Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Remover


  • Please log in to reply
11 replies to this topic

#1 ProMasser

ProMasser

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 16 September 2007 - 04:13 PM

Ok i have ran in SafeMode i use AVG Professional Editon i am infected with the following

Hijacker
WinAntiVirus
JuggleToolbar (Something like that)
Spyware


i keep trying to use Ad-Aware 2007 But its not doing nothing so i Got AVG And ran in SafeMode It Only Detected with 1 Virus So i Downloaded Spyware Doctor scan and unstall and install Ad-aware 2007 scan than remove even panda says i have these viruses i really want to remove these viruses anyhelp?

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,197 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:29 PM

Posted 16 September 2007 - 04:31 PM

You probably have Vundo on your computer. Use the Vundofix tool in the link below.
http://www.atribune.org/content/view/24/2/

Follow up with the programs below:
Install Super Antispyware Free. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds. http://www.bitdefender.com/scan8/ie.html

How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

Post a Hijack This Log in the Hijack This Forum by following the directions in the link below. DO NOT post a log in this forum. http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 ProMasser

ProMasser
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 21 September 2007 - 02:28 PM

its a HiJack browser idk how to post it but i will try and what is Vundo

Edited by ProMasser, 21 September 2007 - 02:29 PM.


#4 ProMasser

ProMasser
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 21 September 2007 - 03:10 PM

i scanned it didnt find vundo

#5 buddy215

buddy215

  • Moderator
  • 13,197 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:29 PM

Posted 21 September 2007 - 04:01 PM

If Vundofix is the only scan you ran, run the other two. Then post the Hijack This log in the Hijack This Forum.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 ProMasser

ProMasser
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 21 September 2007 - 04:10 PM

i have the following viruses

Adaware.ClickSpring/Yazzle [2 items]
Adware. Tracking Cookie [16 items]
Maleware.DriveCleaner [111 items]
Registry Cleaner Trail [9 items]
Adaware.ClickSpring/Outer Info Network [22 items]
AdAware.Search-Exe [1 items]
Unclassifed.LoaderX [1 items] PS: lol thats my hack loader i play starcraft :thumbsup:

Edited by ProMasser, 21 September 2007 - 05:15 PM.


#7 ProMasser

ProMasser
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 21 September 2007 - 04:21 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/21/2007 at 05:00 PM

Application Version : 3.9.1008

Core Rules Database Version : 3310
Trace Rules Database Version: 1314

Scan type : Quick Scan
Total Scan Time : 00:05:34

Memory items scanned : 294
Memory threats detected : 0
Registry items scanned : 591
Registry threats detected : 0
File items scanned : 4
File threats detected : 18

Adware.Tracking Cookie
C:\Documents and Settings\Charlie Johnson\Cookies\charlie_johnson@questionmarket[1].txt
C:\Documents and Settings\Charlie Johnson\Cookies\charlie_johnson@media.adrevolver[1].txt
C:\Documents and Settings\Charlie Johnson\Cookies\charlie_johnson@atdmt[3].txt
C:\Documents and Settings\Charlie Johnson\Cookies\charlie_johnson@doubleclick[2].txt
C:\Documents and Settings\Charlie Johnson\Cookies\charlie_johnson@bluestreak[2].txt
C:\Documents and Settings\Charlie Johnson\Cookies\charlie_johnson@clicksor[2].txt

Registry Cleaner Trial
C:\Program Files\Registry Cleaner Trial\EULA_REGCLEAN.rtf
C:\Program Files\Registry Cleaner Trial\NoSpam.jpg
C:\Program Files\Registry Cleaner Trial\RCBanner.jpg
C:\Program Files\Registry Cleaner Trial\Registry Cleaner.chm
C:\Program Files\Registry Cleaner Trial\unins000.dat
C:\Program Files\Registry Cleaner Trial
C:\Documents and Settings\Charlie Johnson\Application Data\Registry Cleaner\Backups\2006-12-20,13-56 05 741.zip
C:\Documents and Settings\Charlie Johnson\Application Data\Registry Cleaner\Backups
C:\Documents and Settings\Charlie Johnson\Application Data\Registry Cleaner

Adware.ClickSpring/Yazzle
C:\Program Files\Cowabanga\License.txt
C:\Program Files\Cowabanga

Malware.DriveCleaner
C:\Program Files\DriveCleaner 2006 Free\Activate.dat

_____________________________________________________________________________________________________

This is a quick scan

~Mod Edit~ Merged Scans from the HJT forum. TMacK

Edited by TMacK, 22 September 2007 - 01:36 AM.


#8 ProMasser

ProMasser
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 21 September 2007 - 06:39 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/21/2007 at 06:14 PM

Application Version : 3.9.1008

Core Rules Database Version : 3310
Trace Rules Database Version: 1314

Scan type : Complete Scan
Total Scan Time : 00:52:04

Memory items scanned : 348
Memory threats detected : 0
Registry items scanned : 5629
Registry threats detected : 18
File items scanned : 8842
File threats detected : 133

Adware.ClickSpring/Outer Info Network
HKLM\Software\Classes\CLSID\{B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8}
HKCR\CLSID\{B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8}
HKCR\CLSID\{B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8}
HKCR\CLSID\{B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8}#AppID
HKCR\CLSID\{B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8}\InprocServer32
HKCR\CLSID\{B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8}\InprocServer32#ThreadingModel
HKCR\CLSID\{B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8}\ProgID
HKCR\CLSID\{B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8}\Programmable
HKCR\CLSID\{B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8}\TypeLib
HKCR\CLSID\{B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8}\VersionIndependentProgID
C:\PROGRAM FILES\OIN SEARCH\OINSEARCH.DLL
HKCR\OINSearchToolbar.OINSBarBand
HKCR\OINSearchToolbar.OINSBarBand\CLSID
HKCR\OINSearchToolbar.OINSBarBand\CurVer
HKCR\OINSearchToolbar.OINSBarBand.1
HKCR\OINSearchToolbar.OINSBarBand.1\CLSID
HKCR\AppId\JamingoToolbar.DLL
HKCR\AppId\JamingoToolbar.DLL#AppID
HKCR\AppId\{3689DAB5-D3B0-49BD-A7BD-EE5D71419BE8}
C:\Program Files\Outerinfo\outerinfo.ico
C:\Program Files\Outerinfo\Terms.rtf
C:\Program Files\Outerinfo

Adware.Tracking Cookie
C:\Documents and Settings\Charlie Johnson\Cookies\charlie_johnson@questionmarket[2].txt
C:\Documents and Settings\Charlie Johnson\Cookies\charlie_johnson@atdmt[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clicksor[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@overture[1].txt
C:\Documents and Settings\Charlie Johnson\Cookies\charlie_johnson@adrevolver[1].txt
C:\Documents and Settings\Charlie Johnson\Cookies\charlie_johnson@atdmt[2].txt
C:\Documents and Settings\Charlie Johnson\Cookies\charlie_johnson@clicksor[1].txt
C:\Documents and Settings\Charlie Johnson\Cookies\charlie_johnson@doubleclick[1].txt
C:\Documents and Settings\Charlie Johnson\Cookies\charlie_johnson@fastclick[2].txt
C:\Documents and Settings\Charlie Johnson\Cookies\charlie_johnson@media.adrevolver[2].txt
C:\Documents and Settings\Charlie Johnson\Cookies\charlie_johnson@media.adrevolver[3].txt
C:\Documents and Settings\Charlie Johnson\Cookies\charlie_johnson@revsci[2].txt
C:\Documents and Settings\Charlie Johnson\Cookies\charlie_johnson@tribalfusion[1].txt

Malware.DriveCleaner
C:\Program Files\DriveCleaner 2006 Free\Appbase\AE_CD_Cr.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\AReadr4.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\AReadr5.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\ASDSEEpv.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\ASPack.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\Babylon.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\BDelphi5.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\CatchUp.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\CBuildr5.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\CCGA.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\CManager.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\CuteFTP4.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\CuteHTML.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\DAcceler.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\DiscJug.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\ECDCreat4.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\Far.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\FFTsks.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\FlashFXP.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\FrntPage.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\FrontPEx.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\FtpEXP.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\FtpVoya.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\GoZilla.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\GravMRU.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\HotDogPr.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\H_TxtPad.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\IconExtr.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\iMesh.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\ImgReady3.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\InsShExp.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\JASC_P_P.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\KaZaA.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\LView.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\MacDir.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\MacDrWea.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\MicAng.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\MicDes.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\MMUnDisk.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\MM_CON.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\Morpheus.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\MPaint.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\MPicPub.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\MPImaGal.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\MSExplorer.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\MSoffice.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\MSRegEdit.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\MSWMP.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\MSWordPad.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\Nero.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\NetShow.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\NTBackup.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\pfilelst.xda
C:\Program Files\DriveCleaner 2006 Free\Appbase\PhotShel.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\RapidBr.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\RealAuPl.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\RealDown.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\SecurCRT.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\SL_BlWin.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\SmartClr.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\Sonique.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\StuffIt.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\TelepPro.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\UGifAnim.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\UltraEd.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\UMedStud.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\UPhImpV.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\UPhotoEx.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\UVidStud.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\VNC.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\WebFeret.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\WebReap.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\WinACE.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\WinGate.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\WinRAR.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\WinZIP.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\WiseInst.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\wordslst.xda
C:\Program Files\DriveCleaner 2006 Free\Appbase\YahooPl.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase\ZipMagic.dat
C:\Program Files\DriveCleaner 2006 Free\Appbase
C:\Program Files\DriveCleaner 2006 Free\bnlink.dat
C:\Program Files\DriveCleaner 2006 Free\diagnosis.dat
C:\Program Files\DriveCleaner 2006 Free\err.log
C:\Program Files\DriveCleaner 2006 Free\img\button.gif
C:\Program Files\DriveCleaner 2006 Free\img\button2.gif
C:\Program Files\DriveCleaner 2006 Free\img\header.gif
C:\Program Files\DriveCleaner 2006 Free\img\logo.gif
C:\Program Files\DriveCleaner 2006 Free\img\spacer.gif
C:\Program Files\DriveCleaner 2006 Free\img\Thumbs.db
C:\Program Files\DriveCleaner 2006 Free\img\top1.jpg
C:\Program Files\DriveCleaner 2006 Free\img\top2.jpg
C:\Program Files\DriveCleaner 2006 Free\img\top_line.gif
C:\Program Files\DriveCleaner 2006 Free\img
C:\Program Files\DriveCleaner 2006 Free\lapv.dat
C:\Program Files\DriveCleaner 2006 Free\license.rtf
C:\Program Files\DriveCleaner 2006 Free\manual.url
C:\Program Files\DriveCleaner 2006 Free\pv.dat
C:\Program Files\DriveCleaner 2006 Free\readme.rtf
C:\Program Files\DriveCleaner 2006 Free\ScanReport.dat
C:\Program Files\DriveCleaner 2006 Free\Schedule.dat
C:\Program Files\DriveCleaner 2006 Free\sr.log
C:\Program Files\DriveCleaner 2006 Free\support.url
C:\Program Files\DriveCleaner 2006 Free\UDC2006.xml
C:\Program Files\DriveCleaner 2006 Free\UDC6.url
C:\Program Files\DriveCleaner 2006 Free\unins000.dat
C:\Program Files\DriveCleaner 2006 Free\UninstallPage.html
C:\Program Files\DriveCleaner 2006 Free\up.dat
C:\Program Files\DriveCleaner 2006 Free\updater.dat
C:\Program Files\DriveCleaner 2006 Free\vbpv.dat
C:\Program Files\DriveCleaner 2006 Free

Adware.Search-Exe
C:\MASM32\EXAMPLES\EXAMPL10\STEXP\SE.EXE

Unclassified.LoaderX
C:\PROGRAM FILES\SYSTEMFILES\MINERALHACK\LOADERX.EXE

#9 buddy215

buddy215

  • Moderator
  • 13,197 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:29 PM

Posted 21 September 2007 - 08:01 PM

I see you have posted a SAS log in the Hijack This Forum. You should have posted a Hijack This Log there. I have included instructions on how to set up SAS. Did you quarantine what SAS found?
You can also follow the instructions in the link below to remove Outerinfo.
http://www.geekstogo.com/forum/How-to-remo...IN-t134763.html
--------------------------------------------------------------------------------


Double-click SUPERAntiSypware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "General and Startup", make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen and exit the program.
--------------------------------------------------------------------------------

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
Click Close to exit the program and reboot normally.
--------------------------------------------------------------------------------

You should post a Hijack This log in the Hijack This Forum after doing the above. Once you have posted a Hijack This log do not bump your post before a member of the Hijack This Team responds.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 ProMasser

ProMasser
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 22 September 2007 - 03:07 AM

Thankyou, very very much and does that tut also removes all my other viruses?

#11 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:10:29 AM

Posted 22 September 2007 - 10:33 AM

Hello ProMasser,

Please note that I have moved the above posts 7 & 8 from the HijackThis and Malware Removal forum.

For now, please wait for further instructions from buddy215 once he has a chance to go over your scans results.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

#12 ProMasser

ProMasser
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 22 September 2007 - 10:35 AM

Ok




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users