Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help Cleaning Up...


  • Please log in to reply
6 replies to this topic

#1 Adjudant

Adjudant

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 29 November 2006 - 05:32 PM

Hi,

I've been trying everything I can think of to remove spyware from the PC we have here.

What I did was using a program called 'hitman pro', which is basically a 'multiple spyware removal programs in one'-type of solution, involving NOD32, CWShredder, Ad-Aware, Spybot S&D, Spy Sweeper, Ewido Micro, Spyware Doctor, Spyware Blaster.

I guess a lot of stuff is already removed. Cookies are also deleted, but when I take a look into the registries, I see all kinds of finance, advertising, porn and poker sites named in:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History

Of course, when I delete them, they keep coming back.

When I make a HijackThis-log, I don't see things that seem to be out of place (but of course I don't know that much about it...)

So I don't really know what to do.

Can anyone help me out to clean this stuff up..?!

Thanks!
Hank

btw, I'm on Windows XP, SP2

Edited by Adjudant, 29 November 2006 - 05:33 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:31 AM

Posted 30 November 2006 - 04:39 PM

hi Adjudant
Welcome to BC
Have you tried running your scans in safe mode
you may also try this scan
Windows Live OneCare
Click ONLY the Full Sevice Scan box, mid page below the image of the wrench
If stiil a problem post back and will give intruction s for posting a Hijackthis log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Adjudant

Adjudant
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 01 December 2006 - 07:28 AM

Hi Boopme,

Thanks for the tip!

I did all the scans I talked about in safe mode, but no results. Even in safe mode the registry entries return.
The Windows Live OneCare scan did find some stuff.

But when I check a while afterwards, I still find all the same entries in:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History

:thumbsup:

However, I don't see anything in HKEY_LOCAL_MACHINE anymore.

Do you have any more tips?
Thanks!

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,912 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:31 AM

Posted 01 December 2006 - 03:22 PM

I see that one of those entries has zonemap as part of the key. These are the values in the databases of your security programs the program either blocks or scans for. You want these keys there.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:31 AM

Posted 01 December 2006 - 07:12 PM

That's all good and thanks also OB.
You should now create a new restore point, so you don't reinfect yourself.
Look and follow the instructions HERE in post #2
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Adjudant

Adjudant
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 05 December 2006 - 10:30 AM

Thank you very much for your help!! :thumbsup:

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:31 AM

Posted 05 December 2006 - 10:58 AM

you're welcome
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users