10:54 AM
Newby
[quote author=Yoni link=board=2;threadid=7990;start=0#msg77964 date=1093768803]
Mysterious spyware-infected user: Your ISP is cox.net (I won't post the exact IP here, but it's in the 68.10.*.* range). If this is your ISP and range, it might be you - so run an anti-spyware program such as Spybot Search & Destroy as soon as possible!
[/quote]
I started panicking when you said cox.net, and I read 68. and was like "Ohhh shit", but I'm .107.*.* :)

So am I safe? :D
August 29, 2004, 3:32 PM
Kp
[quote author=Newby link=board=2;threadid=7990;start=0#msg77979 date=1093793563]
[quote author=Yoni link=board=2;threadid=7990;start=0#msg77964 date=1093768803]
Mysterious spyware-infected user: Your ISP is cox.net (I won't post the exact IP here, but it's in the 68.10.*.* range). If this is your ISP and range, it might be you - so run an anti-spyware program such as Spybot Search & Destroy as soon as possible![/quote]I started panicking when you said cox.net, and I read 68. and was like "Ohhh shit", but I'm .107.*.* :)So am I safe? :D[/quote]

Maybe, but you should check it anyway. I'm presently 69.*, but my ISP used to issue me 24.* addresses. The change just happened one day, and they never announced/explained it. So, I'd suggest scanning even if you don't have the IP mask Yoni posted.
August 29, 2004, 4:04 PM
Maddox
I did a fresh install of Windows 2000, and while I was doing windows update I decided to check out some websites. 10 minutes later I had 10-15 spyware programs installed on my computer. I've cleaned them all out, but my computer is still not working properly. Running ipconfig outputs nothing in the console now. It also looks like cmd.exe has been deleted. Has anyone else had this problem?
August 30, 2004, 12:59 AM
hismajesty
After Yoni telling me this, I started getting really paranoid. Neither Spybot S&D or Adaware picked up FWP, though they both have in the past. I'm still reluctant to use Firefox on a regular basis, so I installed Guard Bar about 3 spyware detection programs, updated to XP SP2, installed a software firewall, etc. I like to think I'm safe from all but that dragging and dropping of the scrollbar thing. :(
August 30, 2004, 1:51 AM
LW-Falcon
[quote author=hismajesty[yL] link=board=2;threadid=7990;start=0#msg78069 date=1093830708]
Neither Spybot S&D or Adaware picked up FWP
[/quote]
Is there another program that does?
August 30, 2004, 1:58 AM
hismajesty
[quote author=Falcon[anti-yL] link=board=2;threadid=7990;start=0#msg78071 date=1093831127]
[quote author=hismajesty[yL] link=board=2;threadid=7990;start=0#msg78069 date=1093830708]
Neither Spybot S&D or Adaware picked up FWP
[/quote]
Is there another program that does?
[/quote]

They're both supposed to, and have in the past. Possibly I deleted it within the past 7 days, but I don't remember running any anti-spyware software within that time period.
August 30, 2004, 3:11 AM
Undeference
[quote author=hismajesty[yL] link=board=2;threadid=7990;start=0#msg78069 date=1093830708]I'm still reluctant to use Firefox on a regular basis[/quote]
Notice the user-agent: "Mozilla/4.0 (compatible; MSIE 6.0;..."
Only spoofs and IE identify themselves in this way.
August 30, 2004, 4:46 AM
Yoni
You guys should go to www.ipchicken.com - it tells you your User-Agent.
August 30, 2004, 12:42 PM
hismajesty
[quote]Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FunWebProducts-MyWay; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.40607) [/quote]

Apparently I still have it installed. Which is odd since _nothing_ is showing I have it!
August 30, 2004, 2:08 PM
LW-Falcon
[quote]Browser: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2[/quote]
Yay :)
Whats Gecko?
August 30, 2004, 8:32 PM
hismajesty
[quote author=Falcon[anti-yL] link=board=2;threadid=7990;start=0#msg78205 date=1093897944]
[quote]Browser: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2[/quote]
Yay :)
Whats Gecko?
[/quote]

http://wp.netscape.com/browsers/future/gecko.html
August 30, 2004, 8:43 PM
hismajesty
Anybody have any suggestions as far as FWP? It's still showing up in my user agent, but I've scanned with Spybot S&D, Adawre, Hijackthis, Pest Patrol, and Spyware Blaster. Nothing is even detected it, and they're all fully updated. :o
August 30, 2004, 9:08 PM
kamakazie
[quote author=hismajesty[yL] link=board=2;threadid=7990;start=15#msg78215 date=1093900127]
Anybody have any suggestions as far as FWP? It's still showing up in my user agent, but I've scanned with Spybot S&D, Adawre, Hijackthis, Pest Patrol, and Spyware Blaster. Nothing is even detected it, and they're all fully updated. :o
[/quote]

Maybe it is in the registry?
August 30, 2004, 9:32 PM
hismajesty
Apparently, it's not.
August 30, 2004, 10:13 PM
crashtestdummy
http://www.funwebproducts.com/eula/

removal:
http://www.funwebproducts.com/uninstall.html

If that doesn't work are you booting into safe mode after you update your spy removal software?
August 31, 2004, 12:27 AM
hismajesty
I went to fwp.com/uninstall.html earlier - I have none of those programs installed.
August 31, 2004, 2:42 AM
crashtestdummy
Post your hijack this log. Or email it to me at gawdless@gmail.com
August 31, 2004, 2:47 AM
hismajesty
Logfile of HijackThis v1.97.7
Scan saved at 11:09:40 PM, on 8/30/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Matthew\My Documents\Bots\PandaChat\PandaChat.exe
C:\Documents and Settings\Matthew\My Documents\Bots\Copy of PandaChat\PandaChat.exe
C:\Program Files\Gaim\gaim.exe
C:\Program Files\eclipse\eclipse.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Matthew\Desktop\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {62F5BBB6-A71E-46E7-AE78-73D25185EDC8} - C:\Program Files\GuardBar\GuardBar.dll
O3 - Toolbar: GuardBar - {7F4D8DE6-AC92-4A13-9DE9-F360736F2464} - C:\Program Files\GuardBar\GuardBar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [PC-CAM 350 STI App Registration] RunDLL32.exe P1060pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\Windows Registry Repair Pro.exe -X
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1092366150437
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38211.7910069444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

August 31, 2004, 3:08 AM
crashtestdummy
I didn't see but a couple of things that were suspicious so I got with someone else and he asked about the same things that came to my attention.
O2 - BHO: (no name) - {62F5BBB6-A71E-46E7-AE78-73D25185EDC8} - C:\Program Files\GuardBar\GuardBar.dll
O3 - Toolbar: GuardBar - {7F4D8DE6-AC92-4A13-9DE9-F360736F2464} - C:\Program Files\GuardBar\GuardBar.dll
C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe
August 31, 2004, 4:53 AM
hismajesty
Guard Bar is a toolbar for IE I installed after Yoni warned me of this. I posted about it earlier in this thread, it's safe. It's just a popup blocker/spyware detecter for IE basically.

Bandwidth Monitor Pro monitors my download/upload levels.
Registry Cleaner is a registry checker, if a problem is found I can fix it/restore it.
August 31, 2004, 4:55 AM
Myndfyr
Info on this ad-ware:
http://www.nwfusion.com/newsletters/web/2003/1208web2.html
August 31, 2004, 3:14 PM

Search