spyware sh*tiness

	Home Register Search Help Login

Sponsors

Shopping Cart Software
Ecommerce software integrated into Frontpage, Dreamweaver and Golive templates. No monthly fees and available in ASP and PHP versions.

Website Templates
We also have a wide selection of Dreamweaver, Expression Web and Frontpage templates as well as webmaster tools and CSS layouts.

Frontpage website templates
Creative Website Templates for FrontPage, Dreamweaver, Flash, SwishMax

Search Forums

Recent Posts

Todays Posts
Most Active posts
Posts since last visit
My Recent Posts
Mark posts read

spyware sh*tiness

View related threads: (in this forum | in all forums)

Logged in as: Guest

Users viewing this topic: none

Printable Version

All Forums >> Community >> Computer Software and Hardware issues >> spyware sh*tiness

Page: [1] 2 next > >>


d a v e Posts: 4009 Joined: 7/24/2002 From: England (but live in Finland now) Status: offline	spyware shtiness - 7/28/2006 9:29:19 * spyware and all that crap. along with my minor display problem (post below ?!) i have installed these programs spydoctor spycatcher superadblocker in addition to my already installed spybot, adaware and that er adbuster thing (on linux at the mo' so can't check the name) managed to rid myself of isshost.exe and similar but when i check with the above programs i get 5 or so results of trojans/malware/spyware (or more for spydoctor!) now i can't get into safe mode properly (black screen with safe mode in corners and nothing else), no more popups in systray but system is slow, though useable and seem to have unkown processes running. win xp sp2 all updates, f-secure antivirus and firewall, only use IE for testing and security settings are set to high. all this is my own fault since i donwloaded a dodgy file... :( where do i start? is there a good site like - what to do when your system is bogged down with spyware (imagine the google search results for that ;( HELP!!! dave :( _____________________________ David Prescott Gekko web design**


Taz Posts: 2792 Joined: 7/6/2004 From: U.K (Formerly outer space.) Status: offline	RE: spyware sh*tiness - 7/28/2006 9:56:10 Try the Hijackthis forum and tool/utility, they should be able to help you out. _____________________________ Smiley T-Shirts and other Geeky fun stuff, Smileys and phpbb Smiley paks. (in reply to d a v e)


rdouglass Posts: 9167 From: Biddeford, ME USA Status: offline	RE: spyware sh*tiness - 7/28/2006 10:21:15 Haven't tried it but I think Grisoft / AVG has a new freebie spyware tool at their free.grisoft.com site. I use Pest Patrol but it's not free. _____________________________ Don't take you're eye off your final destination. ASP Checkbox Function Tutorial. (in reply to Taz)


caz Posts: 3466 Joined: 10/10/2001 From: Somewhere south of Chester, UK Status: offline	RE: spyware sh*tiness - 7/28/2006 12:53:02 You could try this version of Hijackthis and use their forum too. emsisoft They also make a-squared anti-malware application which I have used for ages and not had a problem. (Fingers always crossed when talking malware. ) _____________________________ Do not meddle in the affairs of cats, for they are subtle and will dance, or more on your keyboard. Cheshire cat. www.doracat.co.uk I remember when it took less than 4hrs to fly across the Atlantic. (in reply to rdouglass)


jaybee Posts: 13957 Joined: 10/7/2003 From: Berkshire, UK Status: offline	RE: spyware shtiness - 7/28/2006 13:21:38 Go to Hijack This, download the software, run it, copy the log and post it on the Hijack This forum and they'll help you out. (D'ya think he's got the message to try Hijack this?) _____________________________ If it ain't broke..... fix it until it is. GAWDS* Now where did I put that Doctype? (in reply to caz)


Taz Posts: 2792 Joined: 7/6/2004 From: U.K (Formerly outer space.) Status: offline	RE: spyware sh*tiness - 7/28/2006 13:48:29 One would hope so by now. _____________________________ Smiley T-Shirts and other Geeky fun stuff, Smileys and phpbb Smiley paks. (in reply to jaybee)


womble Posts: 5458 Joined: 3/14/2005 From: Living on the edge Status: offline	RE: spyware sh*tiness - 7/28/2006 15:07:24 Just incase....perhaps you could try the Hijack This forum Dave? Not sure if anyone's mentioned that to you.... _____________________________ ~~ "A cruel god ain't no god at all" ~~ (in reply to Taz)


rdouglass Posts: 9167 From: Biddeford, ME USA Status: offline	RE: spyware sh*tiness - 7/28/2006 16:10:55 One thing against HiJackThis: It takes a long time to get answers/results/etc. Much longer than running a single app. I always try the 'removal' app first. But maybe you should try HiJackThis. (But then again, you may not need that sledgehammer to smash the mosquito.) _____________________________ Don't take you're eye off your final destination. ASP Checkbox Function Tutorial. (in reply to womble)


d a v e Posts: 4009 Joined: 7/24/2002 From: England (but live in Finland now) Status: offline	RE: spyware shtiness - 7/28/2006 16:26:21 with all the recommended spy/adware etc progs i found these so far - mru list (ok possibly not so important) - win32.trojan.downloader - true sword - Smitfraud-c cws.msconfig and various registry invalid entries cleaned all of them so far... haven't got to hijakc this yet ;) _____________________________ David Prescott Gekko web design* (in reply to rdouglass)


BobbyDouglas Posts: 5431 Joined: 5/15/2003 From: Arizona Status: offline	RE: spyware shtiness - 7/28/2006 16:28:59 Post your HJT log here and I can take a look for ya. Edit: Only run HJT after you have tried the other stuff.* _____________________________ Arizona Web Design - Mr Bobs Web Design in Arizona The Arizona Web Hosting Challenge (in reply to rdouglass)


d a v e Posts: 4009 Joined: 7/24/2002 From: England (but live in Finland now) Status: offline	RE: spyware shtiness - 7/28/2006 16:36:35 tried all the other stuff. just ran hjt and the log is here http://members.tiscali.fi/dave_pirjo/test-area/hijackthislog.txt thanks loads!!!!!!!!!!!1 p.s. i still have the minor display issue and i can't get all the way into safe mode - i get as far as the screen that asks to proceed in safe mode and then when i should get the desktop all i have is the black screen (with white 'shite oops safe - mode) in the corners. i can ctrl-alt-delete to see task manager and that's all... :( _____________________________ David Prescott Gekko web design* (in reply to BobbyDouglas)


BobbyDouglas Posts: 5431 Joined: 5/15/2003 From: Arizona Status: offline	RE: spyware shtiness - 7/28/2006 19:47:20 Did you close everything down before running HJT? I see a couple things that shouldn't be seen... If not, close everything down you don't need, and then run HJT again and post the log. Also, have you ran Spybot/AdAware? Another good one with a short trial is this one. quote:* i can ctrl-alt-delete to see task manager and that's all - Hmmm... What processes do you see running? Btw, do you have Skype? < Message edited by BobbyDouglas -- 7/28/2006 19:56:55 > _____________________________ Arizona Web Design - Mr Bobs Web Design in Arizona The Arizona Web Hosting Challenge (in reply to d a v e)


d a v e Posts: 4009 Joined: 7/24/2002 From: England (but live in Finland now) Status: offline	RE: spyware shtiness - 7/29/2006 15:14:32 bobby the only thing i left running after booting up was my antivirus (f-secure) although i didn't end task anything else... i uploaded the log file again i ran spybot and found and removed true sword and smitfraud-c ran adaware and found and removed mru list, win32 ran cws shredder and found and removed CWS.msconfig ran Ewido and found virtuamonde in windows/system/mlljj.dll and even though i clean that i keep getting it coming up several times in the realtime protection/guard wotsit i'm on skype but my credit is finished and it's difficult to find more than 10 minutes at a time when i don't need to look after the twins (sometimes i get a couple of hours, bliss, but can never be sure;) you can email me at davepk [at] regionline.fi thanks again _____________________________ David Prescott Gekko web design* (in reply to BobbyDouglas)


BobbyDouglas Posts: 5431 Joined: 5/15/2003 From: Arizona Status: offline	RE: spyware sh*tiness - 7/29/2006 18:45:53 lol Dave, I'll send you an e-mail. Virtuamonde takes a special .exe file to fully remove, I'll send you details on that nasty one. _____________________________ Arizona Web Design - Mr Bobs Web Design in Arizona The Arizona Web Hosting Challenge (in reply to d a v e)


d a v e Posts: 4009 Joined: 7/24/2002 From: England (but live in Finland now) Status: offline	RE: spyware shtiness - 7/30/2006 1:22:35 thanks! _____________________________ David Prescott Gekko web design* (in reply to BobbyDouglas)


jaybee Posts: 13957 Joined: 10/7/2003 From: Berkshire, UK Status: offline	RE: spyware shtiness - 7/30/2006 5:21:06 I'm sure BD will have mentioned this but just in case, make sure you've removed all MS restore files and turn off the auto backup until you're clean as the files get saved in there. Drove me nuts once trying to kill off a Trojan that I'd cleaned out but kept getting reports. It was sat in the restore file. And if BD is on Skype and you're on Skype you don't need credit to talk. _____________________________ If it ain't broke..... fix it until it is. GAWDS* Now where did I put that Doctype? (in reply to d a v e)


d a v e Posts: 4009 Joined: 7/24/2002 From: England (but live in Finland now) Status: offline	RE: spyware shtiness - 7/30/2006 6:59:39 hmm good point: turned those off now... :) "And if BD is on Skype and you're on Skype you don't need credit to talk. " i knew that but i like to keep mods on their toes the problem is that i don't know when i'm free to talk or for how long because my two little 4-month-old dears like to keep me busy :) _____________________________ David Prescott Gekko web design* (in reply to jaybee)


BobbyDouglas Posts: 5431 Joined: 5/15/2003 From: Arizona Status: offline	RE: spyware shtiness - 7/30/2006 17:54:37 quote:* the problem is that i don't know when i'm free to talk or for how long because my two little 4-month-old dears like to keep me busy :) - NP, I'm writing it all up right now. _____________________________ Arizona Web Design - Mr Bobs Web Design in Arizona The Arizona Web Hosting Challenge (in reply to d a v e)


BobbyDouglas Posts: 5431 Joined: 5/15/2003 From: Arizona Status: offline	RE: spyware sh*tiness - 7/30/2006 18:38:13 Alright, I sent it off. Make sure everything is done in the steps listed! _____________________________ Arizona Web Design - Mr Bobs Web Design in Arizona The Arizona Web Hosting Challenge (in reply to BobbyDouglas)


d a v e Posts: 4009 Joined: 7/24/2002 From: England (but live in Finland now) Status: offline	RE: spyware shtiness - 7/31/2006 11:14:57 did everything in the steps listed the logs are in this directory http://members.tiscali.fi/dave_pirjo/test-area/logs/ again - many thanks!!! _____________________________ David Prescott Gekko web design* (in reply to BobbyDouglas)


BobbyDouglas Posts: 5431 Joined: 5/15/2003 From: Arizona Status: offline	RE: spyware shtiness - 7/31/2006 14:04:27 How does everything run? These two lines on your scan worry me: quote:* Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Common Files\{98269753-0771-1033-0623-05031020002c}\services.dll Adware:Adware/DollarRevenue Not disinfected C:\Program Files\TClock\tclock_install.exe[��\System.dll] I'll have to ask someone about that first line, to ensure it can be removed manually. Can you navigate to those two folders where the files are located to make sure they exist? Open HJT and run a scan, put a check next to: O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing) Rerun scan, update HJT log. Can you boot into safe mode now? What are your current symptons? ---------- Edit, get a better e-mail virus scanner. Your current one did not pick up a ton of nasty viruses and such that were in your e-mail. < Message edited by BobbyDouglas -- 7/31/2006 14:15:20 > _____________________________ Arizona Web Design - Mr Bobs Web Design in Arizona The Arizona Web Hosting Challenge (in reply to d a v e)


BobbyDouglas Posts: 5431 Joined: 5/15/2003 From: Arizona Status: offline	RE: spyware sh*tiness - 7/31/2006 14:22:42 Did you install a T-Clock program for your taskbar? _____________________________ Arizona Web Design - Mr Bobs Web Design in Arizona The Arizona Web Hosting Challenge (in reply to BobbyDouglas)

d a v e

Posts: 4009
Joined: 7/24/2002
From: England (but live in Finland now)
Status: offline

RE: spyware sh*tiness - 7/31/2006 14:26:45

quote:

ORIGINAL: BobbyDouglas

How does everything run? These two lines on your scan worry me:

quote:

Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Common Files\{98269753-0771-1033-0623-05031020002c}\services.dll
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\TClock\tclock_install.exe[��\System.dll]

running more or less ok now, well for windows ;)
yes i can navigate to those files

quote:

I'll have to ask someone about that first line, to ensure it can be removed manually. Can you navigate to those two folders where the files are located to make sure they exist?

Open HJT and run a scan, put a check next to: O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)

Rerun scan, update HJT log.

done that (i assume you meant to check that line and fix it?! it was gone after the next scan - log is updated

Can you boot into safe mode now? What are your current symptons?
i'll try booting into safe mode

i still have that annoying display error on the file menus but otherwise everything seems ok.

hmm re: the email virus scanner: i noticed that panda picked up loads in ym emais as well but i notice that f-secure picks a lot up too when they come in and then they are there in my junk folder (which is where panda finds them) so not sure about that

----------

Edit, get a better e-mail virus scanner. Your current one did not pick up a ton of nasty viruses and such that were in your e-mail.

update: i can boot into safe mode now. also saved a hjt log from safe mode as well.

< Message edited by d a v e -- 7/31/2006 14:33:27 >

_____________________________

David Prescott
Gekko web design

(in reply to BobbyDouglas)

BobbyDouglas

Posts: 5431
Joined: 5/15/2003
From: Arizona
Status: offline

RE: spyware sh*tiness - 7/31/2006 14:33:21

quote:

done that (i assume you meant to check that line and fix it?! it was gone after the next scan - log is updated

- Yes thanks.

quote:

i still have that annoying display error on the file menus but otherwise everything seems ok.

- Can you explain this some more, maybe provide a screenshot?

quote:

when they come in and then they are there in my junk folder (which is where panda finds them) so not sure about that :)

- It doesn't matter the folder they are in, you still have a high chance of being infected if your AV doesn't pick them up.

I just need some more info on your current symptons, it looks to me we got the nasty part gone.

_____________________________

Arizona Web Design - Mr Bobs Web Design in Arizona
The Arizona Web Hosting Challenge

(in reply to d a v e)


d a v e Posts: 4009 Joined: 7/24/2002 From: England (but live in Finland now) Status: offline	RE: spyware shtiness - 7/31/2006 14:49:18 re: display see attached no other symptoms except ewido finds backdoor.genlot and the virtumonde. it seems whichever adware you use they all find a different one! Thumbnail Image* Attachment (1) _____________________________ David Prescott Gekko web design (in reply to BobbyDouglas)


BobbyDouglas Posts: 5431 Joined: 5/15/2003 From: Arizona Status: offline	RE: spyware sh*tiness - 7/31/2006 15:00:12 Can you show me anymore info from the ewido results? _____________________________ Arizona Web Design - Mr Bobs Web Design in Arizona The Arizona Web Hosting Challenge (in reply to d a v e)


BobbyDouglas Posts: 5431 Joined: 5/15/2003 From: Arizona Status: offline	RE: spyware shtiness - 7/31/2006 15:19:49 Have you tried to remove backdoor.genlot using Ewido? Still unanswered: quote:* Did you install a T-Clock program for your taskbar? _____________________________ Arizona Web Design - Mr Bobs Web Design in Arizona The Arizona Web Hosting Challenge (in reply to BobbyDouglas)


d a v e Posts: 4009 Joined: 7/24/2002 From: England (but live in Finland now) Status: offline	RE: spyware shtiness - 7/31/2006 15:20:48 not yet will try later after baby duty ;) _____________________________ David Prescott Gekko web design* (in reply to BobbyDouglas)


d a v e Posts: 4009 Joined: 7/24/2002 From: England (but live in Finland now) Status: offline	RE: spyware shtiness - 8/2/2006 17:18:12 sorry bobby - only had time for a couple of quick posts here and there as the kids had a innoculations for some poo virus (huh they get everyone those viruses;) and they've been upset* about it. anyway enough baby stuff: will do scan tomorrow (thursday) and post then. when i do i'll see if i can remove backdoor.genlot with it. no i didn't install t-clock for my taskbar, as far as i remember, it's not the kind of thing i would like to do anyway :) it's not part of tweak ui is it?? speak to you soonish when i can :) _____________________________ David Prescott Gekko web design (in reply to d a v e)


BobbyDouglas Posts: 5431 Joined: 5/15/2003 From: Arizona Status: offline	RE: spyware shtiness - 8/3/2006 1:02:47 quote:* no i didn't install t-clock for my taskbar - If you didn't install it, and don't use it, you don't need it. See if you can uninstall it via Add/Remove Progs. While you've been taking care of the kids, I have been turning my bedroom into an awesome home theater room (I'll be posting pics pretty soon). _____________________________ Arizona Web Design - Mr Bobs Web Design in Arizona The Arizona Web Hosting Challenge (in reply to d a v e)

Page: [1] 2 next > >>

All Forums >> Community >> Computer Software and Hardware issues >> spyware sh*tiness

Page: [1] 2 next > >>

Jump to: 1

New Messages	No New Messages
Hot Topic w/ New Messages	Hot Topic w/o New Messages
Locked w/ New Messages	Locked w/o New Messages

Post New Thread

Reply to Message

Post New Poll

Submit Vote

Delete My Own Post

Delete My Own Thread

Rate Posts