Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pc Taken Over By Spyware


  • Please log in to reply
2 replies to this topic

#1 earthman

earthman

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 30 June 2007 - 03:35 PM

I have been fighting to remove spyware for the last 2 days. I get these popups whenever i open Firefox or IE, seems like a timer is involved too as i see periodic spate of popups.


My Avira AntiVirus apparently deleted these malware and deleted them -

Starting to scan the registry.
C:\WINDOWS\Ѕуmantec\ping.exe
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.EE
[INFO] The file was deleted!
C:\WINDOWS\Ѕуmantec\ping.exe
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.EE

The registry was scanned ( '42' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\apatchamani\Local Settings\Temp\poolsv.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.aya.1
[INFO] The file was deleted!
C:\Documents and Settings\apatchamani\Local Settings\Temporary Internet Files\Content.IE5\0XPZXGSS\wr-1-0000077[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\apatchamani\Local Settings\Temporary Internet Files\Content.IE5\QFJXZNSX\!update-4395[1].0000
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.EE
[INFO] The file was deleted!
C:\Program Files\Common Files\Yazzle1549OinAdmin.exe
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.EG.12
[INFO] The file was deleted!
C:\Program Files\svhost\wr-1-0000077.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Program Files\Windows Media Player\mepovygu83122.dll
[DETECTION] Is the Trojan horse TR/Dldr.Adload.NCJ
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\hkuijrcb.exe
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was deleted!
C:\WINDOWS\system32\kdxiwqpe.dll
[DETECTION] Is the Trojan horse TR/Spy.VBStat.B.1
[INFO] The file was deleted!
C:\WINDOWS\system32\unfyaiaa.exe
[DETECTION] Is the Trojan horse TR/Agent.anr.1
[INFO] The file was deleted!
C:\WINDOWS\system32\drivers\core.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\o09PrEz\o09PrEz1099.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.awj.6
[INFO] The file was deleted!
C:\WINDOWS\system32\W3\626wr.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\WINDOWS\system32\W4\wen2.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.86056
[INFO] The file was deleted

But i still do get popups.

I need Help !

Thanks,
Earthman

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:07 PM

Posted 30 June 2007 - 04:05 PM

Run both your antivirus and Super Antispywaree in safe mode.
Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
--------------------------------------------------------------------------------

How To start Windows in Safe Mode
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 earthman

earthman
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 02 July 2007 - 01:21 PM

Thanks buddy215!
SuperAntiSpyware did the trick ! I am back & running normally!

Appreciate your help!

Cheers!
Earthman.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users