Over 1 million tech questions and answers.

HELP !! windows\privacy_danger\index.htm

Q: HELP !! windows\privacy_danger\index.htm

Hi, Im a newby but have a trojan problem. 2 days ago i got a windows\privacy_danger\index.htm Trojan alert come up on my screen. I sent it to the anti virus vault and then lost my icons on my browser and my wallpaper screen has been affected and i have a white screen with hazy icons on it. The computer is slow and having difficulty trying to send the tojans to the vault. I did a hijackthis scan and came up with this result:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:50 p.m., on 16/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Registry Defragmentation\RegManServ.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL...-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by139fd.bay139.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{658AB956-A151-431A-8BF5-0B028BB273BE}: NameServer = 202.180.64.9,202.180.64.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{C43F7F35-3CD2-4C1F-91B4-1698582BB918}: NameServer = 202.27.184.3
O21 - SSODL: pmsoarbf - {96ABC1A4-4B86-4B2D-BF47-2341E088D46A} - C:\WINDOWS\pmsoarbf.dll
O21 - SSODL: omlbpkaw - {97C5F332-AA2E-49D4-9B67-82DC756A9390} - C:\WINDOWS\omlbpkaw.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Registry Defragmentation\RegManServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 10079 bytes

Could someone help me with this and decipher what this means ? Really appreciate your help. Have installed Spyware doctor but it seems this hasnt "cured" the problem. Hope to hear from you soon.

Cheers,
Mark

Read other answers
RELEVANCY SCORE 200
Preferred Solution: HELP !! windows\privacy_danger\index.htm

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

RELEVANCY SCORE 77.6

I have a message on my machine about file://C:\WINDOWS\privacy_danger\index.htm was not found. A message appeared stating that I had to download some software to delete the virus, which unfortunatley I did. The background changed to red. Right-clicking will not allow me to change the desktop to anything else and the privacy_danger message keeps appearing. I have run trend micro hijack this and the diagnosis is attached. Any help you can give me regarding what to do next would be greatly appreciated. Thank you
 

Read other answers
RELEVANCY SCORE 77.6

Hello I have tried aaw2007.exe and it say its not valid win32 application. My computer is slow and I am downloading the search and destroy now. But I do want to give this site the hijackthis log while I have time and before my computer goes blank. Also I the privacy danger trojan in the hjt ignore list.Thanks, Pat.....Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:22:04 AM, on 1/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\AOL\1150410203\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\Program Files\Common Files\AOL\Loader\... Read more

A:Fil/// C/windows/privacy_danger/index/htm

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are absolutely snowed under with logs.If you still require help,please post a new Hijackthis log into your next reply.

Read other 1 answers
RELEVANCY SCORE 77.6

I have a similar prob as Kaimi in jan08
file:///C:\\WINDOWS\\privacy_danger\\index.htm
My background is white and I am unable to display my wallpaper. If right click & open up properties the address shown is file:///C:\\WINDOWS\\privacy_danger\\index.htm

main txt
Deckard's System Scanner v20071014.68
Run by Jon on 2008-05-21 20:48:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
75: 2008-05-21 19:48:41 UTC - RP1144 - Deckard's System Scanner Restore Point
74: 2008-05-20 21:11:01 UTC - RP1143 - Software Distribution Service 3.0
73: 2008-05-20 20:39:57 UTC - RP1142 - Software Distribution Service 3.0
72: 2008-05-20 19:30:44 UTC - RP1141 - Microsoft OneCare Protection Checkpoint
71: 2008-05-20 18:46:20 UTC - RP1140 - Restore Operation


-- First Restore Point --
1: 2008-03-13 18:16:26 UTC - RP1070 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 4.22 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-21 20:53:13
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.5512)
Boot m... Read more

Read other answers
RELEVANCY SCORE 77.6

I am getting this pop-up warning along with the white screen I saw someone else posting but didnt see a solution, help !
 

A:windows/privacy_danger/index.htm

Read other 15 answers
RELEVANCY SCORE 77.6

My desk top went white and I keep getting a warning about "C:/WINDOWS/privacy_danger/index.htm" How can I get rid of this malware?

A:C:/WINDOWS/privacy_danger/index.htm

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

We want all our members to follow our 5 Step process outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 77.6

hi.

i need some assistance in removing the above from my computer. the desktop is white and it does not allow me to change to the background i want.

also possibly a software program that can allow my computer to run faster.

thanks

A:c:/windows/privacy_danger/index.htm

Welcome to TSF....

First thing there is no program that is worth its salt to make your computer run faster reliably. There are programs that aspire to do this but are not worth spending the money on. If you want to make your computer run properly then do the proper maintenance on it and it will and since you do not charge yourself for working on your own computer the labor is free. What a deal. Getting to the other part of the problem please to follow the next instruction very carefully

I recommend that you read this article… (Simply, click on the links to be re-directed.)

"Having problems with spyware and pop-ups? - First Steps";
http://www.techsupportforum.com/secu...oval-help.html

Please follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the
HiJackThis Log Help Forum.
http://www.techsupportforum.com/secu...this-log-help/

Please ensure that you create a new thread in the HiJackThis Log Help Forum;
not back here in this one.

When carrying out The 5 Steps,
http://www.techsupportforum.com/secu...oval-help.html

if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum;
http://www.techsupportforum.com/secu...this-log-help/

where an Analyst will assist you with other workarounds.

Once done,... Read more

Read other 1 answers
RELEVANCY SCORE 77.6

file:///C:\\WINDOWS\\privacy_danger\\index.htm

--------------------------------------------------------------------------------

Hi im getting the error message file:///C:\\WINDOWS\\privacy_danger\\index.htm
and my desk is all white i cant have a backround i've read that this is a trojan or something .. and that you use hijackthis to get rid of it but you have to know what to fix, so i've scanned with hijackthis can someone tell me wich items to fix i would be really thankful!:



Attached is main.txt
Deckard's System Scanner v20071014.68
Run by Owner on 2008-02-28 20:34:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
13: 2008-02-29 02:34:15 UTC - RP48 - Deckard's System Scanner Restore Point
12: 2008-01-30 03:47:11 UTC - RP47 - Installed CA Desktop DNA Migrator
11: 2008-01-22 01:44:22 UTC - RP46 - System Checkpoint
10: 2008-01-19 03:04:27 UTC - RP45 - System Checkpoint
9: 2008-01-18 00:00:43 UTC - RP44 - System Checkpoint


-- First Restore Point --
1: 2007-11-02 21:03:14 UTC - RP36 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 502 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emu... Read more

A:C:\\WINDOWS\\privacy_danger\\index.htm

1. Download & save this file to DESKTOP - http://download.bleepingcomputer.com...+/ComboFix.exe

2. Double click to run it

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 1 answers
RELEVANCY SCORE 77.6

Got A Virus! My desktop is all white! Desktop Properties will not let me change it. My clock on the lower left is in military time and for example it says " 21:30: VIRUS ALERT! " Start menu was messed up. My computer menu doesn't even show the C: drive. I can only access the C: drive from the run menu. I did the five step process. I did the DSS as well. The DSS didn't post the Extra file, so i could not attach it.

I did attach the Active Scan from the panda software.

Any other information you need let me know?


Deckard's System Scanner v20071014.68
Run by Anthony Abreu on 2008-06-09 21:10:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Anthony Abreu.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10: VIRUS ALERT!, on 6/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\W... Read more

A:C:\WINDOWS\privacy_danger\index.htm

Hi, welcome to tsf!

if you still need assistance, please post a fresh main.txt log

Read other 1 answers
RELEVANCY SCORE 77.6

Recurring pop-up: windows/privacy_danger/index.htm and the desktop wallpaper is blank. Recently infected by ?skylook. Successfully removed the desktop hijack screen and other pop-ups, except for "windows/privacy_danger/index.htm".
Impressed with your sites assistance to others with a similar problem; hoping you can help me too.
 

A:windows/privacy_danger/index.htm

Read other 16 answers
RELEVANCY SCORE 76.8

hi guys
i am new to the forum and was hoping someone could help me out with a big problem

where do i start.
basically i dont have much control of my PC as when i click start all the programmes are missing, so is my run, search etc
my C drive is missing, and they have changed my desktop background to a waning virus detected
i have done a virus check via AVG, thic can only be done in safe mode
and here a re some of the virus, trojan it has found

c:windows\privacy_danger\index.htm
local seettings\temporary internet file\content\ie5\3jibvxcw\return[1].htm
c:windows\egao.exe
c:windows\esva.exe
c:windows\vitdfabwidh
and a few more
AVG says they have been deleted, however on restart the are all back, i tried ""move on boot"again no luck
i cant restore to earlier date
and i have tried rebooting ""last good settings"
so thats pretty much it
any help would be greatful
thanks in advance

A:C:windows\privacy_danger\index.htm Virus

Hi and welcome. I want to run a few tools but need to know what your operating system is,XP,Vista etc..Also what antivirus and spyware tools are installed,thanks.Please run this first .. If this is a Vista machine then please Run As AdministratorPlease download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will ... Read more

Read other 9 answers
RELEVANCY SCORE 76.8

I got a new computer and have acquired some unwanted virus/malware or whatever it is .
My desktop background is just white and won't change and i'm not quite sure what to do.

Here is the HijackThis Log -


Logfile of HijackThis v1.99.1
Scan saved at 06:58:00, on 25/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

O3 - Toolbar: bkqxdons - {A026E040-8B62-47A2-89B0-0624EB72618A} - C:\WINDOWS\bkqxdons.dll
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prun.exe"
O4 - HKLM\..\Run: [\YURBD.exe] C:\Windows\system32\YURBD.exe
O4 - HKLM\..\Run: [\YURBE.exe] C:\Windows\system32\YURBE.exe
O4 - HKLM\..\Run: [\YURBF.exe] C:\Windo... Read more

A:file://C:\WINDOWS\privacy_danger\index.htm

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 2 answers
RELEVANCY SCORE 76.8

my background went white, i have loaded hijackthis and have the following text:Deckard's System Scanner v20071014.68
Run by John Lercher on 2008-04-25 23:03:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
45: 2008-04-26 04:04:09 UTC - RP111 - Deckard's System Scanner Restore Point
44: 2008-04-26 03:38:59 UTC - RP110 - Last known good configuration
43: 2008-04-26 03:38:40 UTC - RP109 - System Checkpoint
42: 2008-04-26 03:38:38 UTC - RP108 - System Checkpoint
41: 2008-04-26 03:38:35 UTC - RP107 - Last known good configuration


-- First Restore Point --
1: 2008-04-26 03:38:13 UTC - RP67 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as John Lercher.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:14 PM, on 4/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOW... Read more

A:file://C:\WINDOWS\privacy_danger\index.htm

Hello and welcome to TSF.

This may take several rounds to clean. So, please stay with us until "all clear" is given even if the symptoms dissappear.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Read other 1 answers
RELEVANCY SCORE 76.8

Hi,

I have XP SP2 on my machine and received a message about file://C:\WINDOWS\privacy_danger\index.htm was not found while trying to watch a news video from cnn. A message appeared stating that I had to download some software to delete the virus, which I did. The background changed to red. Right-clicking will not allow me to change the desktop to anything else and the privacy_danger message keeps appearing. Any help would be greatly appreciated. Thanks in advance.
 

A:file://C:\WINDOWS\privacy_danger\index.htm

Read other 13 answers
RELEVANCY SCORE 76.8

please help i am not to good with computers and am at the end of my teather!
My background seems to have been hijact as it is just plain white and it will not let me change it. i have tried to get rid of it but to be honest i do not know what i am doing. This is the error message

file://C:\WINDOWS\privacy_danger\index.htm

also i am getting an error message popping up all the time at the bottom of my toolbar saying that my computer is infected etc. It is also loading me on to internet explorer involentarily and directing me to virus protection download sites

can any one help me please!

here is a log ( if i have done it correctly)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:13, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
c:\windows\system32\HealthNotifier.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Sec... Read more

Read other answers
RELEVANCY SCORE 76.8

Hi
I have Windows XP. I was getting pop ups for Ultimate Cleaner, Ultimate Defender, Security Alerts etc. I found a previous post that addressed this virus but the response called for the user to post their log after installing Hijakthis. I downloaded Hijack this did the scan and have the log. Can you help me through this? I have removed this with SuperAnti-Spyware but still get the error message C:/WINDOWS/PRIVACY_DANGER/INDEX popping up and my wallpaper does not work.

I downloaded and ran SDFIX both in safe mode and normal here is the report along with HiJackthis report
SDFix: Version 1.109

Run by Ulrika Fechner on Fri 10/19/2007 at 10:14 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFIX\SDFix

Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...
Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\search_res.txt - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
&... Read more

A:Solved: C:/windows/privacy_danger/index

Read other 15 answers
RELEVANCY SCORE 76.8

Please Help!! This file has corrupted my computer. My background is white and my clock says "23:14 VIRUS ALERT!". When I click Start many of my options are removed (such as run, control panel, etc.). Windows Security Center automatic updates are turned off and when I try to turn them back on it wont let me. A lot of items have been "disabled by your administrator" -- ME- and I haven't disabled anything. I tried to do a system restore and that wouldn't work either. I downloaded HJT and this is what I got:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04: VIRUS ALERT!, on 8/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.e... Read more

A:file:///C:/Windows/privacy_danger/index

Hello jrshane, Welcome to TSF!

You have posted your HJT Log in the wrong forum; only qualified analysts are permitted to give assistance and advice with them.

Please read this article? "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.
(Please change the new Thread Subscription to ?Instant Email Notification? so that you receive an email as soon as a reply is posted,)

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

Read other 1 answers
RELEVANCY SCORE 76.8

Hello, I am new here and certainly not a computer wizard so I could use some help with this one. I cannot get rid of it, my desktop has turned white and I am having some issues with this. Here is the HJT log.
Thanks in advance for any help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:28 PM, on 6/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\PS ELements\PhotoshopElementsFileAgent.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
D:\PS ELements\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Palm\hotsync.exe
C:\PROGRA~1\MICROS~4... Read more

A:Help with file:///C:\\WINDOWS\\privacy_danger\\index.htm

Hello and Welcome.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.
---------------------------------------------------------------------------------------------

Please follow our 5 Step process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 76.8

My com keep on receiving this error message of "Cannot find ///C:/WINDOWS/privacy_danger/index.htm" once in a while and my desktop background just remain white and i cant seems to change it. Is there anyway to solve it? Thanks.
 

A:Cannot find ///C:/WINDOWS/privacy_danger/index.htm

Hello ltylty. have a look here.
http://uk.search.yahoo.com/search?fr=ytff1-&p=WINDOWS/privacy_danger/index.htm&ei=UTF-8
 

Read other 1 answers
RELEVANCY SCORE 76.8

Hi im getting the error message file:///C:\\WINDOWS\\privacy_danger\\index.htm
and my desk is all white i cant have a backround i've read that this is a trojan or something .. and that you use hijackthis to get rid of it but you have to know what to fix, so i've scanned with hijackthis can someone tell me wich items to fix i would be really thankful!

A:file:///C:\\WINDOWS\\privacy_danger\\index.htm

Here are the scan results, please help me..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:12:06, on 2008-01-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\QuickTime\qttask.exe
C:\WINDOWS\system32\windetd5.exe
C:\Program\Logitech\QuickCam\Quickcam.exe
C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRAM\MOZILL~1\FIREFOX.EXE
C:\Program\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program\uTorrent\utorrent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http... Read more

Read other 2 answers
RELEVANCY SCORE 76.8

Everytime I start windows an error message appears saying C:/WINDOWS/privacy_danger/index.htm cannot be found.
I'm aware that I have a trojan but I have no clue how to fix it.
I've noticed other people with this problem have HijackThis logs, I have no idea what this is.
Please help.

Read other answers
RELEVANCY SCORE 76.8

Hello there. Need help with another one of those ever-so-pesky Trojans.
Desktop is white, Wallpaper is unchangeable. Please find enclosed DDS main and extra logs. Thank you and I look forward to your reply.



Deckard's System Scanner v20071014.68
Run by kirwan family on 2008-01-29 02:02:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
77: 2008-01-29 02:02:51 UTC - RP626 - Deckard's System Scanner Restore Point
76: 2008-01-28 14:17:29 UTC - RP625 - Installed Windows XP KB926239.
75: 2008-01-28 14:16:20 UTC - RP624 - Installed Windows XP MSCompPackV1.
74: 2008-01-28 14:09:30 UTC - RP623 - Installed Windows Media Player 11
73: 2008-01-28 09:59:36 UTC - RP622 - System Checkpoint


-- First Restore Point --
1: 2007-11-21 17:34:46 UTC - RP550 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as kirwan family.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 02:04:12, on 29/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system3... Read more

A:file:///C:\\WINDOWS\\privacy_danger\\index.htm

Hello and welcome to TSF.
Apologies for the long delay in response. We have a large number of HijackThis logs to handle and it?s taking us longer to catch up. If you haven?t received help elsewhere already and still require assistance please post a fresh HijackThis log and I?ll be happy to help you.

Thanks for your patience.

Read other 19 answers
RELEVANCY SCORE 76.8

Hi before i had This file:///C:\\WINDOWS\\privacy_danger\\index.htm issue i had a problem
i was like alot of "fake" virus scans told me to download alot of anti spyware
i used spybot search and destroy and got rid of those thing
apperently i still have "!VIRUS ALERT!" near the pc clock
i also have a white screen and can't get any backround

if any 1 can help me solve this i will be very gratefull

A:file:///C:\\WINDOWS\\privacy_danger\\index.htm

right sorry heres my log
hmm it seems i don't have an extra.txt file...
well heres the main.txt anyway

oh and one more thing after i did a reboot of my system i ran spybot again
it seems that two files name Virtumonde -and DoubleClick are still here i have deleted them at least 3 times they seem to be restoring ....anyway thank you for you time

Read other 14 answers
RELEVANCY SCORE 76

This morning i got on my computer and i saw 15 webpages, and everything was slow
I closed all them out and then noticed a big red screen with biohazard sign and the privacy thing, and when i clicked on it my wallpaper it would take me to a site and download something, but my nortan antivirus detected it and denied access to it.
So i went to the folder and deleted it, the red screen went away.
my desktop wallpaper turned white and i couldnt find a way to get rid of it.
i then turned off my computer and left my home.
i got home and turned on my computer and the red screen came up again so then my friend told me to get spybot and i deleleted some items including the privacy danger thing. but my wallpaper is still messed up and im afraid the adware or w/e malware or w/e would come back. help???

i have a dell ,windows xp

here is my logfile from hijackthis.log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\... Read more

A:Solved: file://C:\WINDOWS\privacy_danger\index.htm

Read other 16 answers
RELEVANCY SCORE 76

My name is Natalie and my computer is acting really weird. My husband downloaded some music onto my computer and now it has some kind of virus . My computer has a white screen instead of having my usual wallpaper and I can not choose a wallpaper for my desktop. Also, I am very limited in my start button options. I can't choose my c: drive or my documents or control panel. Also, it states " Virus Alert! " right by the clock and now the clock is in military mode (ex. 5:43 is now 17:43). I don't know what to do. I have read a previous posting with similar problems and I've been trying to follow the previous advice but I'm not good with computers. I read about the hijacker software you recommended a previous member to download so I had already had gone and installed the latest Hijacker software and I ran a scan. The virus is on my laptop that I use so I can work from home. Please, if someone can help me, I would really appreciate it. I ran the hijacker software scan and this is the results:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05: VIRUS ALERT!, on 8/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: NormalRunning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\Syst... Read more

A:File:///c:/windows/privacy_danger/index.htm virus....I really need someone's help !!!

Hello Natalie and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

Please DO NOT Attach logs to your posts unless you are advised to do so.

========

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When t... Read more

Read other 1 answers
RELEVANCY SCORE 76

My computer is infected with a Trojan virus that manifests itself as KVM Secure, WinSpywareProtect. My wallpaper is white and cannot be changed and I am getting a constant popup that says 'Your computer may be at risk ...etc'. In addition, an error message box keeps appearing which displays the message 'Cannot find file c:/windows/privacy_danger/index.htm. Please check path,etc'. I've tried running ad-Aware, AVG, and Avast. AVG and Avast scans can detect the virus but cannot heal it, and have moved files to the quarantine vault. A Panda Active Scan could not detect the virus. Please help me get rid of this beast!! I performed a Deckard System Scan and the here is the contents of the main.txt:

Deckard's System Scanner v20071014.68
Run by Sue on 2008-05-20 21:10:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-05-21 01:10:48 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-05-19 21:09:36 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 5.01 GiB (less than 15%) free.


-- HijackThis (run as Sue.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:05 PM, on 5/20/2008
Platform... Read more

A:Can't find file c:/windows/privacy_danger/index.htm

Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.
Please visit this webpage for download links, and instructions for running ComboFix

When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

=======================================

Please download SDFix from here and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extra... Read more

Read other 6 answers
RELEVANCY SCORE 76

I was recently infected with malware which had replaced my destop picture. While I was able to get rid of the malware with the help of Rookie147, I need help with replacing a deleted file.

I was trying to remove the desktop picture that was taking over the computer. I mistakenly deleted the files in the C:/Windows/Privacy _ danger /index.htm and emptied my recycle bin.
I now lost my screen savers and desktop backgrounds. Each time I try and set one, the Windows Internet Explorer box comes up telling me to check the path or address for the file. I have tried to rightclick in an open area of teh desktop and get no response.

Please help..
Thanks in advance.

A:Missing Windows/privacy_danger/index File

I don't have my copy of XP handy right now, but I don't recall that particular directory being a part of the Windows XP OS. Since you were infected, this could be collateral damage caused by the infection and a repair of XP would likely fix it for you. Here's a link for the how-to: http://www.michaelstevenstech.com/XPrepairinstall.htmThat'll fix most software issues that you'll encounter with the OS. There are a couple of software issues (such as drivers) that this won't fix - but it will take care of the Windows operating system files (which is where your issues seem to lie). If it doesn't fix things for you, we can move on to other areas to complete the repair of your system.

Read other 3 answers
RELEVANCY SCORE 76

Hello!

Please help me, i have a white desktop that doesn't go away. This is my hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:00 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\VNC4\WinVNC4.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.4\program... Read more

A:help pls to remove file:///C:\WINDOWS\privacy_danger\index.htm

Hello and welcome to TSF.

Please follow our 5 Step process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 76

I am having this problem everytime i log in or randomly when I am working on the net if anybody can help me I would really appreciate it.
Thank you,
Jason

I get this message: Cannot find 'file:///C:/WINDOWS/privacy_danger/index.htm'

I have attached the atach file and the root kit scanner txt file in a zipped folder.
I ran the dds and here is what it spit out:

DDS (Ver_09-01-07.01) - NTFSx86
Run by Owner at 15:22:25.53 on Mon 01/19/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.342 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE ... Read more

A:Cannot find 'file:///C:/WINDOWS/privacy_danger/index.htm'

Is there anybody out there who could possibly help me with this. It is driving me nuts trying to fix it

Read other 3 answers
RELEVANCY SCORE 75.2

Please Advise,

Am trying to figure out how to get this virus off my system but cannot seem to find a way out having tried numerous ways to remove the worm/trojan using spybot/windows defender/norton 360 and that annoying message pops up on the desktop each time i load windows anyway here is what I got from the first hijackthis log I ran

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:31 PM, on 26/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Syst... Read more

A:yet another 'cannot find file:///c:/windows/privacy_danger/index.htm' hijacking

never mind just tried the smitfraud removal tool and it got rid of it, thanks anyway
 

Read other 1 answers
RELEVANCY SCORE 75.2

Hi- I am having problems with my desktop. It is just a blank white screen and its says error file:///c:/WINDOWS/privacy_danger/index.htm all the time. Please help! Thanks!

Here is my Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:30, on 28.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common ... Read more

A:White Desktop - File:///c:/windows/privacy_danger/index.htm

Welcome to the BleepingComputer HijackThis Logs and Analysis forum matijas_sloMy name is Richie and i'll be helping you to fix your problems.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 4'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation jre-6u4-windows-i586-p.exe' [15.12 MB] and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each Java version.12. Reboot your computer once all Java components are removed.13. Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.Download SDFix.exe and save it to your desktop:http://downloads.andymanchesta.com/RemovalTools/SDFix.exe* Double click on SDFix on your desktop,and install the fix to C:\ Please then reboot your computer into Safe Mode by doi... Read more

Read other 11 answers
RELEVANCY SCORE 75.2

I am running Windows XP on Dell Dimension 2400

I had a Win32 virus infection and cleared most of the problems using a malware removal program, but still have the following problems:-

I have been trying to get the computer to recognise a new removable USB drive for backups. It is supposed to self install, but does not. I get the message "New Hardware found" etc.. but the driver never connects no matter what method I use, I have tried two different type of external drives with the same result. To try to clear the fault I reinstored the Chipset Driver, but it did not work.

Other devices work OK that were already installed. I have tried all the ports, installing manually etc.. Device manager finds it as "Other devices" with a yellow ? superimposed.

I also get the "Windows/privacy_danger/index.htm" popup, the screen wallpaper is blank "white".

None of my restore points will reinstall, I have tried every one for the last three months.

I have noticed some of the other threads have had similar problems, but not quite the same. I am not confident enough to use someone else's solution to try to clear mine.

All of my other programs seem to be running OK, the computer is slower than it was.

Any help will be apprectiated.

I have run the SDfix program, and here is the log, any help will be appreciated

geek im not
SDFix: Version 1.119

Run by I an Aitken on 23/12/2007 at 10:03

Microsoft Windows XP [Version 5.1.2600]

Running From: C... Read more

A:USB Drives not recognised, Windows/privacy_danger/index.htm popup

Bump
 

Read other 3 answers
RELEVANCY SCORE 75.2

Hi- I am having problems with my desktop. It is just a blank white screen and its says error file:///c:/WINDOWS/privacy_danger/index.htm all the time. Please help! Thanks!Here is my Hijackthis log:Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\dlcccoms.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\Dell Photo AIO Printer 924\dlccmon.exeC:\WINDOWS\system32\LVCOMSX.EXEC:&#... Read more

A:White Desktop - File:///c:/windows/privacy_danger/index.htm

Hello butterfly123,Welcome to Bleeping Computer Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),Also remove the checkmark from the the Lock Desktop Items box if it is checked.Apply.Apply and Exit Display properties.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Thanks,tea

Read other 4 answers
RELEVANCY SCORE 75.2

Hi all,

I had tried cracking a software and the keygen i got had virus. After i executing it i was not able to crack the software also i was not able to access my desktop

There was a hyperlinked image on the whole desktop. I was not able to right click. But i was able to move this image and reduce the size. Also i found tht the image was present in the SYSROOT directory and i deleted the same. But every time i restarted this folder re appears and then the same problem again

I installed AVG free antivirus. I did not install the one recommened by the hyperlink and scanned my computer. It has removed every treat it found but still instead of the image there is a white image on the desktop

Please suggest me what can be done. Also i am not sure what should i paste for your references. Please let me know if i you need any information

Rgds
Aditya

A:Cannot find 'file:///C:/WINDOWS/privacy_danger/index.html'

Sorry, we can not help you. We do not provide support for any kind of piracy matters.

You can learn more about this by reading the TSF Rules. .
http://www.techsupportforum.com/rules.php

Read other 1 answers
RELEVANCY SCORE 74.4

So, i dont know what happened, but all of a sudden these pop ups starting coming onto the desktop saying i need to download certain programs to prevent a virus or something. i didin't believe them thinking they were advertisements, so i just closed them. then my desktop became all red with a logo that looked like a biohazard sign or something, and told me to click it to go somewhere to download a program. I ran Microsoft Windows Malicious Software Removal tool, and it seemed to get rid of the pop ups. But the desktop is still white and I can't click on anything. If i move my curser to the top of the desktop a bar appears with the minimize/maximize/close boxes. Naturally, I closed it, and my desktop went back to normal... Anyways, I found another thread on here about this, and I followed the instructions and ran dss. I couldn't post a reply on that thread for some reason so I'm posting here. I've pasted the main.txt and attached the extra.txt, can anybody help?:


Deckard's System Scanner v20071014.68
Run by Owner on 2008-02-01 19:30:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
93: 2008-02-02 03:30:55 UTC - RP584 - Deckard's System Scanner Restore Point
92: 2008-02-01 20:01:06 UTC - RP583 - System Checkpoint
91: 2008-01-... Read more

A:things keep popping up! and my desktop:file:///C:\\WINDOWS\\privacy_danger\\index.htm

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

If you have any questions along the way, STOP and ask them before proceeding.

Read other 1 answers
RELEVANCY SCORE 74.4

I keep getting the error message saying windows can't find the file listed in the post heading certain settings can't be changed on my computer because like my background on my desktop for example. It is just a white screen no matter what i try and set it to. Here is the hijack this file after running virus and anti-spyware programs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:02 PM, on 3/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
c:\windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Creative\SBAudigy2ZS\AudioHQ\AHQT... Read more

A:file:///C:/windows/privacy_danger/index.html error message

Hi, if you still need help, please post a fresh HijackThis log

Read other 1 answers
RELEVANCY SCORE 74.4

Hi. I recently got a bad malware virus on my PC. I managed to remove most of it through some free programs onthe internet, but I still have the white background, and the error message "cannot find file:///c:/windows/privacy_danger/index.htm

Please HELP!!!!

Here is the log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:38 AM, on 5/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Aliant\Aliant Security Services\Fws.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Documents and Settings\Andrew\My Documents\andrew's stuff\software and downloads\iTunes\iTunesHelper.exe
C:\Program Files\Aliant\Aliant Servicepoint Agent\ASA.exe
C:\Program Files\Aliant\Aliant Sec... Read more

A:Solved: cannor remove file:///c:/windows/privacy_danger/index.htm

Read other 9 answers
RELEVANCY SCORE 74.4

please someone help. i keep on gettin this error message. can someone help me get this off. i cant change my desktop, it's just plain white.

Read other answers
RELEVANCY SCORE 74.4

Hi just got infected with a virus which leave desktop white and I cant set any bacground without the error in the title have run a Highjack this scan belowLogfile of Trend Micro HijackThis v2.0.2Scan saved at 19:39:22, on 31/08/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\CTXFIHLP.EXEC:�... Read more

A:White Desktop - File:///c:/windows/privacy_danger/index.htm Help Needed

I also ran a SmitfraudFix log as well

can anyone please help

SmitFraudFix v2.343

Scan done at 19:42:28.90, 31/08/2008
Run from C:\Documents and Settings\Jim\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is
Fix run in normal mode

???????????????????????? Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:... Read more

Read other 12 answers
RELEVANCY SCORE 73.6

Hi- I am having problems with my desktop. It comes up with a blank white screen and its says error file:///c:/WINDOWS/privacy_danger/index.htm all the time.
So i downloaded SmitFraudFix, i ran it in safe mode etc, it would be ok for a day then the next morning i turn my computer on, the white screen, and the error messege file:///c:/WINDOWS/privacy_danger/index.htm would come up again!
Heres the report i got from SmitFraudFix: Any help would be great, thank you!!

SmitFraudFix v2.329

Scan done at 9:37:41.81, 05/07/2008
Run from C:\ugh\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

???????????????????????? SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

???????????????????????? Killing process
???????????????????????? hosts
127.0.0.1 localhost

???????????????????????? VACFix

???????????????????????? Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
???????????????????????? Generic Renos Fix

GenericRenosFix by S!Ri
???????????????????????? Deleting infected files
???????????????????????? IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

???????????????????????? 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
???????????????????????? DNS

HKLM\SYSTEM&#... Read more

A:Blank White Screen And Its Says Error File:///c:/windows/privacy_danger/index.htm

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button t... Read more

Read other 7 answers
RELEVANCY SCORE 73.6

I am getting the following error. I also have a white desktop. Please help.

Cannot find 'file:///c:/Windows/privacy_danger/index.htm'. Make sure the path or Internet address is correct.

I have run HiJackThis and this is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:14: VIRUS ALERT!, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
... Read more

Read other answers
RELEVANCY SCORE 72.4

Please help!





Deckard's System Scanner v20071014.68
Run by Sergio on 2008-08-02 11:00:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-08-02 18:00:39 UTC - RP1 - Punto de control del sistema


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Sergio.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:27 AM, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Viewpoint\Common\Viewp... Read more

A:file:///C:/WINDOWS/privacy_danger/index.htm (Moved from Windows XP)

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download ATF Cleaner at http://www.atribune.org/ccount/click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Uninstall the following via the Add/Remove Panel (Start->Settings->Control Panel->Add/Remove Programs) if found:

Messenger Plus - this is where you got some of the infections from
ErrorSafe
MyWebSearch
MyWay
Deskbar
Viewpoint

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Archivos de programa\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
R3 - URLSearchHook: ... Read more

Read other 1 answers
RELEVANCY SCORE 70.8

my display shows a white screen and keeps giving the error :///C:/WINDOWS/privacy_danger/index.htm' Logfile of HijackThis v1.99.1
Scan saved at 10:44:40 PM, on 8/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\sy... Read more

A:windows error :///C:/WINDOWS/privacy_danger/index.htm'

Hello supaboy, Welcome to TSF!

You have posted in the wrong forum...only qualified analysts are permitted to advise you with your HJT logs.

Please read this article? "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.
(Please change the new Thread Subscription to ?Instant Email Notification? so that you receive an email as soon as a reply is posted,)

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

Read other 1 answers
RELEVANCY SCORE 68.8

When I got home yesterday my computer was possessed by something... I started running everything I had or could find at it including spybot s&d, lavasoft adware and avg antivirus. After battling it for three hours I finally got avg to run through as well as the others. Now the computer is similar to normal, except for most noticably the desktop. the red screen is no longer there but something remains owned by privacy_danger\index.htm Also there seems to be files attempting to run, which are being stopped by spybot s&d.

I hope that my self help attempts have not made matters worse

Thank you for your help
Renn

A:C:\windows2\privacy_danger\index.htm

I ran malwarebytes and a lot seems to have been removed from my system. the wallpaper is gone.

here is the log

Malwarebytes' Anti-Malware 1.11
Database version: 635

Scan type: Full Scan (C:\|)
Objects scanned: 232243
Time elapsed: 1 hour(s), 56 minute(s), 33 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 12
Registry Values Infected: 7
Registry Data Items Infected: 2
Folders Infected: 19
Files Infected: 50

Memory Processes Infected:
C:\Documents and Settings\All Users.WINDOWS2\Application Data\dajixonc\vexibwrs.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS2\system32\awtqoLeD.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06f6148a-8e85-4cb4-a059-cf3dedd98322} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{06f6148a-8e85-4cb4-a059-cf3dedd98322} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c14e6230-757d-4246-81ce-b34e2940c722} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c14e6230-757d-4246-81ce-b34e2940c722} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_U... Read more

Read other 4 answers
RELEVANCY SCORE 68.8

I got a virus and use avast to remove it, however the danger screen came on and I couldn't get rid of it so I went into the windows file and removed the file. Now I cant get my backround screen to come back. I also lost my two drives from the mycomputer screen. can anyone help me?

A:privacy_danger/index.htm deleted

Hello samice,

I suggest that you run the steps located in the malware removal forum. Please run as many steps as possible. After completing the final step you will be able to post a hijackthis log for one of the experts to analyze and assist you with this. Please be patient as that is a busy forum.

Just click the link below.

http://www.techsupportforum.com/secu...oval-help.html

Read other 1 answers
RELEVANCY SCORE 68.8

i am running on Windows XP and i have this file : C:\WINNT\privacy_danger\index.htm on my computer. it has slowed down my compuet, turned my personal backround white and Udefender keeps coming up! it is really annoying. I do manage to get rid of it using SUPERantispyware but it comes back again and again!

HELP!
 

Read other answers