Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Major (?) Adware Problems


  • Please log in to reply
2 replies to this topic

#1 wlp1

wlp1

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 25 May 2005 - 03:10 PM

Hi:

I'm new to BC forum, I've read some of the posts and the help here and think this service looks wonderful.

I'm running XP Home on a Dell Inspiron 5150 notebook.

I have in the last few days (over the weekend) had my browser hijacked with the following symptoms:
>Homepage change
>Search page change
>Pop-ups
>New buttons on IE toolbar.
>ACT! Email not loading properly (log-in/User Block Error) - possibly unrelated.
>these are the symptoms I've noticed, at least.

When I open Control Panel - Add/Remove Programs, there is a program called "Search Extender" there.

I have the following programs and have run them all to attempt to resolve my issue(s):
>Norton AV 2005 (bundled w/Norton Internet Security 2005)
>Adaware SE
>Most Recently, Microsoft AntiSpyware (Beta 1)

With Norton AV, the following files were identified as Adware - IEfeats, and could not be deleted or quarantined:
>addwc.dll
>crgz32.dll
>d3jg.exe
>msnz32.exe
>ntps.dll
>sdkfi32.dll

The first of these files that I became aware of was msnz32.exe, it is located in Windows/System32 folder. Attempts to delete this file either through NAV or manual deletion have failed....it indicated that the file is in use or write-protected.

Other symptoms include:
>On reboot, an error comes up upon Windows reloading saying "Windows cannot find Windows/system32/mfceo.exe" or "Windows/jexk32.exe" or "Windows/system32/nste.exe" among others.
>msnz32.exe has been known to attempt to connect to a DNS server.
>"Unclassified.spyware.65" has repeatedly tried to install.

I'm at my wit's end....
I've tried all my antispyware programs, and still have problems. I've attempted System Restore up to 2 weeks back but have failed (for this reason and because of the ACT! problem I haven't disabled System Restore prior to system scans).

I think the key is the msnz32.exe program, because it was the first sign of a problem when i did the first scan after pop-ups began to appear....and I haven't been able to get rid of it. Maybe I'm wrong.

I'm hoping your expertise will provide some guidance, please help!

Thank you!

BC AdBot (Login to Remove)

 


m

#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:11:51 PM

Posted 25 May 2005 - 06:01 PM

Run these online virus scanners:
http://www.pandasoftware.com/activescan/
http://housecall.trendmicro.com/

Download, install, update and run:
Spybot S&D
aČ free
SpywareBlaster
SpywareGuard

Run all of your security programs in Safe Mode.
How to start Windows in Safe Mode

Important:
Please read this tutorial on Spybot S&D before using it. Spybot can do SERIOUS damage, if not used properly.

If that doesn't help, then:

Read the pinned post in the HijackThis forum, here
Please read, and follow, all directions carefully.

Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:12:51 AM

Posted 25 May 2005 - 07:22 PM

Here is a new address for Trend Micro that will provide a malware scan as well as a virius scan:

http://housecall-beta.trendmicro.com/en/start_corp.asp

You must use Internet Explorer to accomplish these scans use Active X which isn't available on Firefox.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users