| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 67343 | 2006-03-25 00:44:00 | Can't get rid of Spyware Quake.. | supertrouper (6665) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 440502 | 2006-03-25 00:44:00 | I am trying to remove Spyware Quake off a machine running XP Pro . I don't know where it came from or how it got on the machine to start with . It's installed itself and put an icon on the desktop . There is also a pesky little icon in the system tray that keeps flashing and popping up a message telling me that the computer is infected and that there is a system error etc . I have run a full scan with McAfee (fully updated) and it removed one trojan . I have run NoAdware and it removed a whole lot of stuff . I have run HiJackThis and I removed all references to Spyware Quake . Still the icon is in the system tray and every time I reboot the machine, Spyware Quake comes up and reinstalls itself . I have even been through the registry and removed all references to it . I've tried Googling for info on this stuff but it seems like it's pretty new and there's nothing that I can find out about it . :help: Here's the HiJackThis log: Running processes: H:\WINDOWS\System32\smss . exe H:\WINDOWS\system32\winlogon . exe H:\WINDOWS\system32\services . exe H:\WINDOWS\system32\lsass . exe H:\WINDOWS\system32\svchost . exe H:\WINDOWS\System32\svchost . exe H:\WINDOWS\Explorer . EXE H:\WINDOWS\system32\spoolsv . exe H:\WINDOWS\system32\VTTimer . exe H:\WINDOWS\system32\VTtrayp . exe H:\Program Files\Analog Devices\SoundMAX\SMax4PNP . exe H:\Program Files\Analog Devices\SoundMAX\Smax4 . exe H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2 . EXE H:\Program Files\McAfee . com\VSO\mcvsshld . exe H:\Program Files\McAfee . com\VSO\oasclnt . exe H:\PROGRA~1\mcafee . com\agent\mcagent . exe H:\Program Files\Messenger\MSMSGS . EXE h:\progra~1\mcafee . com\vso\mcvsescn . exe H:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar . exe H:\Program Files\FinePixViewer\QuickDCF . exe h:\progra~1\mcafee . com\vso\mcvsftsn . exe H:\Program Files\Common Files\LightScribe\LSSrvc . exe h:\program files\mcafee . com\agent\mcdetect . exe h:\PROGRA~1\mcafee . com\vso\mcshield . exe h:\PROGRA~1\mcafee . com\agent\mctskshd . exe H:\Program Files\Analog Devices\SoundMAX\SMAgent . exe H:\Program Files\Internet Explorer\iexplore . exe H:\Documents and Settings\Darryl\Desktop\hijackthis\HijackThis . exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank . htm O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1 . dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - h:\progra~1\mcafee . com\vso\mcvsshl . dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1 . dll O4 - HKLM\ . . \Run: [VTTimer] VTTimer . exe O4 - HKLM\ . . \Run: [VTTrayp] VTtrayp . exe O4 - HKLM\ . . \Run: [SoundMAXPnP] H:\Program Files\Analog Devices\SoundMAX\SMax4PNP . exe O4 - HKLM\ . . \Run: [SoundMAX] "H:\Program Files\Analog Devices\SoundMAX\Smax4 . exe" /tray O4 - HKLM\ . . \Run: [EPSON Stylus C63 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2 . EXE /P23 "EPSON Stylus C63 Series" /O6 "USB001" /M "Stylus C63" O4 - HKLM\ . . \Run: [VSOCheckTask] "H:\PROGRA~1\McAfee . com\VSO\mcmnhdlr . exe" /checktask O4 - HKLM\ . . \Run: [VirusScan Online] H:\Program Files\McAfee . com\VSO\mcvsshld . exe O4 - HKLM\ . . \Run: [OASClnt] H:\Program Files\McAfee . com\VSO\oasclnt . exe O4 - HKLM\ . . \Run: [MCAgentExe] h:\PROGRA~1\mcafee . com\agent\mcagent . exe O4 - HKLM\ . . \Run: [MCUpdateExe] H:\PROGRA~1\McAfee . com\Agent\McUpdate . exe O4 - HKLM\ . . \Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck . exe O4 - HKCU\ . . \Run: [MSMSGS] "H:\Program Files\Messenger\MSMSGS . EXE" /background O4 - HKCU\ . . \Run: [PowerBar] "H:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar . exe" /AtBootTime O4 - Global Startup: Microsoft Office . lnk = H:\Program Files\Microsoft Office\Office10\OSA . EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL . EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs . exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee . com Operating System Class) - . mcafee . com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl . cab" target="_blank">download . mcafee . com O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc . exe O23 - Service: McAfee WSC Integration (McDetect . exe) - McAfee, Inc - h:\program files\mcafee . com\agent\mcdetect . exe O23 - Service: McAfee . com McShield (McShield) - McAfee Inc . - h:\PROGRA~1\mcafee . com\vso\mcshield . exe O23 - Service: McAfee Task Scheduler (McTskshd . exe) - McAfee, Inc - h:\PROGRA~1\mcafee . com\agent\mctskshd . exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr . exe) - McAfee, Inc - H:\PROGRA~1\McAfee . com\Agent\mcupdmgr . exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc . - H:\Program Files\Analog Devices\SoundMAX\SMAgent . exe |
supertrouper (6665) | ||
| 440503 | 2006-03-25 01:11:00 | Can you post the entire HiJackThis log Thanks :) | stu161204 (123) | ||
| 440504 | 2006-03-25 01:24:00 | I would boot into safe mode, run HJT again tick these entries and tick fix checked. I dont know what this is H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE These dont have to be in startup O4 - HKLM\..\Run: [SoundMAXPnP] H:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "H:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray 4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [PowerBar] "H:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime What picked up the name Spyware Quake btw?? |
Speedy Gonzales (78) | ||
| 440505 | 2006-03-25 01:56:00 | This is a printer driver... H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE |
Pancake (6359) | ||
| 440506 | 2006-03-25 02:20:00 | There was a Quake Flooder so just check and see if you have any of these.SpySweeper is reputed to remove it as well.I think Panda named it "Flooder Program" Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following exe file and click End Process for each one if they are listed. qsmurf.exe qflood.exe Search for and remove these following files if present. qsmurf.c qsmurf.exe heibai.net.txt qflood.c qflood.exe |
Pancake (6359) | ||
| 440507 | 2006-03-26 08:28:00 | check this site for info it was real helpful for me with same problem www.2-spyware.com |
hammer (1735) | ||
| 440508 | 2006-03-26 23:43:00 | another helpful site goes thru removal carefully www.bleepingcomputer.com |
hammer (1735) | ||
| 440509 | 2006-04-02 16:12:00 | Unfortunatly, we can't post attachments, i don't think, but i've just finished a small program I think can delete all the files included with spyware quake. It even unintals it. you can download it here (www.thegtaspot.com) | dcboy (10060) | ||
| 440510 | 2006-04-02 19:40:00 | Unfortunatly, we can't post attachments, i don't think, but i've just finished a small program I think can delete all the files included with spyware quake. It even unintals it. you can download it here (www.thegtaspot.com)Please note that URL will trigger a direct download of a exe. Also do not be offended, but any new member here that posts a direct link to an executable program that they have written, and "thinks" it will delete certain files should be treated with great with caution. There is no explanation on your website about this program either. |
Jen (38) | ||
| 440511 | 2006-04-03 02:16:00 | well, it's part of my site thegtaspot. I just made it in a snap to help people out. You should have tried it first and THEN IF it gave you anything you should have came here and said that. Just cause i'm new doesn't mean i make viruses, spyware and all that crap for a living. | dcboy (10060) | ||
| 1 2 | |||||