SpyWare removal, HELP

Reply

Join Date: Sep 2004
Posts: 2
Reputation: Foxxy is an unknown quantity at this point 
Solved Threads: 0
Foxxy Foxxy is offline Offline
Newbie Poster

SpyWare removal, HELP

 
0
  #1
Sep 14th, 2004
Is there ANY hope i could get rid of some spyware without formating?
To be specific i got Gator, Onflow and possibly a couple more im not aware of. How do i get rid of them?

However, the most annoying is SmartSearch. Ive tried everything i know, and it doesnt wanna go away!
Everytime i open IExplorer, it automatically loads, everytime i try to remove the URL it finds its way back in there.
Ive tried the following Spyware killers:

**SpyBot S&D
**AdAware
**HiJack This
**CW Shredder
**AVG
**Bazooka
**Panda
**manually tried to remove it from regedit without any succes
So far, the problem is still here. Has anyone elese had this problem? If so, how did you remove it? Some help on this matter would be great

PS>> I'm a bit of a computer idiot at times, so if you need any information please be specific
Reply With Quote Quick reply to this message  
Join Date: Jun 2004
Posts: 253
Reputation: deonnanicole is an unknown quantity at this point 
Solved Threads: 13
deonnanicole deonnanicole is offline Offline
Posting Whiz in Training

Re: SpyWare removal, HELP

 
0
  #2
Sep 14th, 2004
You say you used HijackThis...did you delete anything? The first step could be for you to post your hijackthis log so one of the experts can take a look at it and get an idea of exactly what you have on your computer. Then they can advise you as to what you should do to fix it. So post a log with the latest version of hijackthis, which is 1.98.2 and take it from there.
Reply With Quote Quick reply to this message  
Join Date: Sep 2004
Posts: 2
Reputation: Foxxy is an unknown quantity at this point 
Solved Threads: 0
Foxxy Foxxy is offline Offline
Newbie Poster

Re: SpyWare removal, HELP

 
0
  #3
Sep 14th, 2004
I forgot. Here's the log:

Scan saved at 10:32:57 AM, on 9/14/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\Fmctrl.EXE
C:\Program Files\Winamp\winampa.exe
C:\program files\onflow\uninstall onflow.exe
C:\Program Files\Desktop Architect\datray.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINNT\System32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
D:\mIRC\mirc32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\notepad.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.165.158.100:80
O1 - Hosts: 213.159.117.235 auto.search.msn.com
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [XPIcons] C:\Program Files\Camtech\XP Icons\XPIcons.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\tsadbot.exe"
O4 - HKLM\..\Run: [Onflow] "C:\program files\onflow\uninstall onflow.exe" -ofpid
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -S
O4 - HKCU\..\Run: [WindowBlinds] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe auto
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1022.dll,InstantAccess
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download using ReGet - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download All by Re&Get - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binarie...TH_1022_EN.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}
O18 - Protocol: start - {53B95211-7D77-11D2-9F81-00104B107C96} - C:\WINNT\System32\msxword.dll
O20 - AppInit_DLLs: wbsys.dll
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Common Files\Stardock\MCPCore.dll
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,125
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 770
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: SpyWare removal, HELP

 
0
  #4
Sep 15th, 2004
Hi. First of all you need to update hijackthis to version 1.98.2. Run hijackthis & go to *Config\Misc Tools\Check for update on-line*. If the site is down, go here. Remove the old version by deleting the file manually. Unzip the new version into the hijackthis folder.
You missed the very top line of the log that gives the version of hijackthis.
W2K needs to have SP4 installed too. Please go here & install the necessary packs.

Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':

O1 - Hosts: 213.159.117.235 auto.search.msn.com

O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1022.dll,InstantAccess

O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:

O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binari...UTH_1022_EN.cab
-Electronic-Group Dialer
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab
-Electronic-Group Dialer
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
-7AdPower Dialer

O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}

Run a search for p2esocks_1022.dll & delete it. Instant access too.

Download the Hoster from here. Press "Restore Original Hosts" and press "OK". Exit Program.

Reboot normally after doing the above then post a fresh log please.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum


Views: 5553 | Replies: 3
Thread Tools Search this Thread



Tag cloud for Viruses, Spyware and other Nasties
acrobat adobe adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cybercrime cyberwarfare ddos education email europe exam exploit explorer fake fancheckvirus firefox gaming gtaiv halloween herss.exe hijack hosting ie8 internet iphone legal links malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile parents patch pc pdf phishing police policeprovirusmba-mblockedinternetaccess president pro redirect report research rogueantivirus rootkit samhain sans search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen threat translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista vulnerability war warning windows worm yahoo zero-day zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC