Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Weird Programs In My Downloads.


  • This topic is locked This topic is locked
14 replies to this topic

#1 bmm930

bmm930

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 13 August 2007 - 09:14 AM

Weird crack programs such for ad-aware, adobe, and all these games keep on appearing into My Downloads and Downloads folder in My Documents. I have deleted them several times and they keep on reappearing. Anything I can do? Thanks.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:00 PM

Posted 13 August 2007 - 10:08 AM

Can you provide any specific names for these strange programs?

What OS (Win XP/2000, etc) are you using? What type of anti-virus are you using? Have you performed any anti-spyware scans? Have you tried doing your scans in "SAFE MODE"?

You need to start there first. If you don't have any anti-virus or anti-malware programs see BC's List of Virus & Malware Resources and at least scan with Ad-Aware and Spybot S&D. In #4 there is a list of several free online anti-virus scans which you can perform. I would also recommend that you download and scan with SUPERAntiSpyware Free for Home Users in "SAFE MODE".

Many malware programs can be uninstalled by using Add/Remove Programs so start there first. Click on Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs uninstall questionable programs by highlighting them and selecting Remove. Questionable programs may have recognizable names like IntCodec, WinTools, NavHelper, etc. For a list of such programs see BC's Uninstall Programs Database.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 bmm930

bmm930
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 13 August 2007 - 10:52 AM

Examples of names of the programs: Ad-aware crack.exe, Adobe Photoshop keygen.exe, Civilization III crack.exe... ect.
I am usuing a Windows XP that is about 3 years old. I have used many scans such as Ad-ware, and Spy Bots but they have not stopped it.
In the Add/Remove progams list, I found these programs and I have no idea what they are, but I don't want to delete them incase they are im portant. They are: msxml 4.0 SP2 (kb 927978), My Way Search Assistant, and Microsoft Visual C++ 2005 redistributable. Do you know what any of these are? Thanks.

#4 buddy215

buddy215

  • BC Advisor
  • 12,985 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:00 PM

Posted 13 August 2007 - 11:39 AM

Have you installed any file sharing, P2P programs?
You can uninstall the My Way programs. The others are legit.

You should follow Quietman7's advice and do a scan with Super AntiSpyware in safe mode.
I would also follow up with the online scanner Bit Defender.

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

What ever you do, don't open any of those files.
keygen.exe is a process registered as a backdoor vulnerability which may be installed for malicious purposes by an attacker allowing access to your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.

Post back with the results of the scans, please.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 bmm930

bmm930
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 13 August 2007 - 12:31 PM

How can I run the program in safe mode?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:00 PM

Posted 13 August 2007 - 12:35 PM

"Safe Mode Instructions".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 bmm930

bmm930
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 13 August 2007 - 12:35 PM

Also, it doesn't give me an option to remove the My Way.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:00 PM

Posted 13 August 2007 - 12:47 PM

"My Way Search Assistant removal instructions".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 bmm930

bmm930
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 13 August 2007 - 03:08 PM

Thanks guys, that worked! The programs have not reappeared for hours! hopefully they won't come back. :thumbsup:

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:00 PM

Posted 13 August 2007 - 07:43 PM

Your welcome.

Now you should Set a New Restore Point to enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recent Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 bmm930

bmm930
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 14 August 2007 - 10:46 AM

The programs came back this morning but I think I have figured it out - whenever I download something they all come back. I am going to try to run that program in safe mode again.

#12 bmm930

bmm930
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 14 August 2007 - 11:04 AM

Actually I just realized something - the programs go into my files that have the titles of "download" or "music" in them. I am going to do a search for "keygen.exe" which seems to be the root of these programs. Maybe if I delete all of them they won't return?

#13 buddy215

buddy215

  • BC Advisor
  • 12,985 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:00 PM

Posted 14 August 2007 - 11:48 AM

Prevx claims to be able to remove the malware so give it a try.
http://www.prevx.com/filenames/17445872984...GEN.EXE%5C.html

Post a Hijack This log in the Hijack This Forum by following the directions in the link below. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
After the prevx scan, just skip down to #9 in the link above for directions to download and posting the Hijack This log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#14 bmm930

bmm930
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 15 August 2007 - 12:10 PM

The prevx2.0 found the programs but when I told it to delete them, they came back. I did a hijackthis log and posted it in the correct topic.

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:00 PM

Posted 15 August 2007 - 12:26 PM

Your log is posted here.

After posting a log you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

To avoid confusing, I am closing this topic until you are cleared by the HJT Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.

Thanks for your cooperation and good luck with your log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users