Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ad Aware Scan Results


  • Please log in to reply
9 replies to this topic

#1 Jilliantracy

Jilliantracy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 10 October 2007 - 03:26 PM

Hi, I recently discovered that I have a bunch of terrible spyware/adware on my computer. I downloaded adaware2007 on the advice of a friend and have performed the full system scan.
This is what it found: Win32.Trojan.Agent, Adware.BHO(generic), Win32. TrojanDownloader.Small, Win32.Trojan.Small, Adware.Agent, WinPopup, Win32.TrojanDownloader.Ag..., PurityScan, Adware.Yazzle, Win32.TrojanClicker, CmdServices, WinAntiSpyware, Adware.TTC, Win32.TrojanDropper, Hacktool.Netmon, Adware.Searchcolours. So within each of these there are files, processes, and registry entries, and I have no idea what to delete and what to leave. I know a little about computers but not much. Any help would be MUCH appreciated!

~Mod Edit: Topic moved to more appropriate forum~ TMacK

Edited by TMacK, 10 October 2007 - 03:31 PM.


BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:05:42 PM

Posted 10 October 2007 - 05:03 PM

Put all of these in Ad-Aware's quarantine. Leave them there for five days and if you experience no problems with Windows or any application, then delete them.
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:42 PM

Posted 10 October 2007 - 05:34 PM

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs. From within Add/Remove Programs highlight any of the following programs (if listed) and select "Remove".

ClickSpring
Cowabanga by OIN
ipwindows / ipwins
MediaTickets
MediaTickets by OIN
OIN
Outer Info Network
PurityScan
PurityScan by OIN
Snowball Wars by OIN
TizzleTalk
TizzleTalk by OIN
Yazzle by OIN
Yazzle ActiveX By OIN
Yazzle Cowabanga by OIN
Yazzle Kobe :filtered:! By OIN
Yazzle Picster by OIN
Yazzle Sudoku by OIN
Yazzle Snowballwars by OIN
Yazzle Kobe Balls! by OIN
Zolero Translator
or anything else with the word "OIN" or "Outer Info Network" or "Yazzle" in them.


Then download RogueRemover and save to you Desktop. (compatible with Windows 2000, NT, XP, Vista)
  • Double-click on rr-free-setup.exe to install in C:\Program Files\RogueRemover.
  • During the installation an icon will automatically be created on your Desktop.
  • Double-click on the RogueRemover icon to launch the program and select Check for Updates.
  • If prompted, click Download to receive the latest updates.
  • When completed, close the update window.
  • Select "Scan" and the program will walk you through the remaining steps.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Jilliantracy

Jilliantracy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 13 October 2007 - 09:49 PM

So I put everything in quarantine a couple days ago. Now my computer will not run adaware2007. I click on it and wait, and nothing. I tried starting it from task manager, under new task, and nothing. I also tried starting it from the program files, but it will not come up. What can I do?

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:42 PM

Posted 13 October 2007 - 10:07 PM

This may all be problems from the Malware. Have you followed Quietman's advice yet. If not please do so then we will see about Adaware. let us know

Edited by boopme, 13 October 2007 - 10:08 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Jilliantracy

Jilliantracy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 14 October 2007 - 12:54 AM

Yes, I did follow quietman's advice, but none of those programs were on my computer.

#7 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:42 PM

Posted 14 October 2007 - 07:13 AM

Use the Vundofix tool in link below.
http://vundofix.atribune.org/

Install Super Antispyware free. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

--------------------------------------------------------------------------------

Post a Hijack This Log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post a log in this forum. http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

Edited by buddy215, 14 October 2007 - 07:16 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:42 PM

Posted 14 October 2007 - 07:43 AM

That's a good thing that you did not find any of those programs. I only had you check because I saw that Ad-aware had detected/removed PurityScan and Yazzle. Usually where there is one, there is more.

Ad-ware also detected/removed WinAntiSpyware and Win32.Trojan.Small both often associated with smitfraud infections. Again, where there is one, there is more and Ad-aware does not detect everything related to this malware.

Please print out and follow the generic instructions for using SmitfraudFix in BC's self-help tutorial "How to remove the Smitfraud/Generic Zlob".
(scroll down to where it says Removal Instructions)
If you have downloaded SmitfraudFix previously please delete that version and download it again as the tool is frequently updated!

After you download SUPERAntiSpyware Free, please scan as follows
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Reboot in "SAFE MODE using the F8 method and launch SUPERAntispyware.
  • In the main screen, under "Scan for Harmful Software" click Scan your computer.
  • There are three scanning options. Choose "Perform Complete Scan" and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure they all have a checkmark next to them and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked to reboot, click "Yes".
  • If not, select Close to exit the program and reboot normally.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Jilliantracy

Jilliantracy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 14 October 2007 - 02:07 PM

So I followed your advice, quietman. I reinstalled smitfraudfix, ran it in safe mode, and saved the results. I also downloaded SuperAnti Spyware, did a complete scan in safe mode, and quarantined and deleted everything it found. I just rebooted and here I am. What next? I'm assuming I re-scan, so I guess thats what I'll do until I hear from you. Thanks

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:42 PM

Posted 14 October 2007 - 02:12 PM

You can rescan to confirm nothing else is found. Are you experiencing any problems with your system such as constant pop ups, browser redirects, etc? If not, your probably ok.

If thats the case and your scans are not finding anything else, then you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recent Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users