| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 68155 | 2006-04-19 16:25:00 | Spyware Quake Removal from SYSTRAY | cashbagg (10244) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 447734 | 2006-05-22 00:34:00 | One of your problems is HotBar....and others too....here's a list of the baddies, try to do the repair in Safe Mode though! R3 - Default URLSearchHook is missing - Nasty R3 - Default URLSearchHook is missing - Nasty O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp3587.tmp (file missing) - Nasty O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - launch.gamespyarcade.com - Nasty O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - us.dl1.yimg.com - Possibly nasty O16 - DPF: {EFFDEEEC-F9E1-4461-91D2-DAEB8CC595F1} (CSViewer Control) - 64.114.56.132 - Possibly nasty These are unknown, and if you didn't install them yourself, then they might be nasties: O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe - Unknown O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe - Unknown O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll - Unknown As usual, I see a lot of Y! relate stuff here...it fuels my suspicion that Yahoo is really one big nasty site...I won't allow any Yahoo at all into my puters. And, there's a little gamer activity here too...another poison |
SurferJoe46 (51) | ||
| 447735 | 2006-05-22 00:51:00 | One of your problems is HotBar....and others too....here's a list of the baddies, try to do the repair in Safe Mode though! R3 - Default URLSearchHook is missing - Nasty R3 - Default URLSearchHook is missing - Nasty O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp3587.tmp (file missing) - Nasty O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - launch.gamespyarcade.com - Nasty O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - us.dl1.yimg.com - Possibly nasty O16 - DPF: {EFFDEEEC-F9E1-4461-91D2-DAEB8CC595F1} (CSViewer Control) - 64.114.56.132 - Possibly nasty These are unknown, and if you didn't install them yourself, then they might be nasties: O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe - Unknown O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe - Unknown O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll - Unknown As usual, I see a lot of Y! relate stuff here...it fuels my suspicion that Yahoo is really one big nasty site...I won't allow any Yahoo at all into my puters. And, there's a little gamer activity here too...another poison Copperhead and Zboard are my Mouse and keyboard drivers respectively. Susp I dunno what that is... How do I delete these? Do I just go into HJT and scan and then select these entries for deletion? And will these show up in safe mode, or will I have to run normal mode scan then track them in safe mode? Thanks for the help Ash |
Ashbringer (10246) | ||
| 447736 | 2006-05-22 01:03:00 | It looks like susp.exe is malware of some sort. Boot into safe mode, run HJT again tick these entries and tick fix checked. R3 - Default URLSearchHook is missing O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp3587.tmp (file missing) O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - launch.gamespyarcade.com Then reboot. I would also go here (siri.urz.free.fr) and get this smitfraudfix.zip file and follow the site on how to use it. I would install a firewall and an AV program, or you'll get hit again. |
Speedy Gonzales (78) | ||
| 447737 | 2006-05-22 02:46:00 | Whats AV? | Ashbringer (10246) | ||
| 447738 | 2006-05-22 02:57:00 | Whats AV? Anti-virus program. |
Speedy Gonzales (78) | ||
| 447739 | 2006-05-22 04:17:00 | Yeh, I got that after I posted... Well, the system tray Icon is now gone, but the infected computer seems to be a tremendous burden on the network still... Im not sure why because it wasnt until the infection. Any other ideas? |
Ashbringer (10246) | ||
| 447740 | 2006-05-22 04:36:00 | Post another log. What firewall did u install (if u have installed one now)?? How much ram is in the case, on this computer? How do u know this computer is affecting the network? And not one of the other pc's are infected? How many computers are on this network? |
Speedy Gonzales (78) | ||
| 447741 | 2006-05-23 18:35:00 | 1.5 gigs of RAM, No firewall installed, still running just windows and the router, When the computer is connected to the network, everyone lags, as soon as I unplug it, it goes away. Total PCs on network are 5. Dont have another log yet, gotta goto class.... I really think I may have deleted a file or something I shouldn't have earlier... Also, everytime I boot, this ewido software says that system32 is a Proxy.Lager.something, isn't system32 an essential Windows file? At this point Im thinking a full re-install is my only option. I tried to repair the thing but still having the problems. My main question right now: Is it possible to migrate an installed program from my main drive to one of my partitions so that I wont lose it during the reinstall? Thanks |
Ashbringer (10246) | ||
| 447742 | 2006-05-23 19:06:00 | Dunno whats going on... maybe the infection is spreading, but now my laptop is getting slowed down as well.... May just take it in for a reformat. Could this all be attributed to a bandwidth issue from my provider? Not sure.. I dont think so though. |
Ashbringer (10246) | ||
| 1 2 3 4 | |||||