Skip to main content

countrygypsy

42 Posts

November 7th, 2004 06:00

spyware is detected..hijack spyware detected..can't fix..still getting pop up's galore..all started on election day

jamez kann

860 Posts

November 7th, 2004 08:00

Hi
1)let us know what this finds eTrust AV web scanner 
2)
A Download Spybot     

B Download Ad-aware SE Personal 1.05  and addons VX2 Cleaner

C. Download CWShredder 

3) Start Windows in Safe Mode by pressing F8 as the computer is booting and choosing Safe Mode, then Turn off System Restore for Windows ME and Windows XP.How to Boot to Safe mode How to Disable System Restore

4) Open My Computer and choose Tools, then click on Folder Options, click on the View tab and under Advanced Setting, choose Show Hidden Files and Folders, then click on OK and close My Computer. In Windows XP/2000, you may also want to uncheck the options for "Hide extensions for known file types" and "hide protected operating system files". How to Show Hidden Files and Folders

5) Run spybot,adaware and cwshredder in safe mode

Tutorials on how To Install Spybot Search and Destroy Tutorial2  UpdateSpybot

install vx2 cleaner and then run adaware Tutorial using Ad-aware AdAware SE Tutorial by H@ns

Tutorial - How to remove CoolWebSearch with CWShredder

6) Reboot into normal mode hijackthis log(Your hijackthis version is outdated )

Download from SpywareInfo and repost your

jamez kann

860 Posts

November 7th, 2004 15:00

Wont update? Did it download properly ? try redownloading it and run it in SAFE MODE.What about the rest of the programs listed?

countrygypsy

42 Posts

November 7th, 2004 15:00

the ad-aware wont update..i get messages that the file cant be read..
 
the virus scan came up no virus's found....

countrygypsy

42 Posts

November 7th, 2004 16:00

i ran them all and removed bunch of malware..there were 301 found without the update..reinstalling and doing it all again..will get back soon

countrygypsy

42 Posts

November 7th, 2004 17:00

when re downloading ad-aware i got a runtime error 216 at 004f8a5  also when i re ran spybot scan i found malware in look2me..pop ups continuing the addy is http://ads2.revenue.net/l?O_CREATIVE_ID=206491&O_SITE_ID=13442&

countrygypsy

42 Posts

November 7th, 2004 18:00

done..below is copies of hijack this, and the scan results, no virus detected and the cwshredder fixed problems there..

 

 

Logfile of HijackThis v1.98.2
Scan saved at 3:13:46 PM, on 11/07/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\PROGRAM FILES\COMCAST\SECURITY MANAGER\APP\AUTHSL.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMCAST\SECURITY MANAGER\APP\PRISM.EXE
C:\PROGRAM FILES\A2\A2GUARD.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.search.defaultengine", " http://www.google.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\dy92hpry.slt\prefs.js)
O2 - BHO: AuthBHO.cBHO - {E434D3C7-A673-4100-8140-79C020945017} - C:\PROGRAM FILES\COMCAST\SECURITY MANAGER\APP\AUTHBHO.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1629.0\EN-US\MSNTB.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Security Manager Popup Blocker - {53829F91-1B06-4DB9-B13E-812A986169F9} - C:\PROGRAM FILES\COMCAST\SECURITY MANAGER\APP\AUTHBHO.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Security Manager] C:\Program Files\Comcast\Security Manager\app\SecurityManager.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [CurtainsSysSvc] C:\Program Files\Comcast\Security Manager\app\AuthSL.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [a�] "C:\PROGRAM FILES\A2\a2guard.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM95_C9\AIM.EXE (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: ComcastHSI - {4ADA57AB-27CE-4FBE-B7C9-A97EE42DBC95} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {C279C56E-6BDE-441C-B2A3-54B75637E96C} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {0915218E-30EE-4674-8C01-7AFC5A3FF073} - http://www.comcastsupport.com (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\oemji\oemjisearchplus\sfbnsp.dll
O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-5.9.5.30/euchre/euchre-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-5.9.5.30/backgammon/backgammon-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-6.0.0.25/domino/domino-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game4.pogo.com/applet-6.0.1.20/pinochle/pinochle-ob-assets.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
 
SPYBOT RESULTS
 
MediaPlex: Tracking cookie (Internet Explorer: ) (Cookie, fixed)
 
Advertising.com: Tracking cookie (Internet Explorer: ) (Cookie, fixed)
 
Advertising.com: Tracking cookie (Internet Explorer: ) (Cookie, fixed)
 
Avenue A, Inc.: Tracking cookie (Internet Explorer: ) (Cookie, fixed)
 
Look2Me: Class ID (Registry key, fixed)
  HKEY_CLASSES_ROOT\CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}
ValueClick: Tracking cookie (Internet Explorer: ) (Cookie, fixed)
 

--- Spybot - Search && Destroy version: 1.3  ---
2004-05-12 Includes\Cookies.sbi
2004-05-12 Includes\Dialer.sbi
2004-05-12 Includes\Hijackers.sbi
2004-05-12 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-05-12 Includes\Malware.sbi
2004-05-12 Includes\Revision.sbi
2004-05-12 Includes\Security.sbi
2004-05-12 Includes\Spybots.sbi
2004-05-12 Includes\Tracks.uti
2004-05-12 Includes\Trojans.sbi
 
AD-AWARE RESULTS
 
ArchiveData(auto-quarantine- 2004-11-07 14-57-44.bckp)
Referencefile : SE1R17 05.11.2004
======================================================
MRU LIST
��������������������������������������
obj[0]=MRU RegReference : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[1]=MRU RegReference : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\txt
obj[3]=MRU RegReference : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
obj[2]=MRU RegReference : .DEFAULT\software\microsoft\windows\currentversion\explorer\recentdocs\.txt
obj[4]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
TRACKING COOKIE
��������������������������������������
obj[4]=IECache Entry : Cookie:tina patterson@z1.adserver.com/
obj[5]=IECache Entry : Cookie:tina patterson@fastclick.net/
obj:emotion-14:=IECache Entry : Cookie:tina patterson@tribalfusion.com/
obj[7]=IECache Entry : Cookie:tina patterson@trafficmp.com/
obj:emotion-29:=IECache Entry : Cookie:tina patterson@realmedia.com/
obj[9]=IECache Entry : Cookie:tina patterson@zedo.com/
obj[10]=IECache Entry : Cookie:tina patterson@centrport.net/
obj[11]=IECache Entry : Cookie:tina patterson@revenue.net/
obj[12]=IECache Entry : c:\WINDOWS\Cookies\tina patterson@z1.adserver[1].txt
obj[13]=IECache Entry : c:\WINDOWS\Cookies\tina patterson@fastclick[1].txt
obj[14]=IECache Entry : c:\WINDOWS\Cookies\tina patterson@tribalfusion[2].txt
obj[15]=IECache Entry : c:\WINDOWS\Cookies\tina patterson@revenue[1].txt
obj[16]=IECache Entry : c:\WINDOWS\Cookies\tina patterson@zedo[1].txt
obj[17]=IECache Entry : c:\WINDOWS\Cookies\tina patterson@trafficmp[1].txt
obj[18]=IECache Entry : c:\WINDOWS\Cookies\tina patterson@realmedia[2].txt
obj[19]=IECache Entry : c:\WINDOWS\Cookies\tina patterson@centrport[1].txt
NETWORKESSENTIALS
��������������������������������������
obj[20]=Folder : C:\Program Files\Recommended Hotfix - 421701D
obj[24]=File : c:\_RESTORE\TEMP\A0012691.CPY
obj[38]=File : c:\_RESTORE\TEMP\A0012695.CPY
VX2
��������������������������������������
obj[22]=File : c:\_RESTORE\TEMP\CPMCTL32.0
obj[23]=File : c:\_RESTORE\TEMP\CKMCTL32.0
obj[47]=File : c:\WINDOWS\SYSTEM\AdTXPRXY.DLL
obj[48]=File : c:\WINDOWS\SYSTEM\AiTXPRXY.DLL
WHENU
��������������������������������������
obj[25]=File : c:\_RESTORE\TEMP\A0022595.CPY
IBIS TOOLBAR
��������������������������������������
obj[26]=File : c:\_RESTORE\TEMP\WTOOLSA.0
obj[27]=File : c:\_RESTORE\TEMP\~387084.0
obj[28]=File : c:\_RESTORE\TEMP\~391365.0
obj[29]=File : c:\_RESTORE\TEMP\~391492.0
obj[30]=File : c:\_RESTORE\TEMP\~396099.0
obj[31]=File : c:\_RESTORE\TEMP\~396221.0
obj[32]=File : c:\_RESTORE\TEMP\~396989.0
obj[34]=File : c:\_RESTORE\TEMP\~725416.0
obj[35]=File : c:\_RESTORE\TEMP\~726040.0
obj[36]=File : c:\_RESTORE\TEMP\~779190.0
obj[37]=File : c:\_RESTORE\TEMP\~852626.0
obj[39]=File : c:\_RESTORE\TEMP\~31469.0
obj[40]=File : c:\_RESTORE\TEMP\~33274.0
obj[41]=File : c:\_RESTORE\TEMP\~43918.0
obj[42]=File : c:\_RESTORE\TEMP\~324816.0
obj[43]=File : c:\_RESTORE\TEMP\~324893.0
obj[44]=File : c:\_RESTORE\TEMP\~328574.0
obj[45]=File : c:\_RESTORE\TEMP\~340808.0
obj[46]=File : c:\_RESTORE\TEMP\~340801.0
VIRTUMUNDO
��������������������������������������
obj[33]=File : c:\_RESTORE\TEMP\A0009510.CPY

 

jamez kann

860 Posts

November 8th, 2004 01:00

Hi
 
1)Download these Clean up tools     CleanUp!  Mrublaster   and run them
 
2)Download SpywareBlaster  SpywareBlaster Tutorialwill added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

3)Download IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. How to Install and Update IE Spyad for Internet Explorer  Using IE-Spyad to enhance your privacy and security 

4)Follow the procedure below

a)In your browser click tools,
b)click the last option, "internet options"

c)click the tab Connections

d)click the lower button that says LAN-settings
Under automatic configuration

e)Check "use automatic configuration script" 
f)Type in the following: Into the box next to where it says address

http://nina.xs4all.nl/pac/no-ads_no-proxy.pac

Leave the upper option "automatically detect settings" unchecked.

g)click ok  close your internet explorer and reopen it.

 

countrygypsy

42 Posts

November 8th, 2004 02:00

wow..this is great..lots of stuff seems removed and not getting anymore popup windows..but now when i try to run spybot..it gives me an error in german..and i have updated it..

countrygypsy

42 Posts

November 8th, 2004 08:00

ok spybot ran when tried again..must of been a fluke..(i hope)...btw ty ty ty for all your patience and help..:smileyhappy:

msgale

2 Intern

 • 

2.5K Posts

November 10th, 2004 00:00

The error in German is, I believe a false positive.

countrygypsy

42 Posts

November 12th, 2004 03:00

Tegengehouden

 

 

 

 \/

 

 



Wat hier normaal zou staan, was onzin en mogelijk
zelfs erop uit om persoonlijke gegevens over je te verzamelen.
Wil je dit wel zien ? Dan kan je:

 

 

After running all the programs and clean up..i get this page when trying to reach one of the secure sites that I need to check online..can u help??

Was this post helpful?

View All

No Events found!

Top