Hijack by ABI Network

cicerone imposter
Reply Fri 10 Jun, 2005 08:46 pm
ibrachels, The mypctuneup uninstall might work to get rid of ABI Network adware, but how do you know you didn't install a spyware at the same time? I'm just asking the question, because their method of hijacking our computer should be illegal to begin with. We need to contact our congress representatives to find out if they can stop these criminals from writing programs that takes over our computer.
0 Replies
Reply Fri 10 Jun, 2005 11:06 pm
Aurora Mal Ware
I ran Ad-aware, but Aurora still pops up. I read on this thread to D/L HijackThis and post the results, so here goes:

Logfile of HijackThis v1.99.1
Scan saved at 10:01:38 PM, on 6/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\America Online 9.0b\aoltray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.aol.com/DoReEgon/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll (file missing)
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: MBKWBar - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - C:\Program Files\MBKWBar\IEToolBar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Enh Win Updt] C:\WINDOWS\enhupdt.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [gxkdsp] c:\windows\system32\rsjlpn.exe r
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A70DFA47-3493-4DEC-BA86-6CF11B8FFC81}: NameServer =
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

0 Replies
Reply Sat 11 Jun, 2005 07:38 am
Yes mypctuneup is free, I was wrong to make that evil claim. I still believe they caused the adware virus. But running it did not work for me. Even more adware files detected between Norton, Trend Micro, and Spybot. I will try one of the guru methods discussed earlier before giving up and starting over.
0 Replies
Reply Sat 11 Jun, 2005 02:33 pm



Unless and untill the preliminary steps and scans are accomplished, including all necessary updates, and your particular specific help request is opened in its own topic, as directed, it is highly likely no help will be forthcoming.
0 Replies
Reply Sat 11 Jun, 2005 05:09 pm
Cicerone, I didnt try the fix. In fact i dont recall seeing a fix posted that people were claiming worked! This method seems to have worked. On their site it says the fix also installs somthing that stops you downloading their ad progs again. which is a blessing providing its not doing anything else.
0 Replies
Reply Sun 12 Jun, 2005 08:32 am
abi network aurora spyware
maybe this will help. its a programm which consists of various spyware killers. it worked for me.

0 Replies
Reply Tue 14 Jun, 2005 12:17 am
Re: ABI Network - not the Toronto ABI Network!
tallrobert wrote:
Hi, my name is Robert and I am the Communications Coordinator for the Toronto ABI Network.

Wow! I have been getting so many messages from people about this pop up problem!! And many of them are not very kind!

Just wanted to say that the Toronto ABI Network is absolutely not responsible for this. I will be following up and posting some information on our website when I find out. You can look there in the future for answers if you choose ... www.abinetwork.ca

hello rpbert, where can my customer send you the bill at? what's your address? i charged him $300.00 to get this off his laptop. give me an email when you get a chance. thnx matt.
0 Replies
guy in his dark room
Reply Tue 14 Jun, 2005 01:58 am
I am having the exact same problem. I havent managed to fix it yet, but this may help. Go to your C:\Documents and Settings\[user]\local settings\temp folder and first end the aurora process then delete all of the aurora programs on here. This is not the only place where the .exe exists but it is one(I had 3 of them in there).
0 Replies
cicerone imposter
Reply Tue 14 Jun, 2005 09:37 am
Quote, "Cicerone, I didnt try the fix. In fact i dont recall seeing a fix posted that people were claiming worked! This method seems to have worked. On their site it says the fix also installs somthing that stops you downloading their ad progs again. which is a blessing providing its not doing anything else."

What we are unsure of with "mypctuneup" is whether they have put spyware into your computer. That's the reason why I have recommended going to the Computer Forum on a2k, and follow timber's detailed instruction.
0 Replies
Reply Tue 14 Jun, 2005 10:15 am
There is something truly strange about this whole thread. Anybody else notice? Note: It has nothing to do with c.i.
0 Replies
cicerone imposter
Reply Tue 14 Jun, 2005 10:27 am
And it has nothing to do with you! Why do you find that strange? LOL
0 Replies
Reply Tue 14 Jun, 2005 10:31 am
What are you talking about c.i.?
0 Replies
Reply Tue 14 Jun, 2005 10:39 am
What I was talking about was the large number of first time posters on A2K appearing here.
0 Replies
cicerone imposter
Reply Tue 14 Jun, 2005 11:57 am
So? What does that have to do with anything about this forum?
0 Replies
Reply Tue 14 Jun, 2005 12:08 pm
Ever shop at EBay?
0 Replies
cicerone imposter
Reply Tue 14 Jun, 2005 02:27 pm
Not lately, but yes. So, what's your point?
0 Replies
Reply Tue 14 Jun, 2005 02:35 pm
I think this topic comes up easily in a goolge search on the problem.

CI how did you get infected with this ? I'm just counting my lucky stars I don't or didn't get this yet - on any of our PC's
0 Replies
cicerone imposter
Reply Tue 14 Jun, 2005 02:38 pm
husker, I'm not sure how my computer got infected. The only links I usually open are those that are "safe" according to my ISP provider. I don't open emails from people I do not recognize, and delete them.
0 Replies
PC dr
Reply Tue 14 Jun, 2005 06:13 pm
fix I think
I tried all of the tools mentioned plus symantec's removal tool for betterinternet. None worked.

SO...I created new versions of the 3 main offending files on my desktop. I set the attribute on these files to read-only and then denied all file permissions for the user currently logged on and the alluser user. I Then cut/pasted all three into the proper directory accepted replace current version of files. I got access denied on the drpmon.dll file so I just changed attributes & permissions on the original file. After doing this run regedit.exe and do finds for the 3 files. Delete each instance you find. After cleaning the registry, reboot. On restart run ad-aware or the like to remove remnants.

The 3 files you want to replace are:



%system%\windows\xxxxxxxx.exe </b>

The last file has different names but all are just a bunch of letters. Mine was <b>atldxwxjztf.exe</b>. I found the filename using the threat advisory in Symantec AV. You might check your AV's quarantine for the filename. You can also look in the windows directory for a suspect file. When you find one, open the properties dialog box and click the version tab. If this is the correct file, when you highlight <b>"company"</b> it will show <b>"Direct Revenue"</b> as the company name. Create a replacement file with the same filename with read-only attributes and denied permissions to current user and allusers. Replace the file in the windows directory.

This thing sucks. I think I got it from either goldenpalacecasino.com or partypoker.com. I plan on sending a bill to Direct Revenue for the time that I spent on my machine. I will also tell my clients that they should do the same with my invoice to them. When I get over a couple of grand worth of these I plan to sue these yahoos. The way it's spreading this might even reach class action status. I'm not an atty, but it sounds like a good plan.
0 Replies
cicerone imposter
Reply Tue 14 Jun, 2005 06:30 pm
PC-dr, Include me in the class action suit. I don't want any money, but I want them to spend the bucks to defend themselves. I hope it costs them millions.
0 Replies

Related Topics

Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
Copyright © 2023 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.04 seconds on 06/05/2023 at 06:42:04