[url]http://www.treestompertime.net/[/url]

[Soixante]

Does any one know who these are.I have executable files that keep trying to connect here,i block them with my firewall.Thing is the executables keep changing from say p6tt.exe to fgf5.exe and so on.I constantly block any thing to this url.The funny thing is if you go to this url,You get a message "what do you want to find here"???here it the url again. http://www.treestompertime.net/

on using google this is the only result i get.Any ideas any one?

[ViRaL1]

Definitely spyware. Try CWShredder from download.com. Also try AdAware and Spybot.

[Soixante]

Thanks i have never used spyboy before so i am posting the log for all you knowledgable folk,as i dont understand it.

this is it>>

Alexa Related: Link (Replace file, nothing done)
C:\WINDOWS\Web\related.htm

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-484763869-1060284298-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\Zones\0\1004!=W=3


--- Spybot - Search && Destroy version: 1.3 ---
2004-11-29 Includes\Cookies.sbi
2005-01-27 Includes\Dialer.sbi
2005-01-27 Includes\Hijackers.sbi
2005-01-11 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2005-01-27 Includes\Malware.sbi
2004-11-29 Includes\Revision.sbi
2004-11-29 Includes\Security.sbi
2005-01-27 Includes\Spybots.sbi
2004-11-29 Includes\Tracks.uti
2005-01-27 Includes\Trojans.sb

[ViRaL1]

Nothing major fixed there. Try CWShredder.

[Faustus]

Also try a virus scanner.

[888888]

Try "Hijackthis" maybe?

[Soixante]

virus scan done,nothing found.CWShredder,nothing found.Hijack this still to do.Ok done hijack this and this is the thing that has been giving me trouble>>>O4 - HKCU\..\RunOnce: [95w0gwf.exe] C:\WINDOWS\System32\95w0gwf.exe /k
Thing is the exe file keeps changing when i block it,can and how do i delete it,will that sort the problem out?

Thanks

[ViRaL1]

Start > Run > MSCONFIG.

Go to the Startup tab, there's probably something there with some random file name that's running in startup. The first step is to disable that.

[thecoalman]

Start > Run > MSCONFIG.

Go to the Startup tab, there's probably something there with some random file name that's running in startup. The first step is to disable that.

You can go to http://www.sysinfo.org/startuplist.php to see what the files are. I'd take virals advice a little farther. Anything you find note the loction and type regedit in the run box and delete it from the registry.

BTW, I found this recent article with the same description as you (see the third paragraph), you might want to see if there is any follow ups. http://computercops.biz/postp440828.html

[Soixante]

Start > Run > MSCONFIG.

Go to the Startup tab, there's probably something there with some random file name that's running in startup. The first step is to disable that.

I cant understand this ,i cant find anything that should not be there.Is there a possibility this ex file is running from inside another program?

http://computercops.biz/postp440828.html Interesting that someone else has this problem,but unfortunately no follow ups.Will be interesting to know what this .Any way thanks for your help.

[thecoalman]

Start > Run > MSCONFIG.

Go to the Startup tab, there's probably something there with some random file name that's running in startup. The first step is to disable that.

I cant understand this ,i cant find anything that should not be there.Is there a possibility this ex file is running from inside another program?

http://computercops.biz/postp440828.html Interesting that someone else has this problem,but unfortunately no follow ups.Will be interesting to know what this .Any way thanks for your help.

Could be hiding and executing from anyone of a number of places including somewhere eles in the registry. Try turning off system restore.... another hiding place.

[ViRaL1]

When you open Task Manager, do you see any processes that you don't recognize? Also if you don't mind, show us a screen cap of your startup apps listed in MSCONFIG.

EDIT: I hate to ask but, what version of AdAware are you running? Is there anything that keeps coming up in AdAware from one scan to the next?

[Soixante]

When you open Task Manager, do you see any processes that you don't recognize? Also if you don't mind, show us a screen cap of your startup apps listed in MSCONFIG.

EDIT: I hate to ask but, what version of AdAware are you running? Is there anything that keeps coming up in AdAware from one scan to the next?

Here is the screen shot of startup'



I use Adaware se personel.Adaware when i scan always shows that Adtomi is present.I did post for help about this before.I did as suggested by deleting it from registry with system restore turned off.But whenever i scan it with adaware it shows it still there.

[offline]

Ok.. go to http://www.pestpatrol.com
and run their on line scanner. Post the name
of what you find.

[Soixante]

Ok.. go to http://www.pestpatrol.com
and run their on line scanner. Post the name
of what you find.

This is what pest patrol found,i havent a clue what it is or where i got it?I have put in the URL below as it is a big report.Done a sytem search for this and nothing shows up??
Thanks
EDIT maybe that is the google toolbar
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453088662

[Faustus]

Well its SOMETHING, maybe nobody knows about it yet. lol

[thecoalman]

Well its SOMETHING, maybe nobody knows about it yet. lol

That's what I'm thinking, I'd go to the spybot or adaware forum and post about it. Maybe you could submit it as possibly a new threat, Usually when you have something that's well known there's numerous returns in google and google only gives that one return for that website and it's recent.

You could alwaqys smash it with an Axe..... That always works, I have a gif animation on the way to demonstrate the correct technique.

[bazooka]

When you open Task Manager, do you see any processes that you don't recognize? Also if you don't mind, show us a screen cap of your startup apps listed in MSCONFIG.

EDIT: I hate to ask but, what version of AdAware are you running? Is there anything that keeps coming up in AdAware from one scan to the next?

Here is the screen shot of startup'



I use Adaware se personel.Adaware when i scan always shows that Adtomi is present.I did post for help about this before.I did as suggested by deleting it from registry with system restore turned off.But whenever i scan it with adaware it shows it still there.

If I were you, I would also get rid of memtuneup. You do not need it. You are using system resources to free up resources. It doesn't make sense.

[offline]

It looks like multiple trojans/worms.
Try a demo version of Panda Titanium.
http://www.pandasoftware.com/