Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do I Have Spyware/malware?


  • Please log in to reply
5 replies to this topic

#1 john148

john148

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 09 April 2008 - 01:01 PM

Hello, Warning: Spyware has been detected on your PC has replaced my desktop. I've tried to fix this problem but I have not had any success. Help would be appreciated!

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 09 April 2008 - 05:03 PM

What have you done so far to try to fix this problem?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 john148

john148
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 09 April 2008 - 06:32 PM

Thanks for the reply rookie147
I have tried deleting it with Super Antispyware and ad-aware in safe mode.

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 10 April 2008 - 03:27 PM

Please run your antivirus in Safe Mode as well, and also post the SAS log for us to take a look at.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 john148

john148
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 11 April 2008 - 07:14 PM

Here's my SAS log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/11/2008 at 07:48 PM

Application Version : 4.0.1154

Core Rules Database Version : 3432
Trace Rules Database Version: 1424

Scan type : Complete Scan
Total Scan Time : 00:43:20

Memory items scanned : 176
Memory threats detected : 0
Registry items scanned : 5599
Registry threats detected : 6
File items scanned : 18153
File threats detected : 31

Transponder Variant BHO
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}

Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}

Adware.2020Search
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}

Adware.180solutions/SurfAssistant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}

Adware.Second Thought
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}
C:\WINDOWS\BOKJA.EXE
C:\WINDOWS\STCLOADER.EXE

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@kontera[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[1].txt
C:\Documents and Settings\Owner\Cookies\owner@softonic.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.techguy[1].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@edo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stat.onestat[2].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[3].txt

Adware.180solutions/ZangoSearch
C:\Program Files\Zango\zango.exe
C:\Program Files\Zango

Adware.180solutions/Seekmo
C:\Program Files\Seekmo\seekmohook.dll
C:\Program Files\Seekmo

Trojan.Unclassified-Packed/Suspicious
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NOPEBODE.DLL
C:\WINDOWS\SYSTEM32\BASESR.DLL
C:\WINDOWS\WNWXMNKN.DLL

BearShare File Sharing Client
C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\BEARSHARE.LNK
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\MY RECEIVED FILES\FILES\STUFF\MY STUFF\BEARSHARE.LNK

Trojan.FakeDrop-180AX
C:\WINDOWS\180AX.EXE
C:\WINDOWS\FLEOK\180AX.EXE

Torjan.SecondThoughtInstaller
C:\WINDOWS\INSTALLER\ID53.EXE

Trojan.Unclassified/NTNut32
C:\WINDOWS\SYSTEM32\NTNUT32.EXE

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 12 April 2008 - 03:00 PM

Please follow our Preparation Guide For Use Before Posting a HijackThis Log; running all of the scans before posting your HijackThis log. Do not post your log here, but instead use our HijackThis Logs and Analysis Forum.
After posting a log you should NOT make further changes to your computer except those that are advised by a member of the HijackThis Team; doing so can cause system changes that may not be visible in your log. Please be patient whilst waiting for a response, our HJT Team is currently very busy, and as we try to deal with logs on a "first come first served" basis, you may have to wait a short while.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users