Jump to content

Welcome to The OFFICIAL Pure Pwnage forums
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!
Photo

Need help removing spyware

- - - - -

  • Please log in to reply
18 replies to this topic

#1
Sev Rith

Sev Rith
  • Members
  • 324 posts
  • Gender:Male
So I have a little problem: somehow I have some kind of advertisement software on my computer. Yesterday, I started getting odd popups constantly, so I decided to do a scan. I managed to kill what I could with Spybot but I'm still getting some popups. I'm guessing I have one or two programs left, but Spybot or any of the other anti-virus programs I have (Ad Aware SE, AVG, Windows Defender) can't seem to find the last one. Does anyone have any ideas? Maybe any good anti-virus programs that could help? Thanks.
IPB Image

#2
The Man

The Man
  • Members
  • 2,843 posts
  • xfire:menchions
  • Gender:Male
  • Location:Newfoundland, Canada
  • Interests:RUSH
  • Xbox / GFWL:MunchBunchNL
  • PSN:Don't Have PS3
  • Wii:6421140839796455
  • Gamer Army ID:704
run your scans in safe mode

#3
Sev Rith

Sev Rith
  • Members
  • 324 posts
  • Gender:Male
I've made some leeway. Apparently Spybot did find some other stuff, so I unplugged my internet and then ran the scan and cleared it. If it doesn't help, I'll do it in safe mode. I'll let you guys know.
IPB Image

#4
Weiman

Weiman

    Best HW&SW Cont. & PP Savant '09

  • Global Moderators
  • 33,901 posts
  • xfire:weiman
  • Gender:Male
  • Location:Netherlands
  • Interests:Gaming, Biochemistry.
  • Steam ID:Weiman
  • Gamer Army ID:2452
  • Company:Mu
Read the two threads in the tutorial section as well. Post a HijackThis log.


QUOTE (Weiman @ Apr 5 2009, 01:09 PM) <{POST_SNAPBACK}>
This is exactly what has been going on through the entire thread, and it's not the first time either.
You come to us for advice..you just spell out what you want to get, and then ask us if it is okay, and we have to explain why it isn't. That's the world upside down.. If you would just say 'hey guys, I have an X amount of money, what should I buy?' Then this would be over in 2-3 posts, not 2-3 pages.
QUOTE (Kazzerax @ May 21 2009, 09:01 AM) <{POST_SNAPBACK}>
Every time someone goes against Weiman's sig I feel like they should be bludgeoned for a few minutes in the head to feel the headache I feel when I realize someone really IS that dense.

#5
Sev Rith

Sev Rith
  • Members
  • 324 posts
  • Gender:Male
Alright. This is my Hijackthis log in safe mode:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:29:28 PM, on 6/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Serlith\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [MonAppli] C:\Windows\system32\isys32.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6585 bytes
IPB Image

#6
Sev Rith

Sev Rith
  • Members
  • 324 posts
  • Gender:Male
Anyone got any ideas? Spybot picks it up but when I remove it, it just comes back. I downloaded a firewall, but that doesn't seem to help. No programs are blocking it so I'm kinda stuck.
IPB Image

#7
Weiman

Weiman

    Best HW&SW Cont. & PP Savant '09

  • Global Moderators
  • 33,901 posts
  • xfire:weiman
  • Gender:Male
  • Location:Netherlands
  • Interests:Gaming, Biochemistry.
  • Steam ID:Weiman
  • Gamer Army ID:2452
  • Company:Mu
What programs are you using exactly? There are plenty of others. I suggest you google the file name of the files to define the virus, and then look further.


QUOTE (Weiman @ Apr 5 2009, 01:09 PM) <{POST_SNAPBACK}>
This is exactly what has been going on through the entire thread, and it's not the first time either.
You come to us for advice..you just spell out what you want to get, and then ask us if it is okay, and we have to explain why it isn't. That's the world upside down.. If you would just say 'hey guys, I have an X amount of money, what should I buy?' Then this would be over in 2-3 posts, not 2-3 pages.
QUOTE (Kazzerax @ May 21 2009, 09:01 AM) <{POST_SNAPBACK}>
Every time someone goes against Weiman's sig I feel like they should be bludgeoned for a few minutes in the head to feel the headache I feel when I realize someone really IS that dense.

#8
Sev Rith

Sev Rith
  • Members
  • 324 posts
  • Gender:Male
Ad Aware SE, Spybot, AVG, Windows Defender, Sunbelt Personal Firewall, Webroot Spy Sweeper. If you count the Google Toolbar and some internal Firefox protection, I have those too. At the moment, it's not registering that the spyware is on my computer anymore, so hopefully I managed to get it.
IPB Image

#9
Weiman

Weiman

    Best HW&SW Cont. & PP Savant '09

  • Global Moderators
  • 33,901 posts
  • xfire:weiman
  • Gender:Male
  • Location:Netherlands
  • Interests:Gaming, Biochemistry.
  • Steam ID:Weiman
  • Gamer Army ID:2452
  • Company:Mu
Yeah, that's a pretty decent arsenal. Ewido micro (sot sure which tool) has a pretty nice tool, but Xsoft spy tends to find Trojans well as well.


QUOTE (Weiman @ Apr 5 2009, 01:09 PM) <{POST_SNAPBACK}>
This is exactly what has been going on through the entire thread, and it's not the first time either.
You come to us for advice..you just spell out what you want to get, and then ask us if it is okay, and we have to explain why it isn't. That's the world upside down.. If you would just say 'hey guys, I have an X amount of money, what should I buy?' Then this would be over in 2-3 posts, not 2-3 pages.
QUOTE (Kazzerax @ May 21 2009, 09:01 AM) <{POST_SNAPBACK}>
Every time someone goes against Weiman's sig I feel like they should be bludgeoned for a few minutes in the head to feel the headache I feel when I realize someone really IS that dense.

#10
Sev Rith

Sev Rith
  • Members
  • 324 posts
  • Gender:Male
Still having problems. Maybe it's not exactly spyware, but something that came with a program? This is the website that pops up if anyone's interested: http://smartgame.uni.cc/ I suggest not clicking on it, but I figured maybe someone has seen the URL and can actually link it to something.
IPB Image

#11
Weiman

Weiman

    Best HW&SW Cont. & PP Savant '09

  • Global Moderators
  • 33,901 posts
  • xfire:weiman
  • Gender:Male
  • Location:Netherlands
  • Interests:Gaming, Biochemistry.
  • Steam ID:Weiman
  • Gamer Army ID:2452
  • Company:Mu
Tried adding it to firefox/IE's block list? SpyWareBlaster does this I think..


QUOTE (Weiman @ Apr 5 2009, 01:09 PM) <{POST_SNAPBACK}>
This is exactly what has been going on through the entire thread, and it's not the first time either.
You come to us for advice..you just spell out what you want to get, and then ask us if it is okay, and we have to explain why it isn't. That's the world upside down.. If you would just say 'hey guys, I have an X amount of money, what should I buy?' Then this would be over in 2-3 posts, not 2-3 pages.
QUOTE (Kazzerax @ May 21 2009, 09:01 AM) <{POST_SNAPBACK}>
Every time someone goes against Weiman's sig I feel like they should be bludgeoned for a few minutes in the head to feel the headache I feel when I realize someone really IS that dense.

#12
Tuffins

Tuffins
  • Members
  • 876 posts
  • Gender:Male
From personal experience.. I had a adware, and tried every single free anti spyware/adware/virus program.

The free ones just don't work that well, or I dont use them right.

Fortunately, I just posted my hijackthis file and somebody kindly gave me the right stuff to get rid of the virus.

#13
isapieready

isapieready
  • Members
  • 74 posts
  • Xbox / GFWL:isapieready
spyaxe?

#14
Sev Rith

Sev Rith
  • Members
  • 324 posts
  • Gender:Male
Okay so I have at least 4 anti-spyware programs running and I'm still getting these dumb popups. They're not inherently dangerous, they're just annoying. A new one pops up maybe ever half hour or so.
IPB Image

#15
Teh Breezerslet

Teh Breezerslet
  • GA Corporal
  • 85 posts
  • xfire:s8warlord
  • Gender:Male
  • Location:The Netherlands
  • Gamer Army ID:463
Best way to lose spyware in my opinion is a format, but if you don't want to do that than i suggest you could use hitman pro. hitman pro uses a couple of different types of spyware removal tools, including some you've already tried.
I use hitmanpro and i think it's pretty good since it uses a couple of spyware removal programs. It's always worth a shot.

#16
raznad

raznad
  • Members
  • 4 posts
QUOTE (Teh Breezerslet @ Jul 2 2007, 07:29 AM) <{POST_SNAPBACK}>
O4 - HKLM\..\Run: [MonAppli] C:\Windows\system32\isys32.exe


I'm no expert, but that isys32.exe is teh devil. A quick google for it brought a number of solutions
here's a random one that looked like a thorough solution. gl.

#17
Sev Rith

Sev Rith
  • Members
  • 324 posts
  • Gender:Male
That forum looks promising. Thank you for helping out. <3
IPB Image

#18
Sev Rith

Sev Rith
  • Members
  • 324 posts
  • Gender:Male
So I've got no popups so far, so Hopefully this helped. Thanks guys for all of the advice!
IPB Image

#19
7h3 n00b m4573r

7h3 n00b m4573r

    Best HW & SW Contributor 08 & 09

  • CCA
  • 9,600 posts
  • Gender:Male
  • Location:/usr/bin/python/
  • Xbox / GFWL:Dont like
  • PSN:Completely detest
  • Wii:Cant afford
QUOTE (Sev Rith @ Jul 3 2007, 04:00 AM) <{POST_SNAPBACK}>
So I've got no popups so far, so Hopefully this helped. Thanks guys for all of the advice!


Well if they aint solved, when was the last time you updated windows?

Have you tried turning it off and on again?
Metabox P170 laptop
i7 3610QM 2.3GHz
4x4GB RAM
256GB SSD + 1TB HDD
nVidia GTX675M





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users