Unclassified.Spyware.57

[micheal]

keep getting above msg after cleaning w/ MS Antispyware.
also run Spyware Doctor, Ad-Aware, SpyFerret, and Symantec
Antivirus. also try a registry cleaner once in a while and
never can get rid of this infestation. this is maddening.
if i let the infestation fester, it produces a browswer
hijacker, various worms, desktop icons,.. i am NOT going to
keep wasting money on anti-spyware.. eventually, i will
format the hard-drive and replace the operating system with
Linux - if i cannot get rid of this thing.. i am hoping MS
will produce an anti-spyware product that cleans thoroughly
before i have to do this.. PLEASE HELP!!!

 

[Monitor]

Please submit a Tools, suspected spyware report from the
infected machine!

 

[G. Weber]

See my post yesterday about u½chost.exe for additional information about
spyware 57.
Hope someone can help as this seems to be a tough one.

 

[Guest]

-----Original Message-----
never can get rid of this infestation. this is maddening.
if i let the infestation fester, it produces a browswer
hijacker, various worms, desktop icons,.. i am NOT going to
keep wasting money on anti-spyware.. eventually, i will
format the hard-drive and replace the operating system with
Linux - if i cannot get rid of this thing..

Creating your own program is more hopeful...

 

[micheal]

thank you - i checked out the post .. it seems i have a
"lurker" program hiding somewhere .. below i will paste in
the logfile output of Hijackthis since earlier posts asked
for it.

Logfile of HijackThis v1.99.1
Scan saved at 2:57:30 PM, on 4/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\rzimnk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC07.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG07.EXE
C:\Documents and Settings\Moonhee\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: URLSearchHook Class -
{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program
Files\NZSearch\SearchEnh1.dll
F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [UserFaultCheck]
%systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ps8W3mV] gcdaddin.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\rzimnk.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] winmap.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Spyware Doctor -
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.sbs.co.kr
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} -
https://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} -
https://mpi.dacom.net/XPayMPI/Xecure_LiveUpdate_XPayMPIOCX.cab
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\hrj8051ue.dll
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) -
Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN
Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher
(DefWatch) - Symantec Corporation - C:\Program
Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony
Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: PACSPTISVR - Unknown owner -
C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program
Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent
Service (default)) - Analog Devices, Inc. - C:\Program
Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony
Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation -
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VAIO Entertainment Aggregation and Control
Service - Sony Corporation - C:\Program Files\Common
Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service -
Sony Corporation - C:\Program Files\Common Files\Sony
Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration
Service - Sony Corporation - C:\Program Files\Common
Files\Sony Shared\VAIO
Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter -
Sony Corporation - C:\Program Files\Common Files\Sony
Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server
(VAIOMediaPlatform-IntegratedServer-AppServer) - Sony
Corporation - C:\Program Files\Sony\vaio media integrated
server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP)
(VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner -
C:\Program Files\Sony\vaio media integrated
server\Platform\SV_Httpd.exe"
/Service=VAIOMediaPlatform-IntegratedServer-HTTP
/RegRoot="SOFTWARE\Sony Corporation\VAIO Media
Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP
(file missing)
O23 - Service: VAIO Media Integrated Server (UPnP)
(VAIOMediaPlatform-IntegratedServer-UPnP) - Sony
Corporation - C:\Program Files\Sony\vaio media integrated
server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server
(VAIOMediaPlatform-Mobile-Gateway) - Unknown owner -
C:\Program Files\Sony\vaio media integrated
server\Platform\VmGateway.exe"
/Service=VAIOMediaPlatform-Mobile-Gateway
/RegRoot="SOFTWARE\Sony Corporation\VAIO Media
Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway"
/DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server
(VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner -
C:\Program Files\Sony\vaio media integrated
server\Video\GPVSvr.exe"
/Service=VAIOMediaPlatform-VideoServer-AppServer
/DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP)
(VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner -
C:\Program Files\Sony\vaio media integrated
server\Platform\SV_Httpd.exe"
/Service=VAIOMediaPlatform-VideoServer-HTTP
/RegRoot="SOFTWARE\Sony Corporation\VAIO Media
Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file
missing)
O23 - Service: VAIO Media Video Server (UPnP)
(VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation -
C:\Program Files\Sony\vaio media integrated
server\Platform\UPnPFramework.exe

 

[Bill Sanderson]

Ron Kinner--the stuff below are the pieces that I can't identify easily as
safe. What would you say?


C:\WINDOWS\system32\rzimnk.exe

R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://my.netzero.net/s/search?r=minisearch

R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: URLSearchHook Class -
{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program
Files\NZSearch\SearchEnh1.dll

F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe

O4 - HKLM\..\Run: [ps8W3mV] gcdaddin.exe

O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\rzimnk.exe

O4 - Global Startup: VPN Client.lnk = ?

O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

O15 - Trusted Zone: http://*.sbs.co.kr
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} -
https://www.vpay.co.kr/KVPplugin01.cab

O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} -
https://mpi.dacom.net/XPayMPI/Xecure_LiveUpdate_XPayMPIOCX.cab

O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\hrj8051ue.dll