| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 56426 | 2005-04-04 10:45:00 | Please Help, this spyware is relentless!!! | MasturJeff (7803) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 341599 | 2005-04-04 10:45:00 | I ran a hijackthis log(for those who know), examined it and everything was fine. Ok, I've used 5 different removers. Lavasoft Adware Spybot Search and Destroy Spyware Doctor Spyhunter and even Microsoft Antispyware Beta. All of these are not working. My default browser (maxthon) is opening popups like there's no tomorrow. Spyhunter tried to fix my security settings and it restarted the computer and when it came back on windows, it said "Spyhunter cannot fix your security settings, it is possible that a malevolent program is locking them". So I scanned again with Spyhunter, this time it froze and my PC just rebooted by itself without giving any warning. Spyhunter said it's possible that this malevolent program is hiding other spyware on my PC that I can't find. Spybot,Spyware Doctor,Ad-Ware all say everything is going smooth, but no cigars. Somebody anybody please help My firewall doesn't seem to be burning anything trying to come in, my spyware removers have fallen lazy, and my McAfee Virus Shield seems to not be detecting anything. Will doing a system restore from a few days ago before this all started happening be any help? Also Everytime I open up a new tab on Maxthon, enter a website and hit enter, a few new tabs popup with ad's on them stemming from this IP address 69.20.62.53 which isn't even mine. Sometimes this site tries to open up, www.ad-w-a-r-e.com... tries to come up as well. This thing is really starting to bug me. I'm even using the spyware proof Firefox, and new tabs/firefox browsers are opening randomly with ad's on them. |
MasturJeff (7803) | ||
| 341600 | 2005-04-04 11:01:00 | For a start, Spy Hunter is a very poor performer, so I would recommmend you dump it. Between AD-aware, Spybot S&D and the MS Anti-spyware, they cover the bases. Just ensure that they are all up-to-date. Before running them again, I would download another freebee called Ccleaner (www.ccleaner.com) which will clean out all the temp and cache files. Open it up and tick all the boxes. Then go options-settings and remove all ticks. OK your way out. Run the cleaner. If XP, download and run Shoot the messenger (grc.com) which will close another opening used for popups. To end it all, run your antispyware scanners now. |
pheonix (36) | ||
| 341601 | 2005-04-04 11:12:00 | Is there any mention in Ad-Aware of VX2 Download and install the VX2 Cleaner add-on for Ad-Aware www.lavasoftusa.com To run it, open Ad-Aware and click "add-ons", doubleclick VX2 Cleaner Open Ad-Aware SE and from the main screen ,click on the "Scan Now" button Under "Select Scan Mode, select "Perform full system scan". Click on "Next" in the bottom right corner to start the scan. Run the Ad-Aware scan and allow it to remove everything it finds. After that, reboot, and run a full system scan with Ad Aware. |
Safari (3993) | ||
| 341602 | 2005-04-04 11:20:00 | Is there any mention in Ad-Aware of VX2 Download and install the VX2 Cleaner add-on for Ad-Aware www.lavasoftusa.com To run it, open Ad-Aware and click "add-ons", doubleclick VX2 Cleaner Open Ad-Aware SE and from the main screen ,click on the "Scan Now" button Under "Select Scan Mode, select "Perform full system scan". Click on "Next" in the bottom right corner to start the scan. Run the Ad-Aware scan and allow it to remove everything it finds. After that, reboot, and run a full system scan with Ad Aware. Unfortunately there is no mentioning of it. I ran a whole ad-ware scan and it produced zero results. |
MasturJeff (7803) | ||
| 341603 | 2005-04-04 11:22:00 | Oh btw, as soon as I clicked that add-on link you gave, 2 more pop-ups opened tabs on my browser, how fitting. | MasturJeff (7803) | ||
| 341604 | 2005-04-04 11:23:00 | Post your HijackThis log. Some here might be able to spot the problem. | Davesdad (923) | ||
| 341605 | 2005-04-04 11:26:00 | Actually hold on, I had Adware 6.0 and not Adware SE. | MasturJeff (7803) | ||
| 341606 | 2005-04-04 11:27:00 | Here's my hijack log from about 15 minutes Logfile of HijackThis v1.99.1 Scan saved at 6:03:11 AM, on 4/4/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Maxthon\Maxthon.exe C:\WINDOWS\TEMP\Rar$EX02.109\HijackThis.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\h62olgf3162.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing) O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe |
MasturJeff (7803) | ||
| 341607 | 2005-04-04 11:29:00 | Just to get rid of the pop ups while your browsing, have you tried a different browser with pop and advert blocking capabilities? Firefox 1 . 02 is one, there are others . As far as I know, the browser you are using is a front end shell for IE, is it not and, what security settings is the browser running? Are they java pop-ups you are getting, and, what version of java do you have? What OS are you using, one with services (NT, WIn2k, XP)? Have you tried any other cleaners/anti-malware software other than that listed? Some less than scrupulous ones install their own adware/malware . |
Murray P (44) | ||
| 341608 | 2005-04-04 11:30:00 | Ok I just ran the VX2 cleaner and it says SYSTEM CLEAN. | MasturJeff (7803) | ||
| 1 2 3 4 5 6 7 8 9 10 11 | |||||