Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

inklineglobal.com ad

Posted on 2003-12-03
7
Medium Priority
?
390 Views
Last Modified: 2013-12-04
While i was surfing the net, a pop up window appeared claiming to give some advice about security.
When i clicked a button on this page  , my cd driver was opened.
i then shut the connection and didn't try to open the site again.
i run mcaffee firewall.
could any body tell me how this happens , and whether it may cause damage.
the site is:

http://www.inklineglobal.com/adsales/smni/sb_offer_smni_cpa.html

thank u very much in advance
0
Comment
Question by:mmelek1
  • 2
  • 2
5 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9871639
Dear mmelek1,

Use these tools to check for it

Spyware/Adware removal tools:
------------------------------

What is spyware : http://www.spychecker.com/spyware.html

SpyBot-S&D : http://www.webattack.com/download/dlspybot.shtml 

Ad-aware : http://www.webattack.com/download/dladaware.shtml 

Trojan Remover :http://www.simplysup.com/

HijackThis : http://www.webattack.com/download/dlhijackthis.shtml 

KL-Detector  :http://www.webattack.com/download/dlkldetector.shtml

X-Cleaner Free  :http://www.webattack.com/download/dlxcleaner.shtml

SpywareBlaster  :http://www.webattack.com/download/dlspywareblaster.shtml

SpywareGuard :http://www.webattack.com/download/dlspywareguard.shtml

SpySites  :http://www.webattack.com/download/dlspysites.shtml

Keylogger Hunter :http://www.webattack.com/download/dlklhunter.shtml

Spycop: http://www.spycop.com/

BHODemon : http://www.spywareinfo.com/downloads/bhod/

Browser Hijack Blaster : http://www.wilderssecurity.net/bhblaster.html

Goodbye Spy http://www.topshareware.com/GoodBye-Spy-download-2012.htm

Other spyware removal instructions: http://www.pchell.com/support/click2findnow.shtml


online virus scanner:
---------------------

http://housecall.trendmicro.com/ 

http://security.symantec.com/

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

http://www.pcpitstop.com/antivirus/default.asp 

DOS based : http://www.f-prot.com/download/download_fpdos.html

Pop-up blocker:
---------------

http://home.rochester.rr.com/artcfox/Pop-Down/

http://www.panicware.com/product_psfree.html

http://zdnet.search.com/search?channel=56&cat=279tag=st.zd.sr.srch.zdnet&q=popup+killer

http://12ghosts.com/ghosts/popup.htm

http://www.webwasher.com/client/home/index.html?lang=de_EN

http://www.adsgone.com/download.asp

Google toolbar: toolbar.google.com


Thanks,
Sunray
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9871644
Also most importantly use the tool (hijackthis) that I have given in my first comment.. it would give you a log file.
Post the log file here and experts would help you better to know which registry entry to delete

Sunray
0
 

Author Comment

by:mmelek1
ID: 9871695
hi
thanks for the answer
could u please tell me if mcaffee fire wall is enough or not,
if not what is the best i sould use?

here is the log file
Logfile of HijackThis v1.97.7
Scan saved at 4:13:40 AM, on 12/4/2003
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Virtual CD v4\System\vcdsecs.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\rundll32.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
D:\Program Files\McAfee\McAfee Firewall\CPD.EXE
I:\Program Files\McAfee VirusScan\Avsynmgr.exe
I:\Program Files\McAfee VirusScan\VsStat.exe
I:\Program Files\McAfee VirusScan\Vshwin32.exe
D:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
I:\Program Files\McAfee VirusScan\Avconsol.exe
D:\WINDOWS\System32\devldr32.exe
H:\Program Files\Overnet\overnet.exe
I:\Program Files\Babylon\babylon.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ntvdm.exe
I:\Program Files\McAfee VirusScan\AlogServ.exe
D:\Documents and Settings\Michael\Desktop\ELEKTRODA\hk\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = H:\Program Files\Copernic Agent\Web\SearchBar.htm
O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - D:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - D:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Program Files\NewDotNet\newdotnet5_48.dll
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - D:\WINDOWS\System32\nzdd.dll
O2 - BHO: (no name) - {F4A27D22-E603-4B1B-B8D0-1CF7D57E56F2} - D:\Program Files\NetLeech\IEExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - I:\Program Files\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - H:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - D:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - H:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra button: Short Message (HKLM)
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: 3721 Assistant (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
O16 - DPF: {7589EEE6-E336-11D4-8A7E-EE1D971D9B47} (AcontiX Control) - http://secure.aconti.net/acontix/goodthinxx.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://66.230.143.209/loader/dploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DFA9D3E-B975-467B-9708-46BA8A7CC318}: NameServer = 62.140.73.2 62.140.73.1




thank u very much
0
 

Author Comment

by:mmelek1
ID: 9873402
this is the log file
could somebody tell me what should i do
thanks
0
 
LVL 6

Accepted Solution

by:
Joseph_Moore earned 80 total points
ID: 9879744
The add actually links to a Mcafee product where they are trying to sell you something.

Now, in regards to the CDROM eject trick, that is just part of the Mcafee "you are not secure so you need our security product" sales pitch. Scare the user by opening his CDROM door, and show them their WONDERFUL security product that will prevent these type of things from happening.

 There is a VBSCRIPT Function in the webpage called "Function OpenCDs" that is calling a Windows Media Player .OCX file, and causing it to eject CDROM door if possible. I would post the script here, but then it might just start opening CDROM doors for people looking at this question and they might freak out!

So, no virus, no spyware, no malware, just Mcafee being cute!

On my XP laptop, the CDROM trick did NOT work, and that is probably because I am up-to-date on my WinXP OS patches, IE patches, and Windows Media Player patches.

So, I bet if you went to the Windows Update website and got all Critical and most of the recommended patches, THEN went back to the webpage again, the CDROM door would not open.

0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question