• Welcome to Tux Reports: Where Penguins Fly. We hope you find the topics varied, interesting, and worthy of your time. Please become a member and join in the discussions.

Log of Internet Explorer activity on my PC

S

Serafino Marinelli

Flightless Bird
Please,
anyone can help me to understand who is writing a log that outline all web
accessed? I am with IE8 on Vista SP2. I am suspicious because if there are
the web's names it can possible also outline user and password used to
access other web (i.e. bank web).
The named log is available
C:/Users\Admin\Appdata\Local\Temp\Low\dsSam_iexplore.exe.log (I attach an
example with access to www.google.it).
I don't know if it is created by IE8 or I am some malware installed.
Thanks in advance
Serafino
 
R

Robert Aldwinckle

Flightless Bird
"Serafino Marinelli" <serafino.marinelli@libero.it> wrote in message
news:4E019A55-216F-4742-B802-75A2B4E9DC41@microsoft.com...
> Please,
> anyone can help me to understand who is writing a log that outline all web
> accessed? I am with IE8 on Vista SP2. I am suspicious because if there are
> the web's names it can possible also outline user and password used to
> access other web (i.e. bank web).
> The named log is available
> C:/Users\Admin\Appdata\Local\Temp\Low\dsSam_iexplore.exe.log (I attach an
> example with access to www.google.it).
> I don't know if it is created by IE8 or I am some malware installed.
> Thanks in advance
> Serafino


It looks as if you have enabled some kind of diagnostic for something called
NSP? Apparently it is checking for a proxy called gapsvc.exe Does that
name mean anything to you?


HTH

Robert Aldwinckle
---
 
S

Serafino Marinelli

Flightless Bird
Hi Robert and all people,
sorry for delay to replay, but I was out of home for over a week ...
Thankyou for interest in this problem.

I don't know which are the meaning of NSP and gapsvc.exe. Apparently no-one
file or other refer to gapsvc.exe in all my system ... I did a search over
all C: for gapsvc.exe ... the only references are those present in the named
log and in your mail message.

But I must add some information that previoulsy I didn't wrote.

In December 23rd, I was very stupid and, starting with a mail message
received that I missunderstood, I had installed on my system a malware named
"plugin.exe"; I found many information on internet data but, unfortunately,
only after my problem.

The best of these informations was located at
"http://www.threatexpert.com/report.aspx?md5=bc7ee8226a8db0e67e27e61c3838eee5";
this identify all (?) activity done on system, I located all modules in the
system files and many (not all of those pointed) of the registry
modifications. I have deleted all modules and all registry identified. No
information found about the named file "dsSam_iexplore.exe.log" neither in
the entry nor in other.

I'm enough sure that the log was born with "plugin.exe".

Now the problem is:
- can be possible that there are some other modules linked to "plugin.exe"
in the system that create and populate the log, or
- the malware did some modifications on internet explorer default enabling
some kind of diagnostic, and if yes which?
I'm unable to replay to this question.
Can this help you ... to help me?
Thanks
Serafino

"Robert Aldwinckle" <robald@techemail.com> ha scritto nel messaggio
news:uSsILeAxKHA.3408@TK2MSFTNGP06.phx.gbl...
>
>
> "Serafino Marinelli" <serafino.marinelli@libero.it> wrote in message
> news:4E019A55-216F-4742-B802-75A2B4E9DC41@microsoft.com...
>> Please,
>> anyone can help me to understand who is writing a log that outline all
>> web
>> accessed? I am with IE8 on Vista SP2. I am suspicious because if there
>> are
>> the web's names it can possible also outline user and password used to
>> access other web (i.e. bank web).
>> The named log is available
>> C:/Users\Admin\Appdata\Local\Temp\Low\dsSam_iexplore.exe.log (I attach an
>> example with access to www.google.it).
>> I don't know if it is created by IE8 or I am some malware installed.
>> Thanks in advance
>> Serafino
>
>
> It looks as if you have enabled some kind of diagnostic for something
> called NSP? Apparently it is checking for a proxy called gapsvc.exe
> Does that name mean anything to you?
>
>
> HTH
>
> Robert Aldwinckle
> ---
 
P

PA Bear [MS MVP]

Flightless Bird
There is a very good chance that you are still seeing the effects of a
hijackware infection!

NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help!

Microsoft PCSafety provides home users (only) with no-charge support in
dealing with malware infections such as viruses, spyware (including unwanted
software), and adware.
https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

Also available via the Consumer Security Support home page:
https://consumersecuritysupport.microsoft.com/

Otherwise...

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.

2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

2b. Vista or Win7=> Run this scan instead:
http://onecare.live.com/site/en-us/center/whatsnew.htm

3. Now run a thorough check for hijackware, including posting requested logs
in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

Checking for/Help with Hijackware:
.. http://mvps.org/winhelp2002/unwanted.htm
.. http://inetexplorer.mvps.org/tshoot.html
.. http://www.mvps.org/sramesh2k/Malware_Defence.htm
.. http://www.elephantboycomputers.com/page2.html#Removing_Malware

**Chances are you will need to seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://www.spywarewarrior.com/viewforum.php?f=5,
http://www.dslreports.com/forum/cleanup,
http://www.bluetack.co.uk/forums/index.php,
http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002


Serafino Marinelli wrote:
> Hi Robert and all people,
> sorry for delay to replay, but I was out of home for over a week ...
> Thankyou for interest in this problem.
>
> I don't know which are the meaning of NSP and gapsvc.exe. Apparently
> no-one
> file or other refer to gapsvc.exe in all my system ... I did a search over
> all C: for gapsvc.exe ... the only references are those present in the
> named
> log and in your mail message.
>
> But I must add some information that previoulsy I didn't wrote.
>
> In December 23rd, I was very stupid and, starting with a mail message
> received that I missunderstood, I had installed on my system a malware
> named
> "plugin.exe"; I found many information on internet data but,
> unfortunately,
> only after my problem.
>
> The best of these informations was located at
> "http://www.threatexpert.com/report.aspx?md5=bc7ee8226a8db0e67e27e61c3838eee5";
> this identify all (?) activity done on system, I located all modules in
> the
> system files and many (not all of those pointed) of the registry
> modifications. I have deleted all modules and all registry identified. No
> information found about the named file "dsSam_iexplore.exe.log" neither in
> the entry nor in other.
>
> I'm enough sure that the log was born with "plugin.exe".
>
> Now the problem is:
> - can be possible that there are some other modules linked to "plugin.exe"
> in the system that create and populate the log, or
> - the malware did some modifications on internet explorer default enabling
> some kind of diagnostic, and if yes which?
> I'm unable to replay to this question.
> Can this help you ... to help me?
> Thanks
> Serafino
>
> "Robert Aldwinckle" <robald@techemail.com> ha scritto nel messaggio
> news:uSsILeAxKHA.3408@TK2MSFTNGP06.phx.gbl...
>>
>>
>> "Serafino Marinelli" <serafino.marinelli@libero.it> wrote in message
>> news:4E019A55-216F-4742-B802-75A2B4E9DC41@microsoft.com...
>>> Please,
>>> anyone can help me to understand who is writing a log that outline all
>>> web
>>> accessed? I am with IE8 on Vista SP2. I am suspicious because if there
>>> are
>>> the web's names it can possible also outline user and password used to
>>> access other web (i.e. bank web).
>>> The named log is available
>>> C:/Users\Admin\Appdata\Local\Temp\Low\dsSam_iexplore.exe.log (I attach
>>> an
>>> example with access to www.google.it).
>>> I don't know if it is created by IE8 or I am some malware installed.
>>> Thanks in advance
>>> Serafino
>>
>>
>> It looks as if you have enabled some kind of diagnostic for something
>> called NSP? Apparently it is checking for a proxy called gapsvc.exe
>> Does that name mean anything to you?
>>
>>
>> HTH
>>
>> Robert Aldwinckle
>> ---
 
You must log in or register to reply here.
Top