Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tired Of Using Inefficient Spyware Removal Software That Doesn't Work!


  • This topic is locked This topic is locked
4 replies to this topic

#1 Metalball

Metalball

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 27 October 2006 - 01:35 PM

To whom it may concern:

I am brand new to this forum as a user. I have been trying to follow previously given advice in regards to tenacious spyware products that have infested my machine. However, I have been unable to remove them as of late.
The machine that has been infected, ironically enough, is rarely used. I have tried to use the following software: Webroot SpySweeper (spyware deleted all virus definitions and will not allow me to re-install them), Avast! Home v4.7, Symantec 2005 Corporate Edition, and Spybot. They have detected the following problems, but are unable to terminate them:

- Adware virtumonde
- Trojan-downloader-zlob
- Bravesentry fakealert
- SpywareQuake
- Trojan Zlob
- Zlob.trojan
- Trojan agent winloginhook
- Security2k hijacker

The infestation occurred roughly a week ago, and I have been furiously trying to rid my machine of its problems. I would greatly appreciate any and all help that you can offer. I do currently have a version of Hijack This available. This is the report:

Logfile of HijackThis v1.99.1
Scan saved at 12:29:22 PM, on 10/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160975797244
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

The current antivirus software that is installed and running on the machine is Avast! Home v4.7. Please let me know how to rid my machine of these problems. Thanks in advance.

BC AdBot (Login to Remove)

 


#2 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 03 November 2006 - 07:19 AM

Hi Metalball,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

Regards,

Rosty.
Posted Image
Proud member of ASAP since 2007

#3 Metalball

Metalball
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 03 November 2006 - 02:22 PM

Thanks!

#4 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 04 November 2006 - 02:47 AM

Hi Metalball,

seems you've got to topics with the same log.
So I posted on one and jamielaw posted on the other one.
The topic jamielaw posted to is jailed, so will you post a new Hijackthis log here using the add reply button. Then I'll take a look at it.

Regards,

Rosty.
Posted Image
Proud member of ASAP since 2007

#5 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 20 November 2006 - 12:02 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
Proud member of ASAP since 2007




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users