| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 62356 | 2005-10-05 01:43:00 | Eeeek! It's a spyware epidemic! | tony_young480 (4942) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 393521 | 2005-10-05 01:43:00 | My friend's computer just suffered a major spyware epidemic, however, after running Spybot (100 and something spyware programs), I saw some suspicious files in the startup: systm.pif, updates.pif, pokapoka73.exe, and a toolbar remained on IE, it had no particular, when I right-click it comes up with every toolbar name except that one. Hopefully, HiJackThis will cure all those evil spyware programs. Anyone know what systm.pif, updates.pif, pokapoka73.exe, zqltxd.exe, Xsyn.pif and spoollv.exe is? P.S. You guys should really upgrade vBulletin! |
tony_young480 (4942) | ||
| 393522 | 2005-10-05 01:57:00 | Some trojans/viruses depending on what it is, just create random filenames. Thats what those files, are, most probably. Looks like spoollv.exe is part of some adware or trojan. I would do a scan with hijackthis and tick those entries (and maybe others), and reboot. |
Speedy Gonzales (78) | ||
| 393523 | 2005-10-05 02:03:00 | Here's my log if anyone needs to see it: Logfile of HijackThis v1.99.1 Scan saved at 3:01:03 p.m., on 5/10/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\rising\rav\CCenter.exe C:\Program Files\rising\rav\RavMonD.exe C:\WINDOWS\spoollv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\systm.pif C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\updates.pif C:\WINDOWS\System32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\etb\pokapoka73.exe C:\WINDOWS\System32\ctfmon.exe c:\merijn.org\hijackthis\hijackthis.exe R3 - Default URLSearchHook is missing O3 - Toolbar: μ?ì¨(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [System service73] C:\WINDOWS\\\etb\\pokapoka73.exe O4 - HKLM\..\RunServices: [RavMon] C:\Program Files\rising\rav\RavMon.exe /AUTO O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{5264FFD8-991E-489D-8684-F7D44034D440}: NameServer = 202.27.184.3,202.27.184.5 O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\Program Files\rising\rav\CCenter.exe O23 - Service: Rising Realtime Monitor Service (RsRavMon) - rising - C:\Program Files\rising\rav\RavMonD.exe RsRavMon is an antivirus program, along with anything else that starts with Rav or rising. P.S. Those weird startup entries just won't go away! |
tony_young480 (4942) | ||
| 393524 | 2005-10-05 02:10:00 | heh heh heh pokapoka was spawned by satan. Battled this one last week, hit it with everything, Ripped half the gizzards out of it with Hijackthis, stomped it with Nod32 and ewido, tickeled it with Spybot and Ad-Aware, Not to mention a fair bit of manual configuration and heavy handed deleting, process killing and registry editing. Got rid of it in the end, Don't quite know how though. Good luck. |
Metla (12) | ||
| 393525 | 2005-10-05 02:14:00 | Heh... My computer got infected with pokapoka too... I scanned it with Spybot and badda-bing, badda-boom, it was gone! | tony_young480 (4942) | ||
| 393526 | 2005-10-05 02:17:00 | Its listed as a running service in your hijack log. Reboot and check again. |
Metla (12) | ||
| 393527 | 2005-10-05 02:18:00 | I found a solution... The elitebar remover from simplytech.it! Well... that's what it said from the broadband reports website. Now I have a whole floppy disk full of spyware removal goodies! | tony_young480 (4942) | ||
| 393528 | 2005-10-05 02:19:00 | My friend's computer just suffered a major spyware epidemic, however, after running Spybot (100 and something spyware programs), Nah, thats nothing. My record for a customers PC was 1069. |
pctek (84) | ||
| 393529 | 2005-10-05 02:21:00 | I found a solution... The elitebar remover from simplytech.it! Well... that's what it said from the broadband reports website. Now I have a whole floppy disk full of spyware removal goodies! Now I remember how i removed it, I uninstalled the toolbar,.....DOH. |
Metla (12) | ||
| 393530 | 2005-10-05 02:33:00 | i removed 774 viruses once from a friends computer, they were some quite nasty once, all the netsky ones, mydoom.... man that was slow... | Prescott (11) | ||
| 1 2 | |||||