SPYWARE THAT WONT GO AWAY!!

Discussion about trojans, worms, etc.

Moderator: 127.0.0.1

SPYWARE THAT WONT GO AWAY!!

Postby Ian2013 » Sat Aug 21, 2004 3:23 pm

Hi my name is Ian and my computer has spyware on it and I need some help. I Have adaware 6.0 and Norton anti virus and search and destroy but after use it the same spyware itmes keep coming back like the Poeple on page and traking co its weird.
can some one please help me! :(
Ian2013
n00b
n00b
 
Posts: 5
Joined: Fri Aug 20, 2004 12:09 am
Location: New Jersey

Postby CyberAcharya » Sat Aug 21, 2004 8:35 pm

Sometimes spywares keeps their information in the registry itself and it should be deleted manually.
If the same spyware is coming than the spyware has stored some cookies do one thing clear all cookies and offline pages you have visited and uninstall the spyware and after that search in the registry for that spyware and delete everything regarding it.
User avatar
CyberAcharya
Level 3 Tech
 
Posts: 291
Joined: Fri Aug 20, 2004 3:04 am

Postby aj » Fri Sep 03, 2004 11:13 pm

use spy-bot,spy-ad exterminater, x-cleaner, and hijack this. use zonealrm to stop the spyware from activating.
User avatar
aj
Power User
Power User
 
Posts: 188
Joined: Sat Aug 14, 2004 8:22 pm

Postby DELETED » Mon Sep 13, 2004 3:41 pm

DELETED
DELETED
 

Postby kindred » Mon Sep 13, 2004 4:08 pm

have you turned off system restore off? Spyware and viruses like to hide in the syste resore folder and that is why somtimes you cant get rid of them. Also if you would I can look into it if you would post a hijack this log.

Get the latest HijackThis.exe. from here http://www.majorgeeks.com/download3155.html

and post the results here

http://67.80.184.220:3/forum/viewtopic.php?t=833
User avatar
kindred
HiJack This Team Leader
 
Posts: 68
Joined: Sat Sep 04, 2004 8:36 pm
Location: Wisconsin

Postby TOP1yuiop » Mon Sep 13, 2004 8:53 pm

ya ive had to delete the file manually throught the registry, it sucks...
User avatar
TOP1yuiop
Network Administrator
Network Administrator
 
Posts: 565
Joined: Tue Aug 31, 2004 9:28 pm
Location: in my comp chair - Antioch California

Postby Poppy » Wed Sep 15, 2004 1:14 pm

Wots DSO Exploit?????? :roll: cos it just wont go away :x I've tried gettin rid of it manually but I just cant find it newhere on my pc :( ne1 help me?
Poppy
n00b
n00b
 
Posts: 3
Joined: Tue Sep 07, 2004 3:43 pm
Location: Wakefield

Postby CyberAcharya » Thu Sep 16, 2004 9:32 am

Poppy wrote:Wots DSO Exploit?????? :roll: cos it just wont go away :x I've tried gettin rid of it manually but I just cant find it newhere on my pc :( ne1 help me?


AFAIK any application (like IE) that hosts the WebBrowser control (5.5+) is affected with DSO (Data Sources) exploits, since this exploit does not require Active Scripting or ActiveX. GreyMagic detected this issue in Microsoft Internet Explorer and reported it to the public.
User avatar
CyberAcharya
Level 3 Tech
 
Posts: 291
Joined: Fri Aug 20, 2004 3:04 am

Postby CyberAcharya » Sat Sep 18, 2004 11:45 am

Enigma wrote:also you can uninstall spybot download the newest version of ad-aware. Sometimes ad-aware will find the spyware in spybots quarantine file. The more programs that you may use to get rid of spyware or virus sometimes will cancel out each other and do nothing for you at all. *I would not use spy sweeper though, it is spyware itself.
Hope this helps.


Rather than using so much softwares its better to use a firewall which will help in blocking unnecessary things coming from net.
User avatar
CyberAcharya
Level 3 Tech
 
Posts: 291
Joined: Fri Aug 20, 2004 3:04 am

Postby CyberBob » Thu Oct 28, 2004 1:16 am

im having the same porblem with spyware heres my log
Logfile of HijackThis v1.98.2
Scan saved at 10:09:53 PM, on 10/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\syshelper.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\My Downloads\spystopperv2.75ccrackcphv\spystopper.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\WINDOWS\System32\NAVsys32.exe
C:\WINDOWS\System32\w?nspool.exe
C:\WINDOWS\System32\NAVsys32.exe
C:\Program Files\Win Comm\WinLock.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Win Comm\WinComm.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
c:\netstar.exe
C:\Documents and Settings\Owner\Application Data\ttuh.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\netstar.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page ... id=1000698
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page ... id=1000698
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page ... id=1000698
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SpyStopper] C:\My Downloads\spystopperv2.75ccrackcphv\spystopper.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\Run: [Norton AntiVirus Sys] NAVsys32.exe
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winbdw32.exe
O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\RunServices: [MicrosoftUpdate] syshelper.exe
O4 - HKLM\..\RunServices: [Norton AntiVirus Sys] NAVsys32.exe
O4 - HKLM\..\RunOnce: [MicrosoftUpdate] syshelper.exe
O4 - HKCU\..\Run: [MicrosoftUpdate] syshelper.exe
O4 - HKCU\..\Run: [Nrwyfhta] C:\WINDOWS\System32\w?nspool.exe
O4 - HKCU\..\Run: [Norton AntiVirus Sys] NAVsys32.exe
O4 - HKCU\..\RunOnce: [MicrosoftUpdate] syshelper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com/?fref=149024 (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file. ... ff8178110e
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4. ... egular.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F8F28A0-BC91-4B8C-B8B9-21F308FE6B3A}: NameServer = 63.93.96.20 63.93.96.21


also im going threw regedit, and i know WinComm.exe is one of the spyware programs, so should i delete all WinCommx.dll files?? I have tryed to delete it threw the hijackthis progam, but it keeps re-apearing.
Thanks for the help, im getting realy ticket off this spyware, ive gotton about 6 pop up just typing this in!!
User avatar
CyberBob
n00b
n00b
 
Posts: 40
Joined: Thu Jul 15, 2004 8:15 pm

Postby Ian2013 » Wed Nov 03, 2004 6:48 pm

Hey ive tried what you said but the spyware has gotten so bad like it messed up my computer so bad when i try to open it it takes 30 secs to open and for each folder too and causeuing me bad lagg in games god!! is there no solution :(
Ian2013
n00b
n00b
 
Posts: 5
Joined: Fri Aug 20, 2004 12:09 am
Location: New Jersey

Postby CyberBob » Fri Nov 05, 2004 11:09 pm

there is one solution, it worked for me, re-format :D
User avatar
CyberBob
n00b
n00b
 
Posts: 40
Joined: Thu Jul 15, 2004 8:15 pm

Postby dheiniger » Sat Nov 06, 2004 2:44 am

you really should get a firewall. I use zone alarm and nothing gets on my computer :D
User avatar
dheiniger
Desktop Support
 
Posts: 125
Joined: Mon Oct 18, 2004 8:05 pm

Postby Ian2013 » Sat Nov 06, 2004 6:47 pm

Yah i have one...
Ian2013
n00b
n00b
 
Posts: 5
Joined: Fri Aug 20, 2004 12:09 am
Location: New Jersey

Next

Return to Virii/Spyware/Trojans/Worms

Who is online

Users browsing this forum: No registered users and 1 guest

cron