spyware sh*tiness (Full Version)

All Forums >> [Community] >> Computer Software and Hardware issues



Message

d a v e -> spyware sh*tiness (7/28/2006 9:29:19)

**** spyware and all that crap. along with my minor display problem (post below ?!) i have installed these programs
spydoctor
spycatcher
superadblocker
in addition to my already installed spybot, adaware and that er adbuster thing (on linux at the mo' so can't check the name)

managed to rid myself of isshost.exe and similar but when i check with the above programs i get 5 or so results of trojans/malware/spyware (or more for spydoctor!)

now i can't get into safe mode properly (black screen with safe mode in corners and nothing else), no more popups in systray but system is slow, though useable and seem to have unkown processes running.

win xp sp2 all updates, f-secure antivirus and firewall, only use IE for testing and security settings are set to high.

all this is my own fault since i donwloaded a dodgy file... :( where do i start? is there a good site like - what to do when your system is bogged down with spyware (imagine the google search results for that ;(

HELP!!!
dave :(



Taz -> RE: spyware sh*tiness (7/28/2006 9:56:10)

Try the Hijackthis forum and tool/utility, they should be able to help you out.



rdouglass -> RE: spyware sh*tiness (7/28/2006 10:21:15)

Haven't tried it but I think Grisoft / AVG has a new freebie spyware tool at their free.grisoft.com site.

I use Pest Patrol but it's not free.



caz -> RE: spyware sh*tiness (7/28/2006 12:53:02)

You could try this version of Hijackthis and use their forum too.

emsisoft

They also make a-squared anti-malware application which I have used for ages and not had a problem. (Fingers always crossed when talking malware. [;)])



jaybee -> RE: spyware sh*tiness (7/28/2006 13:21:38)

Go to Hijack This, download the software, run it, copy the log and post it on the Hijack This forum and they'll help you out.

(D'ya think he's got the message to try Hijack this?) [:D]



Taz -> RE: spyware sh*tiness (7/28/2006 13:48:29)

One would hope so by now. [image]http://ganjataz.com/smileys/01-blueball/images/neon/neon-blue-happy.gif[/image]



womble -> RE: spyware sh*tiness (7/28/2006 15:07:24)

Just incase....perhaps you could try the Hijack This forum Dave? Not sure if anyone's mentioned that to you....[8D]



rdouglass -> RE: spyware sh*tiness (7/28/2006 16:10:55)

One thing against HiJackThis: It takes a long time to get answers/results/etc. Much longer than running a single app. I always try the 'removal' app first.

But maybe you should try HiJackThis. [;)] (But then again, you may not need that sledgehammer to smash the mosquito.)



d a v e -> RE: spyware sh*tiness (7/28/2006 16:26:21)

with all the recommended spy/adware etc progs i found these so far
- mru list (ok possibly not so important)
- win32.trojan.downloader
- true sword
- Smitfraud-c
cws.msconfig
and various registry invalid entries

cleaned all of them so far... haven't got to hijakc this yet ;)



BobbyDouglas -> RE: spyware sh*tiness (7/28/2006 16:28:59)

Post your HJT log here and I can take a look for ya.

Edit: Only run HJT after you have tried the other stuff.



d a v e -> RE: spyware sh*tiness (7/28/2006 16:36:35)

tried all the other stuff. just ran hjt and the log is here
http://members.tiscali.fi/dave_pirjo/test-area/hijackthislog.txt

thanks loads!!!!!!!!!!!1

p.s. i still have the minor display issue and i can't get all the way into safe mode - i get as far as the screen that asks to proceed in safe mode and then when i should get the desktop all i have is the black screen (with white 'shite oops safe - mode) in the corners. i can ctrl-alt-delete to see task manager and that's all... :(



BobbyDouglas -> RE: spyware sh*tiness (7/28/2006 19:47:20)

Did you close everything down before running HJT? I see a couple things that shouldn't be seen... If not, close everything down you don't need, and then run HJT again and post the log.

Also, have you ran Spybot/AdAware? Another good one with a short trial is this one.

quote:

i can ctrl-alt-delete to see task manager and that's all

- Hmmm... What processes do you see running?

Btw, do you have Skype?



d a v e -> RE: spyware sh*tiness (7/29/2006 15:14:32)

bobby the only thing i left running after booting up was my antivirus (f-secure) although i didn't end task anything else... i uploaded the log file again

i ran spybot and found and removed
true sword and smitfraud-c

ran adaware and found and removed
mru list, win32

ran cws shredder and found and removed
CWS.msconfig

ran Ewido and found
virtuamonde in windows/system/mlljj.dll and even though i clean that i keep getting it coming up several times in the realtime protection/guard wotsit

i'm on skype but my credit is finished and it's difficult to find more than 10 minutes at a time when i don't need to look after the twins (sometimes i get a couple of hours, bliss, but can never be sure;)

you can email me at davepk [at] regionline.fi

thanks again




BobbyDouglas -> RE: spyware sh*tiness (7/29/2006 18:45:53)

lol Dave, I'll send you an e-mail. Virtuamonde takes a special .exe file to fully remove, I'll send you details on that nasty one.



d a v e -> RE: spyware sh*tiness (7/30/2006 1:22:35)

thanks!



jaybee -> RE: spyware sh*tiness (7/30/2006 5:21:06)

I'm sure BD will have mentioned this but just in case, make sure you've removed all MS restore files and turn off the auto backup until you're clean as the files get saved in there.

Drove me nuts once trying to kill off a Trojan that I'd cleaned out but kept getting reports. It was sat in the restore file.

And if BD is on Skype and you're on Skype you don't need credit to talk.



d a v e -> RE: spyware sh*tiness (7/30/2006 6:59:39)

hmm good point: turned those off now... :)

"And if BD is on Skype and you're on Skype you don't need credit to talk. "
i knew that but i like to keep mods on their toes [8|]

the problem is that i don't know when i'm free to talk or for how long because my two little 4-month-old dears like to keep me busy :)



BobbyDouglas -> RE: spyware sh*tiness (7/30/2006 17:54:37)

quote:

the problem is that i don't know when i'm free to talk or for how long because my two little 4-month-old dears like to keep me busy :)

- NP, I'm writing it all up right now.



BobbyDouglas -> RE: spyware sh*tiness (7/30/2006 18:38:13)

Alright, I sent it off. Make sure everything is done in the steps listed!



d a v e -> RE: spyware sh*tiness (7/31/2006 11:14:57)

did everything in the steps listed
the logs are in this directory
http://members.tiscali.fi/dave_pirjo/test-area/logs/

again - many thanks!!!



BobbyDouglas -> RE: spyware sh*tiness (7/31/2006 14:04:27)

How does everything run? These two lines on your scan worry me:
quote:

Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Common Files\{98269753-0771-1033-0623-05031020002c}\services.dll
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\TClock\tclock_install.exe[²ÜÇ\System.dll]


I'll have to ask someone about that first line, to ensure it can be removed manually. Can you navigate to those two folders where the files are located to make sure they exist?

Open HJT and run a scan, put a check next to: O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)

Rerun scan, update HJT log.

Can you boot into safe mode now? What are your current symptons?

----------

Edit, get a better e-mail virus scanner. Your current one did not pick up a ton of nasty viruses and such that were in your e-mail.



BobbyDouglas -> RE: spyware sh*tiness (7/31/2006 14:22:42)

Did you install a T-Clock program for your taskbar?



d a v e -> RE: spyware sh*tiness (7/31/2006 14:26:45)

quote:

ORIGINAL: BobbyDouglas

How does everything run? These two lines on your scan worry me:
quote:

Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Common Files\{98269753-0771-1033-0623-05031020002c}\services.dll
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\TClock\tclock_install.exe[²ÜÇ\System.dll]


running more or less ok now, well for windows ;)
yes i can navigate to those files

quote:

I'll have to ask someone about that first line, to ensure it can be removed manually. Can you navigate to those two folders where the files are located to make sure they exist?

Open HJT and run a scan, put a check next to: O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)

Rerun scan, update HJT log.


done that (i assume you meant to check that line and fix it?! it was gone after the next scan - log is updated

Can you boot into safe mode now? What are your current symptons?
i'll try booting into safe mode

i still have that annoying display error on the file menus but otherwise everything seems ok.

hmm re: the email virus scanner: i noticed that panda picked up loads in ym emais as well but i notice that f-secure picks a lot up too when they come in and then they are there in my junk folder (which is where panda finds them) so not sure about that [sm=ask.gif]
----------

Edit, get a better e-mail virus scanner. Your current one did not pick up a ton of nasty viruses and such that were in your e-mail.


update: i can boot into safe mode now. also saved a hjt log from safe mode as well.



BobbyDouglas -> RE: spyware sh*tiness (7/31/2006 14:33:21)

quote:

done that (i assume you meant to check that line and fix it?! it was gone after the next scan - log is updated

- Yes thanks.

quote:

i still have that annoying display error on the file menus but otherwise everything seems ok.

- Can you explain this some more, maybe provide a screenshot?

quote:

when they come in and then they are there in my junk folder (which is where panda finds them) so not sure about that :)

- It doesn't matter the folder they are in, you still have a high chance of being infected if your AV doesn't pick them up.

I just need some more info on your current symptons, it looks to me we got the nasty part gone.



d a v e -> RE: spyware sh*tiness (7/31/2006 14:49:18)

re: display see attached

no other symptoms except ewido finds backdoor.genlot and the virtumonde.

it seems whichever adware you use they all find a different one!

[image]local://upfiles/5827/21BEB8255F46496D92BD4F4BAF266655.jpg[/image]



BobbyDouglas -> RE: spyware sh*tiness (7/31/2006 15:00:12)

Can you show me anymore info from the ewido results?



BobbyDouglas -> RE: spyware sh*tiness (7/31/2006 15:19:49)

Have you tried to remove backdoor.genlot using Ewido?

Still unanswered:
quote:

Did you install a T-Clock program for your taskbar?



d a v e -> RE: spyware sh*tiness (7/31/2006 15:20:48)

not yet will try later after baby duty ;)



d a v e -> RE: spyware sh*tiness (8/2/2006 17:18:12)

sorry bobby - only had time for a couple of quick posts here and there as the kids had a innoculations for some poo virus (huh they get everyone those viruses;) and they've been *upset* about it. anyway enough baby stuff:

will do scan tomorrow (thursday) and post then. when i do i'll see if i can remove backdoor.genlot with it.

no i didn't install t-clock for my taskbar, as far as i remember, it's not the kind of thing i would like to do anyway :) it's not part of tweak ui is it??

speak to you soonish when i can :)



BobbyDouglas -> RE: spyware sh*tiness (8/3/2006 1:02:47)

quote:

no i didn't install t-clock for my taskbar

- If you didn't install it, and don't use it, you don't need it. See if you can uninstall it via Add/Remove Progs.

While you've been taking care of the kids, I have been turning my bedroom into an awesome home theater room (I'll be posting pics pretty soon). [8D]



Page: [1] 2   next >   >>

Valid CSS!




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI
0.078125