annoying dialouge box popping up

G

giangy333

New Member
Hi,

in the past 2 days the following dialouge box has been popping up on my computer when i am not even viewing any web pages

""this site has an unspecified potential security risk. Would you like to continue?""

also one of those dialog boxes asking for your login name and password popped up today. I forget exactly what website it said it was from. something media player related.

Anyway, ive ran a spyware scan with AdAware and nothing relevant came up. This is becoming quite an annoyance. Any suggestions?
 
HT at best is a very limited tool originally designed for older versions of Windows. But the main problem seen is getting too overly reliant on it. I certainly don't count on any online scanner for it either.
 
PC eye said:
HT at best is a very limited tool originally designed for older versions of Windows. But the main problem seen is getting too overly reliant on it. I certainly don't count on any online scanner for it either.
Click to expand...
Just the first of many tools that people who know about these things use (which you obviously don't). And if you don't use that online scanner, why do you keep posting the results from it.:confused:
 
That's called cross checking to see what "it" decides to come up with. But you will notice I also recommend the use of other tools that have too often found things that won't seen as the IE addons or immediate startups.
 
PC eye said:
That's called cross checking to see what "it" decides to come up with. But you will notice I also recommend the use of other tools that have too often found things that won't seen as the IE addons or immediate startups.
Click to expand...
What other tools do you recommend? And answer my question, if you don't mind.
 
I answered your question since I also look over logs as well as point out things apparently indicated by the HT scanner. The list of other tools would be quite lengthy indeed. Let's start with two free online system scanning tools that find viruses and trojans not usually seen in a log. http://security.symantec.com/sscv6/...d=22&pkj=NCGSCKMRKRFPECDMEYI&setjsax=1&bhcp=1

And then http://www.majorgeeks.com/download955.html
Or someone can make a "Housecall" at http://housecall.trendmicro.com/

There's mixed feelings on Spybot S&D, http://www.safer-networking.org/en/download/index.html

Another free trojan scanner can be downloaded at http://www.ewido.net/en/download/

AVG 7.5 along what would have been called Ewido 5.0 can be found at http://free.grisoft.com/doc/5390/lng/us/tpl/v5#avg-anti-spyware-free

Windows Defender in the full release hasn't done so well. http://www.microsoft.com/athome/security/spyware/software/default.mspx

And certainly not every problem seen with IE or Windows in general has anything to do with viruses, spywares, adwares, or even other types of malwares. Sometimes you simply "XP tweaks and fixes". http://www.kellys-korner-xp.com/xp_tweaks.htm

Leftover registry entries can often cause problems when loading drivers remaining from programs already removed. http://www.majorgeeks.com/RegCleaner_d460.html

A long list of popular freewares for virus removal can be looked over at http://freeware.intrastar.net/virus.htm

When people see errors in IE that isn't necessary adwares or something other then a "glitch" in IE itself often. http://www.colba.net/~hlebo49/erriexpl.htm Yes IE can often see many error messages of different types. http://www.smartcomputing.com/techsupport/ErrorBrowse.aspx?guid=&num=201

But when something does get on a system and hides itself well you may have to choose from several to find the one that will work if you don't need a special type of remover. http://www.majorgeeks.com/downloads31.html
 
Buzz1927 said:
You're pretty funny, wanna dance?
Click to expand...

I wasn't trying to sarcastic there. In fact I'll even give you a log to look over to see what you come up with if you can? I know there's adware but guess what?


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINXP\SYSTEM\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nospammail.net/mail/?MLS=LN-*;Ust=b27c7bde!cb0a41a1;UDm=138;MSignal=MB-*
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://infospace.abcnews.com/info.abcnws.toolbar/dog/forms/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://infospace.abcnews.com/info.abcnws.toolbar/dog/forms/search.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: ABCNews.com Toolbar - {C1D79200-7718-4656-A7B2-F23046E264E7} - C:\Program Files\ABCNewsToolbar\insptbar.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: ABCNews.com Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\ABCNewsToolbar\contextsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
 
Buzz1927 said:
Ooh, look, your scanner has flagged abc news as a nasty, scary stuff:eek:
Click to expand...

It wasn't "My" scanner by any means. :P What the scanner found is the security vulnerability when you have toolbars added onto IE or even FireFox. The Google toolbar is notorious for adwares. Now those didn't happen to look like these here found by the Symantec trojan scanner did they?
C:\WINDOWS\Downloaded Program Files\Toolbar_cobrand.EXE is infected with Trackware.Dogpile
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\Toolbar_cobrand.EXE is infected with Trackware.Dogpile

Geeeeee... even the Mac OS X is vulnerable to attack. http://abcnews.go.com/Technology/wireStory?id=1907475&page=1 :eek: :eek: :eek:

[place additional results here from Trend Micro's PC-cillin]

total: 135 objects found including the usual data miners

http://img153.imageshack.us/my.php?image=trendmicropccillin1br8.jpg

http://img153.imageshack.us/my.php?image=trendmicropccillin2lp6.jpg
 
Last edited:
You must log in or register to reply here.
Back
Top