Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
PSW.Bipsy virus
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > PSW.Bipsy virus  
Forum Quick Jump
 
New Topic Post reply to : PSW.Bipsy virus Printable version of : PSW.Bipsy virus
[ << Previous Thread | Next Thread >> ]

Neenay
New Member


Date Joined May 2004
Total Posts : 1
  		   Posted 5-1-2004 6:51 (GMT +2)    Quote: PSW.Bipsy virusAlert an admin about: PSW.Bipsy virus
I have the free version of AVG and it keeps telling me that I have the PSW.bispy virus, but when I run a scan nothing comes up. Or when I run Spysweepr, nothing shows up there too.

I downloaded Hijackthis and here is my log:

Logfile of HijackThis v1.97.7
Scan saved at 12:29:19 PM, on 5/1/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Office keyboard utility\1.2\nhksrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SDPhotoBar.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Office keyboard utility\1.2\osd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG05.EXE
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Shanee\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://if.searchcentrix.com/sidecat.jsp?p=98567&appid=21&id=1427196810107175
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://if.searchcentrix.com/sidecat.jsp?p=98567&appid=21&id=1427196810107175
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https://:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Shanee\Application Data\Mozilla\Profiles\default\mvrfc6c4.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5COnline%20Services%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Shanee\Application Data\Mozilla\Profiles\default\mvrfc6c4.slt\prefs.js)
O1 - Hosts: 64.200.25.145 gator.com #cooklop
O1 - Hosts: 64.200.25.145 tripod.com #cooklop
O1 - Hosts: 64.200.25.145 www.tripod.com #cooklop
O1 - Hosts: 64.200.25.145 adultfriendfinder.com #cooklop
O1 - Hosts: 64.200.25.145 www.adultfriendfinder.com #cooklop
O1 - Hosts: 64.200.25.145 cj.com #cooklop
O1 - Hosts: 64.200.25.145 www.cj.com #cooklop
O1 - Hosts: 64.200.25.145 paypopup.com #cooklop
O1 - Hosts: 64.200.25.145 www.paypopup.com #cooklop
O1 - Hosts: 64.200.25.145 thehun.net #cooklop
O1 - Hosts: 64.200.25.145 www.thehun.net #cooklop
O1 - Hosts: 64.200.25.145 worldsex.com #cooklop
O1 - Hosts: 64.200.25.145 www.worldsex.com #cooklop
O1 - Hosts: 64.200.25.145 free6.com #cooklop
O1 - Hosts: 64.200.25.145 www.free6.com #cooklop
O1 - Hosts: 64.200.25.145 trafficmp.com #cooklop
O1 - Hosts: 64.200.25.145 www.trafficmp.com #cooklop
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {07F64795-74BD-45A5-8CA6-5344CA9256D6} - C:\WINDOWS\system32\ipyig.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-DFF7-EC6BF4D5FA7D} - C:\WINDOWS\gsim.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Program Files\Office keyboard utility\1.2\OFFICEKB.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [System Efficiency Monitor] mscommand.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [System Efficiency Monitor] mscommand.exe
O4 - HKCU\..\Run: [SDPhotoBar.exe] C:\PROGRA~1\SDPhotoBar.exe
O4 - HKCU\..\Run: [Internet Washer Pro] C:\Program Files\Internet Washer Pro\iw.exe min
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: Stardock ObjectBar.lnk = C:\Program Files\Object Desktop\ObjectBar\ObjectBar.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MT It! - http://WWW.1ideal-life.COM/cgi-bin/moveabletype/mt.cgi?__mode=reg_bm_js&bm_show=text_more&bm_height=520
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: DigiChat Applet - http://host3.digichat.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.autoweb.com/content/research/vir/index.cfm?id=13300;TAWEB&year=2002&make_vch=Mazda&model_vch=Tribute&showIN=yes&Vehicle_Number_int=1009752&action=media
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://mf.hud.gov:63001/CFIDE/classes/CFJava.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://aol.musicnotes.com/download/mnviewer.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021017/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/customerxsigned33.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://wdownload.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D528D6E7-EC9C-4A76-9609-6DCD41402DFA} (IQ RemotePrint Control) - http://promo.iq.com/common/download/RemotePrint.CAB
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://carpoint.msn.com/components/ocx/autopricer/autopricer.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.walmartphotocenter.com/photo/upload/XUpload.ocx



What do I need to fix to get rid of this virus, TIA!
Back to Top
 

Destroyer
Trusted Member


Date Joined Mar 2004
Total Posts : 245
  		   Posted 5-1-2004 8:35 (GMT +2)    Quote: PSW.Bipsy virusAlert an admin about: PSW.Bipsy virus
So you mean that AVG resistant shiled detects the virus, but when you do a scan it doesent find anything
 
What i reccomend is going through all the settings, turning all protection to full, and making sure it scans in archives
 
Then reboot the computer into safe mode and run a scan there
 
MAKE sure you do a scan with these
 
Ad-aware
Pestpatrol
 
all in safe mode

Post Edited (Destroyer) : 5/1/2004 6:39:00 PM GMT

Back to Top
 

crawdady
New Member


Date Joined Jun 2004
Total Posts : 1
  		   Posted 6-11-2004 4:38 (GMT +2)    Quote: PSW.Bipsy virusAlert an admin about: PSW.Bipsy virus
i'm having the exact same problem as neenay avg tells me to run a scan and when i do it doesnt find it. it being psw.bipsy.when i try to run avg in safe mode it doesnt work and i cant find pestpatrol romavale program any were. any ideas on wat to do to get rid of this?
 
Back to Top
 

Tiger-Stripe
New Member


Date Joined May 2004
Total Posts : 37
  		   Posted 6-11-2004 6:31 (GMT +2)    Quote: PSW.Bipsy virusAlert an admin about: PSW.Bipsy virus
smilewinkgrin Well you could disable the anti-virus software and then run a full scan of the C: drive but that is just me.
Back to Top
 

Petria
Junior Member


Date Joined Mar 2004
Total Posts : 90
  		   Posted 6-17-2004 11:44 (GMT +2)    Quote: PSW.Bipsy virusAlert an admin about: PSW.Bipsy virus
It very much depends on the settings of your scanning feature... look in the rules set in your antivirus scan feature and see if all the locations, archives are selected to be scanned...
 
 
Back to Top
 
New Topic Post reply to : PSW.Bipsy virus Printable version of : PSW.Bipsy virus
 
Forum Information
Currently it is Thursday, May 24, 2012 4:21 PM (GMT +2)
There are a total of 82.924 posts in 18.687 threads.
In the last 3 days there were 1 new threads and 5 reply posts. View Active Threads
Who's Online
This forum has 33975 registered members. Please welcome our newest member, scottsims15.
28 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Bogus BullGuard Websites (2)24-05-2012 08:34:31 (Andreea-Luciana Ostache)
Multiple Virus Issues (9)24-05-2012 06:34:16 (Touch)
Empty tmp folders (14)21-05-2012 19:31:13 (Andreea-Luciana Ostache)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard Internet Security