Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Good Ole Surfsidekick


  • Please log in to reply
4 replies to this topic

#1 WarBlade

WarBlade

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 14 October 2005 - 09:22 AM

Hi guys u have great site you have here. I have looked at other threads before to help me out with some computers before. However this time I am stumped and in need of some one to one help. First off this comp is infected with the sursidekick adware. I have tried the add/remove programs thing. It said completly removed. However when I scan with micosoft antispyware I still get 2 entries left. The antispyware says it removes them then to restart (I have system restore currently off). When I check after I boot back up I find that antispy has just quarentined the items, and it find the same to entries again. The entries are as follows

C:\windows\system32\repairs.dll---cannot remove this one manually in safe mode says it is being used.

HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows NT\current version\windows\AppinIt_DLLs repairs.dll--this one can be manually removed only it keeps coming back. I assume this is because of the other entry or a exe process somewhere.

Here is a copy of my HJT log. Thanks alot for any help you guys can offer.


Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\HJT\HijackThis\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\07d493b7373a9d0d2bdd37a698cb50e0\update\update.exe

R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - (no file)
O4 - HKLM\..\Run: [WUSB54GS] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [stb] C:\WINDOWS\System32\stb.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)

BC AdBot (Login to Remove)

 


#2 bilko

bilko

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:18 AM

Posted 16 October 2005 - 10:00 AM

Hi WarBlade,
I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.
Posted Image

#3 WarBlade

WarBlade
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 16 October 2005 - 12:47 PM

Well thank you for the reply. While I was waiting (I really had nothing better to do at the time) I found three programs in the add/remove section that I didnt remember installing. So I removed them. Like surfsidekick they all asked that you type in a security number to confirm removal (number was provided). After that I scan my system with MAS and AVG. Both came up clean. I then looked at a hjt log and saw no reference to the surfsidekick or the repairs.dll from before. I then installed sp2. I am going to leave a new log for you so that I can be sure that I am all squeaky clean again. Thanks alot.


Logfile of HijackThis v1.99.1
Scan saved at 1:22:17 PM, on 10/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\HJT\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [WUSB54GS] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)

#4 bilko

bilko

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:18 AM

Posted 16 October 2005 - 04:25 PM

Hello

Thanks for the update. Well your log looks clean. Good job on updating to SP2.

However,

I strongly recommend that you switch the system restore back on. An infected restore point is better than no restore point at all. If something really bad happens, at least you have something to restore. It is unlikely that any nasties are hiding in there and comming out when you are not looking. They only way they will appear is if you do a system restore. And it certainly is dangerous to have no restore point when removing malware.

Anti malware links (these are all free and what I have intalled on my PC)

Ad-Aware SE, Ad-Aware tutorial

Spybot S&D, Spybot S&D tutorial

Spyware blaster, SpywareBlaster tutorial

Spyware guard, Spyware Guard tutorial

I'm not seeing evidence of a firewall on your PC, though you might be using XP built in one (which isnt very good) ZoneAlarm, Sygate Personal Firewall and Kerio Personal Firewall are good FREE firewalls. Never install more than one firewall on your system! Remeber to disable XP firewall if you install one of these.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!
Posted Image

#5 WarBlade

WarBlade
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 16 October 2005 - 07:29 PM

Thanks for the reply and all the extra info and links to somegood anti-spyware progs and firewalls. I had already turned the system restore back on right after I made the post here. so no worries about that any more. Thanks again for all your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users