Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

New HDD, viruses and malwares infected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Trogan » June 21st, 2007, 8:29 am

Hi SnoopDogg,

Before we do anything, please shutdwon/exit SpySweeper temporarly as it is interfering with the fix. Make sure it is not running and then do the following...

1. Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu41.exe 61A847B5BBF72816338B2B27128065E9C085320161C4661227A755E9D29064183387384A72E512

- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis

2. Run HijackThis again and click on Open the Misc Tools section.
Click on Delete a file on reboot...
Copy and paste the following into the "File name:" text box and then click Open:

C:\WINDOWS\retadpu41.exe

When you are asked "Do you want to restart your computer now?", click OK.

Your PC MUST reboot to delete the file!

1. I cant update my windows ... problem occured everytime i tried to update it. (the send 'report error/dont send' thingy poped up)

Are you using Internet Explorer?

2. I cant seem to change my Home Page address. I dont know what happened, but the current one is http://www.microsoft.com/isapi/redir.dl ... ar=msnhome and i cant change it to any other addresses.

Try now since SpySweeper is not running.

Please post a new HijackThis log, and let me know how things are.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London
Advertisement
Register to Remove

Unread postby SnoopDogg » June 21st, 2007, 9:39 am

Logfile of HijackThis v1.99.1
Scan saved at 9:36:48 PM, on 6/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ufdsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B2DDF9C-D527-4F11-9306-13315D52AAFC}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\WINDOWS\system32\ufdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


P/s: Yes, i can now change my homepage... thanks a bunch
I used IE to update window previously and error occured.
SnoopDogg
Regular Member
 
Posts: 61
Joined: March 28th, 2007, 11:41 pm
Location: >_<

Unread postby SnoopDogg » June 21st, 2007, 9:40 am

I mean, im still having trouble updating window
SnoopDogg
Regular Member
 
Posts: 61
Joined: March 28th, 2007, 11:41 pm
Location: >_<

Unread postby SnoopDogg » June 21st, 2007, 9:51 am

sorry to add one more,
The problem's pop-ups (send report error/dont send thingy) also seem to happen randomly, while im using IE ... but im very sure that it will definately occur everytime i try to update window.[/url]
SnoopDogg
Regular Member
 
Posts: 61
Joined: March 28th, 2007, 11:41 pm
Location: >_<

Unread postby Trogan » June 21st, 2007, 9:58 am

Hi,
SnoopDogg wrote:sorry to add one more,
The problem's pop-ups (send report error/dont send thingy) also seem to happen randomly, while im using IE ... but im very sure that it will definately occur everytime i try to update window.[/url]

Hmmm...not sure what's causing this.

Download this file to your Desktop - combofix.exe
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby SnoopDogg » June 21st, 2007, 10:19 am

ComboFix 07-06-21.3 - C:\Documents and Settings\beckham\Desktop\ComboFix.exe
"beckham" - 2007-06-21 22:12:21 - Service Pack 2 NTFS

ADS removed - svchost.exe: deleted 68 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\wr.txt


((((((((((((((((((((((((( Files Created from 2007-05-21 to 2007-06-21 )))))))))))))))))))))))))))))))


2007-06-21 22:11 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-21 19:35 997,888 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2007-06-21 19:35 981,504 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2007-06-21 19:35 892,416 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2007-06-21 19:35 816,264 --a------ C:\WINDOWS\system32\wmvdmod.dll
2007-06-21 19:35 81,408 --a------ C:\WINDOWS\system32\logagent.exe
2007-06-21 19:35 760,968 --a------ C:\WINDOWS\system32\wmsdmod.dll
2007-06-21 19:35 670,208 --a------ C:\WINDOWS\system32\wmadmoe.dll
2007-06-21 19:35 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2007-06-21 19:35 486,536 --a------ C:\WINDOWS\system32\wmspdmod.dll
2007-06-21 19:35 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2007-06-21 19:35 316,040 --a------ C:\WINDOWS\system32\mp43dmod.dll
2007-06-21 19:35 241,664 --a------ C:\WINDOWS\system32\qasf.dll
2007-06-21 19:35 241,664 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2007-06-21 19:35 143,360 --a------ C:\WINDOWS\system32\wmidx.dll
2007-06-21 19:35 1,111,040 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2007-06-21 19:35 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-06-21 19:34 82,432 --a------ C:\WINDOWS\system32\drmstor.dll
2007-06-21 19:34 678,912 --a------ C:\WINDOWS\system32\drmv2clt.dll
2007-06-21 19:34 301,712 --a------ C:\WINDOWS\system32\drmclien.dll
2007-06-21 19:34 253,952 --a------ C:\WINDOWS\system32\msnetobj.dll
2007-06-21 19:34 232,960 --a------ C:\WINDOWS\system32\blackbox.dll
2007-06-21 19:33 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-06-21 19:33 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-06-21 19:33 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-06-21 19:33 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-06-21 19:33 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-06-21 19:33 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-06-21 19:33 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-06-21 19:33 <DIR> d-------- C:\Program Files\Ahead
2007-06-21 16:07 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-06-21 16:07 14,949 --a------ C:\WINDOWS\War3Unin.dat
2007-06-21 16:07 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-06-21 11:45 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-20 21:31 <DIR> d-------- C:\Panda AV report
2007-06-20 20:25 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-20 19:19 <DIR> d-------- C:\DOCUME~1\sally\APPLIC~1\Lavasoft
2007-06-20 00:22 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-20 00:20 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-06-20 00:20 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-06-20 00:20 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-06-20 00:20 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-06-20 00:20 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-06-20 00:20 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-06-20 00:20 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-06-19 22:07 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-06-19 22:07 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-06-19 22:07 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-06-19 22:07 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-06-19 22:07 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-06-19 22:06 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-06-19 21:34 <DIR> d-------- C:\Download
2007-06-19 21:33 <DIR> d-------- C:\Program Files\Star Downloader
2007-06-19 21:28 <DIR> d-------- C:\Program Files\LeechGet 2007
2007-06-19 19:31 <DIR> d-------- C:\DOCUME~1\sally\Contacts
2007-06-19 19:30 786,432 --ah----- C:\DOCUME~1\sally\NTUSER.DAT
2007-06-19 19:30 <DIR> d-------- C:\DOCUME~1\sally\APPLIC~1\Webroot
2007-06-19 17:39 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-06-18 21:52 <DIR> d-------- C:\HijackThis
2007-06-18 20:48 <DIR> d---s---- C:\DOCUME~1\beckham\UserData
2007-06-18 14:43 <DIR> d-------- C:\Program Files\Kazaa
2007-06-17 17:32 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-06-17 17:28 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-06-17 17:28 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-06-17 17:26 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-06-17 12:09 <DIR> d-------- C:\DOCUME~1\beckham\APPLIC~1\AdobeUM
2007-06-17 10:43 <DIR> d-------- C:\DOCUME~1\beckham\APPLIC~1\SpamTest
2007-06-17 09:51 86,016 -ra------ C:\WINDOWS\system32\nvwrszht.dll
2007-06-17 09:51 86,016 -ra------ C:\WINDOWS\system32\nvwrszhc.dll
2007-06-17 09:51 835,654 -ra------ C:\WINDOWS\system32\nview.dll
2007-06-17 09:51 69,632 -ra------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-17 09:51 512,000 -ra------ C:\WINDOWS\system32\nviewimg.dll
2007-06-17 09:51 49,152 -ra------ C:\WINDOWS\system32\nvmctray.dll
2007-06-17 09:51 467,016 -ra------ C:\WINDOWS\system32\nvshell.dll
2007-06-17 09:51 4,640,768 -ra------ C:\WINDOWS\system32\nvcpl.dll
2007-06-17 09:51 323,584 -ra------ C:\WINDOWS\system32\nwiz.exe
2007-06-17 09:51 3,764,224 -ra------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-17 09:51 3,403,776 -ra------ C:\WINDOWS\system32\nvrsar.dll
2007-06-17 09:51 3,391,488 -ra------ C:\WINDOWS\system32\nvrshe.dll
2007-06-17 09:51 3,387,392 -ra------ C:\WINDOWS\system32\nvrsja.dll
2007-06-17 09:51 3,383,296 -ra------ C:\WINDOWS\system32\nvrsko.dll
2007-06-17 09:51 3,180,171 -ra------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-17 09:51 286,806 -ra------ C:\WINDOWS\system32\keystone.exe
2007-06-17 09:51 282,624 -ra------ C:\WINDOWS\system32\nvrsesm.dll
2007-06-17 09:51 270,336 -ra------ C:\WINDOWS\system32\nvrsit.dll
2007-06-17 09:51 266,240 -ra------ C:\WINDOWS\system32\nvrsptb.dll
2007-06-17 09:51 266,240 -ra------ C:\WINDOWS\system32\nvrsfr.dll
2007-06-17 09:51 266,240 -ra------ C:\WINDOWS\system32\nvrsde.dll
2007-06-17 09:51 262,144 -ra------ C:\WINDOWS\system32\nvrstr.dll
2007-06-17 09:51 262,144 -ra------ C:\WINDOWS\system32\nvrsru.dll
2007-06-17 09:51 262,144 -ra------ C:\WINDOWS\system32\nvrsnl.dll
2007-06-17 09:51 258,048 -ra------ C:\WINDOWS\system32\nvrssv.dll
2007-06-17 09:51 258,048 -ra------ C:\WINDOWS\system32\nvrsno.dll
2007-06-17 09:51 258,048 -ra------ C:\WINDOWS\system32\nvrses.dll
2007-06-17 09:51 258,048 -ra------ C:\WINDOWS\system32\nvrseng.dll
2007-06-17 09:51 258,048 -ra------ C:\WINDOWS\system32\nvrsda.dll
2007-06-17 09:51 253,952 -ra------ C:\WINDOWS\system32\nvrssl.dll
2007-06-17 09:51 253,952 -ra------ C:\WINDOWS\system32\nvrsel.dll
2007-06-17 09:51 249,856 -ra------ C:\WINDOWS\system32\nvrspt.dll
2007-06-17 09:51 249,856 -ra------ C:\WINDOWS\system32\nvrsfi.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-16 14:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 14:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{FFFFFEF0-5B30-21D4-945D-000000000000}=C:\PROGRA~1\STARDO~1\SDIEInt.dll [2006-02-26 14:44]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-08-03 20:02]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-16 11:56]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 03:41]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 20:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msvccc66]
svcchosst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"nwiz.exe" /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\staeck122]
"C:\Documents and Settings\nancy\2.exe"


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-21 22:14:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-21 22:16:52
C:\ComboFix-quarantined-files.txt ... 2007-06-21 22:16

--- E O F ---

P/S: Other than this trouble, my pc is free from viruses/spywares/malwares ?
SnoopDogg
Regular Member
 
Posts: 61
Joined: March 28th, 2007, 11:41 pm
Location: >_<

Unread postby Trogan » June 21st, 2007, 10:41 am

Hi SnoopDogg! A little left to do.

Please do the following...

1. Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

2. Open Notepad!
Copy and Paste everything from the Quote box into Notepad:

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msvccc66]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\staeck122]



Go to File > Save As
Save File name as Fix.reg
Change Save as Type to All Files and save the file to your desktop.

Close Notepad, and double-click Fix.reg on your Desktop. When it asks if you want to merge the info to the registry, hit YES/OK

3. Run HijackThis and click on Open the Misc Tools section.
Click on Delete a file on reboot...
Copy and paste the following into the "File name:" text box and then click Open:

C:\Documents and Settings\nancy\2.exe

When you are asked "Do you want to restart your computer now?", click OK.

Your PC MUST reboot to delete the file!

4. Run ComboFix and it will produce a new log. Post that back here.

Now try Windows Update again.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby SnoopDogg » June 21st, 2007, 11:26 am

ComboFix 07-06-21.3 - C:\Documents and Settings\beckham\Desktop\Malware Removal\ComboFix.exe
"beckham" - 2007-06-21 23:12:41 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-21 to 2007-06-21 )))))))))))))))))))))))))))))))


2007-06-21 22:50 <DIR> d-------- C:\ERUNT
2007-06-21 22:11 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-21 19:35 997,888 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2007-06-21 19:35 981,504 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2007-06-21 19:35 892,416 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2007-06-21 19:35 816,264 --a------ C:\WINDOWS\system32\wmvdmod.dll
2007-06-21 19:35 81,408 --a------ C:\WINDOWS\system32\logagent.exe
2007-06-21 19:35 760,968 --a------ C:\WINDOWS\system32\wmsdmod.dll
2007-06-21 19:35 670,208 --a------ C:\WINDOWS\system32\wmadmoe.dll
2007-06-21 19:35 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2007-06-21 19:35 486,536 --a------ C:\WINDOWS\system32\wmspdmod.dll
2007-06-21 19:35 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2007-06-21 19:35 316,040 --a------ C:\WINDOWS\system32\mp43dmod.dll
2007-06-21 19:35 241,664 --a------ C:\WINDOWS\system32\qasf.dll
2007-06-21 19:35 241,664 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2007-06-21 19:35 143,360 --a------ C:\WINDOWS\system32\wmidx.dll
2007-06-21 19:35 1,111,040 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2007-06-21 19:35 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-06-21 19:34 82,432 --a------ C:\WINDOWS\system32\drmstor.dll
2007-06-21 19:34 678,912 --a------ C:\WINDOWS\system32\drmv2clt.dll
2007-06-21 19:34 301,712 --a------ C:\WINDOWS\system32\drmclien.dll
2007-06-21 19:34 253,952 --a------ C:\WINDOWS\system32\msnetobj.dll
2007-06-21 19:34 232,960 --a------ C:\WINDOWS\system32\blackbox.dll
2007-06-21 19:33 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-06-21 19:33 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-06-21 19:33 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-06-21 19:33 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-06-21 19:33 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-06-21 19:33 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-06-21 19:33 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-06-21 19:33 <DIR> d-------- C:\Program Files\Ahead
2007-06-21 16:07 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-06-21 16:07 14,949 --a------ C:\WINDOWS\War3Unin.dat
2007-06-21 16:07 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-06-21 11:45 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-20 21:31 <DIR> d-------- C:\Panda AV report
2007-06-20 20:25 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-20 19:19 <DIR> d-------- C:\DOCUME~1\sally\APPLIC~1\Lavasoft
2007-06-20 00:39 <DIR> d-------- C:\DOCUME~1\nancy\APPLIC~1\AdobeUM
2007-06-20 00:22 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-20 00:20 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-06-20 00:20 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-06-20 00:20 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-06-20 00:20 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-06-20 00:20 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-06-20 00:20 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-06-20 00:20 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-06-19 22:07 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-06-19 22:07 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-06-19 22:07 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-06-19 22:07 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-06-19 22:07 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-06-19 22:06 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-06-19 21:34 <DIR> d-------- C:\Download
2007-06-19 21:33 <DIR> d-------- C:\Program Files\Star Downloader
2007-06-19 21:28 <DIR> d-------- C:\Program Files\LeechGet 2007
2007-06-19 19:31 <DIR> d-------- C:\DOCUME~1\sally\Contacts
2007-06-19 19:30 786,432 --ah----- C:\DOCUME~1\sally\NTUSER.DAT
2007-06-19 19:30 <DIR> d-------- C:\DOCUME~1\sally\APPLIC~1\Webroot
2007-06-19 17:39 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-06-18 21:52 <DIR> d-------- C:\HijackThis
2007-06-18 20:48 <DIR> d---s---- C:\DOCUME~1\beckham\UserData
2007-06-18 14:43 <DIR> d-------- C:\Program Files\Kazaa
2007-06-17 17:32 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-06-17 17:28 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-06-17 17:28 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-06-17 17:26 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-06-17 12:09 <DIR> d-------- C:\DOCUME~1\beckham\APPLIC~1\AdobeUM
2007-06-17 10:43 <DIR> d-------- C:\DOCUME~1\beckham\APPLIC~1\SpamTest
2007-06-17 09:51 86,016 -ra------ C:\WINDOWS\system32\nvwrszht.dll
2007-06-17 09:51 86,016 -ra------ C:\WINDOWS\system32\nvwrszhc.dll
2007-06-17 09:51 835,654 -ra------ C:\WINDOWS\system32\nview.dll
2007-06-17 09:51 69,632 -ra------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-17 09:51 512,000 -ra------ C:\WINDOWS\system32\nviewimg.dll
2007-06-17 09:51 49,152 -ra------ C:\WINDOWS\system32\nvmctray.dll
2007-06-17 09:51 467,016 -ra------ C:\WINDOWS\system32\nvshell.dll
2007-06-17 09:51 4,640,768 -ra------ C:\WINDOWS\system32\nvcpl.dll
2007-06-17 09:51 323,584 -ra------ C:\WINDOWS\system32\nwiz.exe
2007-06-17 09:51 3,764,224 -ra------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-17 09:51 3,403,776 -ra------ C:\WINDOWS\system32\nvrsar.dll
2007-06-17 09:51 3,391,488 -ra------ C:\WINDOWS\system32\nvrshe.dll
2007-06-17 09:51 3,387,392 -ra------ C:\WINDOWS\system32\nvrsja.dll
2007-06-17 09:51 3,383,296 -ra------ C:\WINDOWS\system32\nvrsko.dll
2007-06-17 09:51 3,180,171 -ra------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-17 09:51 286,806 -ra------ C:\WINDOWS\system32\keystone.exe
2007-06-17 09:51 282,624 -ra------ C:\WINDOWS\system32\nvrsesm.dll
2007-06-17 09:51 270,336 -ra------ C:\WINDOWS\system32\nvrsit.dll
2007-06-17 09:51 266,240 -ra------ C:\WINDOWS\system32\nvrsptb.dll
2007-06-17 09:51 266,240 -ra------ C:\WINDOWS\system32\nvrsfr.dll
2007-06-17 09:51 266,240 -ra------ C:\WINDOWS\system32\nvrsde.dll
2007-06-17 09:51 262,144 -ra------ C:\WINDOWS\system32\nvrstr.dll
2007-06-17 09:51 262,144 -ra------ C:\WINDOWS\system32\nvrsru.dll
2007-06-17 09:51 262,144 -ra------ C:\WINDOWS\system32\nvrsnl.dll
2007-06-17 09:51 258,048 -ra------ C:\WINDOWS\system32\nvrssv.dll
2007-06-17 09:51 258,048 -ra------ C:\WINDOWS\system32\nvrsno.dll
2007-06-17 09:51 258,048 -ra------ C:\WINDOWS\system32\nvrses.dll
2007-06-17 09:51 258,048 -ra------ C:\WINDOWS\system32\nvrseng.dll
2007-06-17 09:51 258,048 -ra------ C:\WINDOWS\system32\nvrsda.dll
2007-06-17 09:51 253,952 -ra------ C:\WINDOWS\system32\nvrssl.dll
2007-06-17 09:51 253,952 -ra------ C:\WINDOWS\system32\nvrsel.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-16 14:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 14:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{FFFFFEF0-5B30-21D4-945D-000000000000}=C:\PROGRA~1\STARDO~1\SDIEInt.dll [2006-02-26 14:44]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-08-03 20:02]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-16 11:56]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 03:41]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 20:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"nwiz.exe" /install


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-21 23:15:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-21 23:18:31
C:\ComboFix-quarantined-files.txt ... 2007-06-21 23:17
C:\ComboFix2.txt ... 2007-06-21 22:16

--- E O F ---
SnoopDogg
Regular Member
 
Posts: 61
Joined: March 28th, 2007, 11:41 pm
Location: >_<

Unread postby Trogan » June 21st, 2007, 11:29 am

Looks good!

Any change with Windows Update?
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby SnoopDogg » June 21st, 2007, 11:36 am

stayed the same...

hey man i dont know how to post the picture here so i used the download link method instead

http://www.freefilespot.com/download.ph ... 2f9f888f75

this is what i get everytime i try to update windows, even after everything we have done.
SnoopDogg
Regular Member
 
Posts: 61
Joined: March 28th, 2007, 11:41 pm
Location: >_<

Unread postby Trogan » June 21st, 2007, 11:49 am

Do this:

- On the error, click on "Click here" and post a screenshot of that.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby SnoopDogg » June 22nd, 2007, 12:36 am

SnoopDogg
Regular Member
 
Posts: 61
Joined: March 28th, 2007, 11:41 pm
Location: >_<

Unread postby Trogan » June 22nd, 2007, 7:30 am

Hi, thanks for the images.

I found out that the error has to do with: STATUS_ACCESS_VIOLATION

I think this has to do with either a hardware or driver problem, but not totally sure. Have you got the latest drivers for your computer?

Let me know, and then I'll some other people if they can help.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby SnoopDogg » June 22nd, 2007, 8:17 am

sorry to tell but i dont really know abt drivers to install and stuffs. well anyway, forget abt that alright. jz a minor problem.

THanKS a BuNCH for helping me to clean those malwares and stuffs... *respect*
SnoopDogg
Regular Member
 
Posts: 61
Joined: March 28th, 2007, 11:41 pm
Location: >_<

Unread postby Trogan » June 22nd, 2007, 8:21 am

OK, you're welcome! :)

Here are some tips for a clean and scure computer.

For XP users.
It's a good idea to Flush your System Restore points after ridding yourself of malware. You can clean this by doing the following:

  • Click Start | Help and Support | Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close the Help and Support Center box.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.
This will remove all previous restore points except the newly created one.

Make your Internet Explorer more secure
  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click on the Security tab
  3. Click the Internet icon so it becomes highlighted.
  4. Click on Default Level and click OK
  5. Click on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • Internet Explorer 7 users: Check all other items and make sure that they meet the (recommended) setting when applies.
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the
    settings, press the Yes button.
  6. Next press the Apply button and then the OK to exit the Internet Properties page.
Keep your Sun Java up to date

The most current version of Sun Java is: Java Runtime Environment Version 6.0
http://java.sun.com/javase/downloads/index.jsp

  • Scroll down to where it says Java Runtime Environment (JRE) 6.
  • Click the Download button to the right.
  • Check the box that says: Accept License Agreement.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
And in the future, remember to remove older versions of Java when you update to a newer version to avoid exploitation of older versions left on your system.

Free programs that may help you in keeping the PC clean

  • SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
    You can download SpywareBlaster here
    A tutorial can be found here
  • SpywareGuard
    It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method. An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware. And you can easily have an anti-virus program running alongside SpywareGuard. It also features Download Protection and Browser Hijacking Protection.
    You can download SpywareGuard here
    A tutorial can be found here
  • IE-SPYAD
    IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It basically prevents any downloads, cookies, scripts from the sites listed, although you will still be able to connect to the sites.
    You can download IE-SPYAD here
    A tutorial can be found here
  • Hosts File
    A Hosts file replaces your current HOSTS file with one containing well known ad, spyware sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    A tutorial can be found here
    • MVPS Hosts File
      You can download the MVPS Hosts File here
      Furthermore the website contains useful tips and links to other resources and utilities.
    • Bluetack's Hosts File and Hosts Manager
      Essentially based on the research made by Webhelper, Andrew Clover and Eric L. Howes, it contains most if not all the known spyware sites...sites responsible for hijacks, rogue apllications etc...
      Download Bluetack's Hosts file here
      Download Bluetack's HostsManager here
Free Spyware Detection and Removal Programs
  • Ad-Aware
    It scans for known spyware on your computer. These scans should be run at least once every two weeks.
    You can download Ad-Aware here
    A tutorial can be found here
  • Spybot - Search & Destroy
    It scans for spyware and other malicious programs. Spybot has preventitive tools that stop programs from even installing on your computer.
    You can download Spybot - S&D here
    A tutorial can be found here
Before adding any other Spyware Detection and Removal programs always check the Rogue Anti-Spyware List for programs known to be misleading, mistaken, or just outright Foistware.
You will find the list here

WinPatrol

WinPatrol uses a heuristic approach to detecting attacks and violations of your computing environment. Traditional security programs scan your hard drive searching for previously identified threats. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You'll be removing dangerous new programs while others download new reference files.

  • Detect & Neutralize Spyware.
  • Detect & Neutralize ADware.
  • Detect & Neutralize Viral infections.
  • Detect & Neutralize Unwanted IE Add-Ons.
  • Detect & Restore File Type Changes.
  • Automatically Filter Unwanted Cookies.
  • Avoid Start Page Hijacking.
  • Detect changes to HOSTS & critical system files.
  • Kill Multiple Tasks that replicate each other, in a single step!
  • Stop programs that repeatedly add themselves to your Startup List!
Starting with WinPatrol 9.5 PLUS users also get the addition of Real-time Infiltration Detection so they'll know immediately when changes are made to critical system areas. WinPatrol Free is not demo or trial software. You're welcome to use it as long as you like.
You can download WinPatrol here
WinPatrol FAQ

SiteHound by Firetrust

Firetrust introduces the SiteHound Toolbar - the safe way to browse the Internet. With SiteHound, when you browse the Internet, you're shown a warning page every time you go to a site which is a known scam, potentially loads viruses or spyware on to your computer, has questionable content or anything you would not consider reasonable. You are shown a warning page with information about that site. From there you can choose to enter the site or go back. SiteHound is a free add-on to Internet Explorer. (Users of Firefox - a version for you is coming soon.) SiteHound's comprehensive database gathers the knowledge from other users and respected experts from the online security community to tell you which sites are real and which are bogus.

SiteHound will alert you when you enter a site which is known to contain:
  • Fraudulent claims or scams
  • Offensive material
  • Security vulnerabilities
  • Spyware or Adware
  • Spam related material
  • or other content deemed to be unsafe

Specifically, SiteHound blocks these categories:

• Adult • Spyware • Spam Advertising • Phishing • Possible scam or fraud • Misleading or False Advertising
• Pharming • Rogue or Suspect Product • Adware • Malware or Virus

System Requirements:
Internet Explorer 5.5+ and Windows 95/98/NT 4/ME/2000/XP

Product Info & Download: SiteHound Toolbar

Use an AntiVirus Software

It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See the link below for a listing of some online & their stand-alone antivirus programs.
Computer Safety On line - Anti-Virus
http://forum.malwareremoval.com/viewtopic.php?p=53#53

Update your Anti Virus Software

It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall

I can not stress enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below.
Computer Safety On line - Software Firewalls
http://forum.malwareremoval.com/viewtopic.php?p=56#56
A tutorial on Understanding and Using Firewalls can be found here

Happy Surfing! :)
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 488 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware