Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop Ups/command Service!?!?!


  • This topic is locked This topic is locked
6 replies to this topic

#1 f757lkk

f757lkk

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 13 May 2006 - 12:28 PM

Hi,

I've managed to pick up a virus/adware that i just can't shift. I've tried all of the suggestions in th tutorial section but i just can't budge it. It presents itself as a series of annoying popups, both in an explorer window and outside of one, It drags down the system speed and hangs when the "flash" style popups materialise.It also seems to open a backdoor for other nasty little pieces of malware which are easily removed with spybot but come back everytime i hook up to the net. Spybot recognises it as "command service" and tries to delete it but fails as it appears to be running even in safe mode!!!! One of the browser popups is to a site called "exact search" if this helps?!? Heres my HiJackThis log file!

Logfile of HijackThis v1.99.1
Scan saved at 17:01:12, on 13/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BT Broadband 2091\Help\bin\mpbtn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R3 - Default URLSearchHook is missing
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Broadband Desktop Help.lnk = C:\Program Files\BT Broadband 2091\Help\bin\matcli.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?5833e70f9f4c2a996b95d07018b11
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?5833e70f9f4c2a996b95d07018b11
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://vle.matthew-boulton.ac.uk:81/eplms/...v5/awswax52.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\j44o0eh3eh4.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


Any help would be great as i'm tearing my hair out over this one!!!!!!!!!!!!

Jamie

BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:42 PM

Posted 14 May 2006 - 01:39 AM

Welcome aboard.. Lets get started :thumbsup:

Please download delcmdservice (by Marckie), and save it to your Desktop.
  • Unzip the content to your Desktop (a folder named delcmdservice)
  • Double-click on the delcmdservice folder
  • Double-click on delreg.bat to launch the tool
  • When the tool has finished, please reboot your computer.
==

Please download Look2Me-Destroyer to your desktop.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a fresh HiJackThis log. :flowers:
If Look2Me-Destroyer does not reopen automatically, reboot and try again.
Hi there, stranger!

#3 f757lkk

f757lkk
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 14 May 2006 - 04:38 AM

Hi Rawe,
Thanks for helping me :thumbsup:

I've done as you asked heres the L2M txt file

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 14/05/2006 10:24:03

Infected! C:\WINDOWS\system32\lv6s09j7e.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP152\A0036769.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP152\A0036773.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP153\A0036795.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP153\A0036800.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP153\A0036806.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP153\A0036810.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP153\A0036859.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037088.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037109.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037120.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037121.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037128.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037133.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037164.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037165.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037171.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037175.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037178.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037182.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037186.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037210.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0038065.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038165.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038172.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038176.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038182.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038186.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038191.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038198.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038203.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038204.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038205.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038206.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP156\A0038212.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP156\A0038217.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP156\A0038220.dll
Infected! C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP156\A0038224.dll
Infected! C:\WINDOWS\system32\imetcomm.dll
Infected! C:\WINDOWS\system32\ir60l5jm1.dll
Infected! C:\WINDOWS\system32\lv6s09j7e.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\lv6s09j7e.dll
C:\WINDOWS\system32\lv6s09j7e.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP152\A0036769.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP152\A0036769.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP152\A0036773.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP152\A0036773.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP153\A0036795.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP153\A0036795.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP153\A0036800.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP153\A0036800.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP153\A0036806.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP153\A0036806.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP153\A0036810.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP153\A0036810.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP153\A0036859.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP153\A0036859.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037088.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037088.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037109.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037109.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037120.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037120.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037121.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037121.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037128.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037128.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037133.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037133.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037164.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037164.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037165.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037165.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037171.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037171.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037175.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037175.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037178.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037178.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037182.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037182.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037186.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037186.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037210.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0037210.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0038065.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP154\A0038065.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038165.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038165.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038172.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038172.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038176.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038176.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038182.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038182.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038186.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038186.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038191.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038191.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038198.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038198.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038203.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038203.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038204.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038204.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038205.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038205.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038206.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP155\A0038206.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP156\A0038212.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP156\A0038212.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP156\A0038217.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP156\A0038217.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP156\A0038220.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP156\A0038220.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP156\A0038224.dll
C:\System Volume Information\_restore{9165BC2F-540B-42D7-ACE3-92FECD6D0C05}\RP156\A0038224.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\imetcomm.dll
C:\WINDOWS\system32\imetcomm.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ir60l5jm1.dll
C:\WINDOWS\system32\ir60l5jm1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\lv6s09j7e.dll
C:\WINDOWS\system32\lv6s09j7e.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WindowsUpdate

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7E2A9A73-E013-41D6-BA32-F12DAED5AEEE}"
HKCR\Clsid\{7E2A9A73-E013-41D6-BA32-F12DAED5AEEE}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6E4FAE07-34B9-476C-AD0A-0EBD0FB0F580}"
HKCR\Clsid\{6E4FAE07-34B9-476C-AD0A-0EBD0FB0F580}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded



And heres the HJT logfle

Logfile of HijackThis v1.99.1
Scan saved at 10:32:14, on 14/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BT Broadband 2091\Help\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R3 - Default URLSearchHook is missing
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Broadband Desktop Help.lnk = C:\Program Files\BT Broadband 2091\Help\bin\matcli.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?5833e70f9f4c2a996b95d07018b11
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?5833e70f9f4c2a996b95d07018b11
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://vle.matthew-boulton.ac.uk:81/eplms/...v5/awswax52.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



Thanks again,
Jamie

#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:42 PM

Posted 14 May 2006 - 05:50 AM

Go ahead and delete L2M-Destroyer and delcmdservice :thumbsup:

Run a scan with HijackThis and check the following objects for removal:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R3 - Default URLSearchHook is missing


Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Please reboot.

==

Post the following:
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Uninstall Manager"
  • Click on the button "Save list"
  • Copy and paste the List from the notebook onto your post & tell me hows the system running now. :flowers:

Hi there, stranger!

#5 f757lkk

f757lkk
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 14 May 2006 - 06:22 AM

Rawe,

Heres the log, the system seems to be fine now, back up to speed and without all of the pop ups! :thumbsup:




Ad-Aware SE Personal
Adobe Acrobat 6.0 - Tryout
Adobe Reader 7.0.5
Broadband Desktop Help
BT Yahoo! Applications
Creative Audio Console
Creative AudioHQ
Creative DVD Audio Plugin for Audigy Series
DivX
DivX Player
DivX Web Player
ewido anti-malware
Google Toolbar for Internet Explorer
GPSdash2 (remove only)
HijackThis 1.99.1
HP Flat Panel Monitor INF Software 4.00
InterVideo WinDVD 7
iPod for Windows 2005-03-23
iPod for Windows 2005-11-17
iPod for Windows 2006-03-23
iPod Updater 2004-11-15
iTunes
J2SE Runtime Environment 5.0 Update 6
LiveUpdate 2.0 (Symantec Corporation)
Macromedia Flash Player 8
Microsoft ActiveSync 3.7
Microsoft AutoRoute v11.0
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
MSN Messenger 7.5
MSN Search Toolbar
MSXML 4.0 SP2 Parser and SDK
Nero 6 Enterprise Edition
Nero Digital
Nero Mega Plugin Pack
PowerQuest PartitionMagic 8.0
QuickTime
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Snowball Wars by OIN
Sound Blaster Audigy
Spybot - Search & Destroy 1.4
Symantec AntiVirus
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
VIA Platform Device Manager
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781

Thanks again for your help, :flowers:

Jamie

#6 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:42 PM

Posted 14 May 2006 - 06:41 AM

Uninstall the following through Add/Remove programs:

Snowball Wars by OIN

Delete its folder on C:\Program Files - drive. Probably named Snowball Wars, OIN or PurityScan.

Empty recycle bin. Glad I was able to help :thumbsup:

Please read here how to clear old restore points and create a new one.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Here's some tips for future to prevent spyware;

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed. (My favourite)
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Other necessary Programs:
  • AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kaspersky, this is a must have.
  • Firewall <= A firewall is definatley a must have. Two good free versions are Kerio Personal Firewall and ZoneLabs.
  • More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.
And also see TonyKlein's good advice;
So how did I get infected in the first place? (My favourite)
Hi there, stranger!

#7 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:42 PM

Posted 26 May 2006 - 07:59 AM

Since this issue appears to be resolved, this Topic has been closed. Should you need this Topic reopened, please PM a Staff member with the address of this thread. :thumbsup:
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users