Advertisement

01.07.2006 at 08:22PM PST, ID: 21688203
[x]
Attachment Details

"System Alert: Spyware Detected" along with "System Intrusion Detected" pop ups in tray - SpywareStrike loads itself

Asked by ddemakes in Windows Network Security Questions, Security Software

Tags: system, alert, spyware

A "System Alert: Spyware Detected" box of text pops up from a little yellow yield sign in the tray.  The yellow icon has an exclamation point on it.  The text reads:
“System Alert: Spyware Detected
System has detected 4 active spyware applications that may cause you computer to crash and restart, slow it to a crawl…”(its gone away currently so I can’t continue to type it out.  But you get the gist.)

Also a “System Intrusion Detected" box of text pops up from the tray.  The icon for it is a  red circle with a white x through it.  The icon alternates between the red circle to the Windows update logo.  The text reads:
“System Instrusion Detected! (notice typo on “Intrusion”)
The system will now download and install most efficient antimalware program to prevent data loss and you private information theft. Click here to protect you computer from the biggest malware threats.”

A browser popup reads:
“Security Configuration
Attention?  Win32.HS.m2 Spyware has just overcome default security software on Your PC.  Your personal information and pc safety is in critical danger. To clear Your PC and get rid of dangerous virus you need paid security system patch called ” AD-PROJECT". By clicking ”Continue” You will be taken to official developer’s page, where you may download the patch.”

SpywareStrike loads itself.
An HTML link to SpySherrif loads when the yellow yield sign is clicked.


Other popups include porn and casino ads.

Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:21:10 PM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\PC Tools AntiVirus\ScanningProcess.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\SpywareStrike\SpywareStrike.exe
C:\Program Files\SpywareStrike\SpywareStrike.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\DARREL~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: HomepageBHO - {27150f81-0877-42e9-af13-55e5a3439a26} - C:\WINDOWS\system32\hp1A44.tmp
O2 - BHO: CM BHO - {6379A99A-9102-446C-A837-0623E1810D75} - C:\Program Files\Crystalys media\cm.dll
O3 - Toolbar: CM Band - {159C2E51-9823-11D2-8DDC-D84A1B4ACD4D} - (no file)
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.7\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: TVHarmony AutoPilot.lnk = C:\Program Files\TVHarmony\AutoPilot.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O4 - Global Startup: D-Link REG Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

Any help with this would be greatly appreciated.

Thanks,
DD

Start Free Trial
Related Solutions: "System Alert: Spyware Detected" along with "System Intrusion Detected" pop ups in t…
 
Keywords: "System Alert: Spyware Detected" …
Title
1 Spyware
2 Assistance with contents of Hijackthis …
3 HijackThis Log
4 Possible spyware or Key logger softw…
5 Spyware problem on PC - XP anitviru…
6 HijackThis log file
 
Loading Advertisement...
 
[+][-]01.07.2006 at 08:34PM PST, ID: 15640383

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01.07.2006 at 08:48PM PST, ID: 15640428

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Windows Network Security Questions, Security Software
Tags: system, alert, spyware
Sign Up Now!
Solution Provided By: war1
Participating Experts: 2
Solution Grade: B
 
 
[+][-]01.08.2006 at 01:02AM PST, ID: 15641015

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01.08.2006 at 04:23AM PST, ID: 15641368

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]01.08.2006 at 04:34AM PST, ID: 15641393

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01.08.2006 at 04:58AM PST, ID: 15641443

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]01.08.2006 at 05:09AM PST, ID: 15641474

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01.08.2006 at 06:09AM PST, ID: 15641594

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32