Kindly be advised we cannot cancel subscriptions or issue refunds on the forum.
You may cancel your Bitdefender subscription from Bitdefender Central or by contacting Customer Support at: https://www.bitdefender.com/consumer/support/help/

Thank you for your understanding.

Ultimate Cleaner 2007

Options
dragoiugabriel
dragoiugabriel
edited March 2008 in Malware talk

Hello! It's me again! I have problems again with a virus. three web shortcuts (they lead to the site of Ultimate Cleaner 2007 - <Edited. Link 1>) wich I can't delete, have appeared on my desktop. A couple of "Windows Security Alert"s appear every 1minute on the desktop and the computer is running slow. The desktop background is also changed and the start page also (ucleaner.com). I have also a toolbar on the internet page wich I didn't installed and every 5-10min the internet connects to this page: <Edited. Link 2>


I posted also the report from HijackThis:


Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 13:40:36, on 04.03.2008


Platform: Windows XP SP1 (WinNT 5.01.2600)


MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Boot mode: Normal


Running processes:


C:\WINDOWS\System32\smss.exe


C:\WINDOWS\system32\winlogon.exe


C:\WINDOWS\system32\services.exe


C:\WINDOWS\system32\lsass.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\System32\svchost.exe


C:\Program Files\Ahead\InCD\InCDsrv.exe


C:\WINDOWS\system32\spoolsv.exe


C:\WINDOWS\System32\drivers\CDAC11BA.EXE


C:\Program Files\Network Associates\Common Framework\FrameworkService.exe


C:\Program Files\Network Associates\VirusScan\Mcshield.exe


C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\Explorer.EXE


C:\Program Files\Winamp\winampa.exe


C:\Program Files\QuickTime\qttask.exe


D:\Program Files\D-Tools\daemon.exe


C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe


C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE


C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe


C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe


C:\Program Files\Common Files\Real\Update_OB\realsched.exe


C:\WINDOWS\System32\ctfmon.exe


C:\Program Files\Messenger\msmsgs.exe


C:\Program Files\Winamp Remote\bin\OrbTray.exe


C:\Program Files\Winamp Remote\bin\Orb.exe


C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe


c:\program files\winamp toolbar\WinampTbServer.exe


C:\Program Files\Internet Explorer\iexplore.exe


C:\WINDOWS\System32\dwwin.exe


C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.rd.yahoo.com/customize/ycomp/def.../search/ie.html


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =


R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com


R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll


O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll


O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx


O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll


O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll


O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll


O2 - BHO: SXG Advisor - {7C75EBBF-94AC-4411-805D-03D9974B8561} - C:\WINDOWS\dgtxrdfxwk.dll


O2 - BHO: Misiunero Toolbar - {b9911163-bff1-477a-9fb3-2a4ddc359d81} - C:\Program Files\Misiunero\tbMisi.dll


O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx


O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll


O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll


O3 - Toolbar: Misiunero Toolbar - {b9911163-bff1-477a-9fb3-2a4ddc359d81} - C:\Program Files\Misiunero\tbMisi.dll


O3 - Toolbar: ekvgsnw - {22174732-668F-494A-853B-4D10662DD7D8} - C:\WINDOWS\ekvgsnw.dll


O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"


O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime


O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033


O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"


O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE


O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey


O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"


O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe


O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background


O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet


O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background


O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe


O8 - Extra context menu item: &Search - ?p=ZKxdm014YYRO


O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html


O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000


O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe


O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe


O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL


O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll


O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm


O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm


O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll


O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab


O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab


O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab


O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe


O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll


O21 - SSODL: alofkmn - {E9E853E4-272E-41EA-A61E-94CDA7C01FA0} - C:\WINDOWS\alofkmn.dll


O21 - SSODL: bxlrvps - {6E582A2F-2942-4B90-92DD-55A25E912267} - C:\WINDOWS\bxlrvps.dll


O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE


O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe


O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe


O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe


O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe


O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm


--


End of file - 8142 bytes


I also added a picture of the icons that appear on my desktop.


I have McAfee antivirus, also AdAware Personal and SpyBot - Search and destroy. Can these programs help? It's ok to scan the computer with all three in the same time? I didn't try yet, for I wanted your oppinion about this. Thank you!

/applications/core/interface/file/attachment.php?id=1618" data-fileid="1618" rel="">untitled.bmp

/applications/core/interface/file/attachment.php?id=1627" data-fileid="1627" rel="">links.txt

Comments

  • Niels
    Niels
    Options

    Dear Gabby,


    First of all download this tool. Save it on your desktop. But do not run it yet. Reboot your pc now. But press several times on the F8 button before the windows loading screen is visible press on safe mode log in with your account. Now double click on SmitfraudFix icon. When you start the tool you might see a credits screen just press any button on your keyboard. Now press on number 2 button on your keyboard and press enter. You will also see a screen with this question: Do you want to clean the registry ? Press y and enter. When everything is finished you will see the message : Computer will reboot now. Close all applications press on the spacebar of your computer. Your computer will reboot. Now go to control panel,software,add or remove and see if you can find an entry called Ultimate Cleaner press on it and let the uninstaller run. Now go to start,my computer,double click on the icon of your hard disc or partition where you installed your software on open the program files folders and if present delete the entire Ultimate Cleaner folder by selecting it by leftclicking on it press now on the delete button.


    Make a new hijackthis log.


    Best regards


    Niels

All Time Leaders

Categories

Defenders of the month