Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Adware: Sycronad.exe / Windupdate/ P2p Net


  • Please log in to reply
3 replies to this topic

#1 Paulrenno

Paulrenno

  • Members
  • 302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Willenhall, UK
  • Local time:01:26 PM

Posted 27 October 2006 - 11:13 AM

Hi,

This is my first time so please bear with me.

I am infected with SyncroAd.exe Windupdate and P2P Networking

I run free Zone Alarm, Avast antivirus, Webroots Spyware Cleaner, Ad Aware, Spybot, Spyware blaster

all of which cannot detect or remove these.

I have gone in Ad/Remove and they are not there, nor are they in Program Files yet my computer is telling me they are starting up when i start windows. So far I am not getting any effect from them but the fact is i know they are there.

Can anyone help me remove them. I do not want to touch the registry as I dont know what i am doing

regards
Paul

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:26 PM

Posted 27 October 2006 - 08:14 PM

Hi Paulrenno, first.. :thumbsup: to Bleeping Computer
I'm going to assume you run XP and since you have no pop ups do this first.
I see you have Spybot. Go to Advanced
Go to Tools, Go to System Start Up
Look for those entries and UNcheck them
Reboot

If they are still there the You should post a HijackThis log
Follow these instructions Preparation Guide for use before posting a HijackThis Log
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:26 PM

Posted 28 October 2006 - 08:54 AM

You can also try this.

Download, install and update AVG Anti-Spyware 7.5. Print out and follow the AVG Anti-Spyware Install-Scan Instructions for installing and updating.
DO NOT perform a scan yet.

Download Brute Force Uninstaller and save it to your desktop (right-click on the link and choose Save Link As... if using IE).
  • Click My Computer, then C:\
  • In the menu bar, go to File-> New-> Folder.
  • That will create a folder named New Folder, which you can rename to "BFU"
  • Unzip/extract bfu.zip to the new folder named BFU in this location: C:\BFU
    (Click here for information on how to do this if not sure. Win 9x/2000 users click here. A ZIP file requires an unzipping utility. If you need one, download 7zip (its free).
Next, RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra Remover. SAVE it in your C:\BFU folder.

Do not run the Uninstaller and the Remover yet.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Then scan with AVG Anti-Spyware 7.5 per the instructions you printed out and reboot normally.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

Open My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by double-clicking BFU.exe
  • Next to the 'Scriptfile to execute' window, you'll see a small blue icon.
  • When you click that icon, a little window will open that says: "Please enter the full URL to the sript you want to execute".
For a photo reference, see here.
  • In the scriptline to execute field copy and paste c:\bfu\alcanshorty.bfu
  • Click "OK"
  • Then click "Execute".
  • Wait for the complete script execution box to popup and press "OK".
  • Click the option to save a logfile.
  • Press "Exit" to terminate the BFU program.
Reboot normally and perform a scan with F-Secure Online Scanner. Be sure to follow the directions on the F-Secure page for proper Installation.
1. Click on the link "F-Secure Online Scanner Next Generation Beta".
2. You may receive an alert on the address bar at this point to install the ActiveX control.
3. Click on that alert and then click "Insall ActiveX component".
4. Read the license agreement and click "Accept".
5. Click "Custom Scan" and be sure the following are checked:
  • Scan whole System
  • Scan all files
  • Scan whole system for rootkits
  • Scan whole system for spyware
  • Scan inside archives
  • Use advanced heuristics
6. When the scan completes, click the "I want to decide item by item" button.
7. For each item found, Select "Disinfect" and click "Next".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:26 PM

Posted 01 November 2006 - 09:58 PM

I split your HJT log away from this thread and moved it into the HJT forum. I then noted you had posted your log in a new thread in that forum and were receiving help so I "jailed" the old one I split away to avoid confusion.

The log you posted can be found here: http://www.bleepingcomputer.com/forums/t/70081/syncroad-bullseye-winupdate-problems/

Now that your log is posted there, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files on your own, etc.) unless advised by a HJT Team member. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and complicate the malware removal process.

Please be patient and wait for a response from an HJT Team member. It may take a while to get a response because team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. While waiting, please DO NOT make another reply to your log until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have no replies as this makes it easier for them to identify those who have not been helped. If you post another response, a team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users