Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

new bie: need to help to remove spyware on XP SP2 32 bit


  • Please log in to reply
6 replies to this topic

#1 xmdave

xmdave

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 21 October 2013 - 05:15 AM

Details:

 

  1. In "Task Manager" I see multiple firefox.exe and iexplore.exe processes running although I donot open any web browser at that time.
  2. I found there is a strange subfolder in "Program Files" folder with one .exe file in side.
  3. The .exe file above also appears in the startup items in my profile startup folder (and in other profile folders).
  4. I found that the above .exe file also appears in "Winlogon usernit value" on my computer.
  5. I can end firefox.exe and iexplorer.exe processes, then search the above.exe file on my computer to delete it completely, then justify "Winlogon userinit value" to the default value. 
  6. BUT after my computer restarted, the above .exe file still appears in exactly the same location as before.

Could you tell me the name of the spyware I have infected and what should I do to completely remove it? Because multiple unwanted processes lead my computer very slowly and other annoying that I have to face.

 

Thanks very much!


Edited by xmdave, 21 October 2013 - 05:29 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:48 PM

Posted 21 October 2013 - 11:59 AM

:welcome: to BC.

Without knowing the specific file name associated with the possible threat and where it is located (full file path) at the system, it's difficult to determine exactly what it is.

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A.4. Issues.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After the scan, make sure that everything is checked and then click the Remove Selected button to remove all the listed malware.
  • When done, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

Note: A 14-day trial of Malwarebytes Anti-Malware PRO is available as an option when first installing the free version so all users can test the real-time protection component for a period of two weeks. When the limited time period expires those features will be deactivated and locked. Enabling the Protection Module feature again requires registration and purchase of a license key. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner. Users who have previously completed the trial will not be prompted to start the trial upon upgrade or reinstallation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:48 PM

Posted 21 October 2013 - 12:04 PM

Please perform a scan with Emsisoft Web Malware Scanner.
Vista/Windows 7/8 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.

Note: This scanner is based on ActiveX technology and only supports Internet Explorer with ActiveX enabled to run correctly. However, it contains all scanner features of Emsisoft Anti-Malware to include cleaning and quarantine.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 xmdave

xmdave
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 21 October 2013 - 11:40 PM

thanks quietman7 for your helps and replies, I will post the log file according to your guide later, because I am out of office now,  :cherry: nice day to you!



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:48 PM

Posted 22 October 2013 - 06:51 AM

Ok.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 xmdave

xmdave
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 23 October 2013 - 09:02 PM

Hi quietman7

 

I was busy yesterday so I reply you now, I regret that my colleague has formatted and reinstalled his computer  :(. ThankU once more and I hope I will continue to receive your support in the future, hava a good day!



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:48 PM

Posted 24 October 2013 - 07:03 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users