SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Evangelist tylercruz's Avatar
    Join Date
    Jan 2004
    Location
    Nanaimo, BC
    Posts
    501
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Trouble Removing Spyware

    Hey Everyone,

    I am usually very good at keeping my computer spyware-free, but I've recently had some nasty spyware infecting my computer - and

    haven't been able to remove them!

    I've tried:

    AdAware 6.0 Personal (always check for updates)
    HiJackThis

    I seem to have removed one or two of the spyware, but some still remain on my system.

    Here's what they do:

    1. A window pops up advertising online gambling (always the same ad)
    2. My Alexa toolbar changes to http://pickup-ur-girl.net/search.php (shows pink background)
    3. My favourites menu keeps adding about 6 or 7 porn/drugs/etc. sites

    These annoyances are frustrating me greatly. Could somebody please help me fix these?

    Thank you kindly,

    Tyler Cruz
    Tyler Cruz
    TylerCruz.com
    PublisherSpot.com: Professional Reviews of Ad Networks

  2. #2
    trip ket's Avatar
    Join Date
    Feb 2004
    Location
    Portugal
    Posts
    327
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try downloading and scanning with Spybot - Search and Destroy. Don't forget to check for updates..

    Are you sure you removed the right item when you used HijackThis?

    Also, did you follow the instructions to run AdAware posted here?
    oi!

  3. #3
    SitePoint Evangelist tylercruz's Avatar
    Join Date
    Jan 2004
    Location
    Nanaimo, BC
    Posts
    501
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    I just installed, updated, and ran SpyBot. It only found cookies, but I removed them anyways to be safe.

    However, 5 seconds ago I just got the pop-up again, and my Alexa bar just turned white again (trying to load another site probably and got a 404 error).

    Yes I read that sticky thread, and I will now post my HiJackThis log here as that thread suggested:

    Logfile of HijackThis v1.99.0
    Scan saved at 12:25:55 AM, on 2/9/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\smbdins.exe
    C:\WINDOWS\system32\sethcd.exe
    C:\WINDOWS\system32\tsmsetup.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\__tyler\hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0

    \Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [anvshell] anvshell.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/scri...ons/search.htm
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/scri...s/sitedata.htm
    O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/scri...ons/mailto.htm
    O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/scri...ns/related.htm
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/scri...ons/review.htm
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

    http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -

    http://messenger.zone.msn.com/binary...n.cab31267.cab
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ASUS Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    Tyler Cruz
    TylerCruz.com
    PublisherSpot.com: Professional Reviews of Ad Networks

  4. #4
    trip ket's Avatar
    Join Date
    Feb 2004
    Location
    Portugal
    Posts
    327
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You'll be better posting the hijacklog at other forums, such as Tom Coyote Forums, or you could also learn how to "read" a hijacklog and how to do research with this tutorial.


    Maybe someone here at sitepoint would be kind enough to look at your log (don't know..), and.. the tutorial is easy to follow if you want to learn for yourself.
    oi!

  5. #5
    SitePoint Evangelist tylercruz's Avatar
    Join Date
    Jan 2004
    Location
    Nanaimo, BC
    Posts
    501
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks, I will try a spyware-related forum. I just had to give SPF a try since it is, after all, SPF
    Tyler Cruz
    TylerCruz.com
    PublisherSpot.com: Professional Reviews of Ad Networks

  6. #6
    trip ket's Avatar
    Join Date
    Feb 2004
    Location
    Portugal
    Posts
    327
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok, I feel you
    oi!

  7. #7
    SitePoint Enthusiast
    Join Date
    Dec 2004
    Location
    The Netherlands
    Posts
    97
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    try www.hitmanpro.nl it runs a bunch of spyware programs in a row

  8. #8
    SitePoint Evangelist tylercruz's Avatar
    Join Date
    Jan 2004
    Location
    Nanaimo, BC
    Posts
    501
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Mind_nl
    try www.hitmanpro.nl it runs a bunch of spyware programs in a row
    Thank you. I downloaded it, unfortunately the installation screen was all in a different language, and I did not want to go try 'guessing' the program by randomly hitting buttons...
    Tyler Cruz
    TylerCruz.com
    PublisherSpot.com: Professional Reviews of Ad Networks

  9. #9
    SitePoint Enthusiast
    Join Date
    Dec 2004
    Location
    The Netherlands
    Posts
    97
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    oh yeah, it's dutch, just try the 'aanbevolen' option which means 'reconmended'


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •