Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › stupid spyware i can't get rid of!
New Posts  All Forums:Forum Nav:

stupid spyware i can't get rid of!

post #1 of 17
Thread Starter 
ok my sisters computer has this thing where every time she opens up a web browser, this little window appears and tells her that she has a virus. i have been working on it remotely, and have run all kinds of scans but i really don't think she has a virus because it just wants her to buy this program to remove the virus with... so i downloaded a couple of spyware removal programs and installed them (one at a time, when it didn't find anything i removed it and installed a new one.) but none of them find anything iether... anyone know what i should be looking for? i looked through her ad/remove programs list and there isn't anything really suspicious in there... anyone?


oh yeah it also won't go to her homepage when she opens up the browser, it goes to some site to buy virus protection, even though i set her homepage.
post #2 of 17
Try Hijackthis maybe?
post #3 of 17
Do a Google search for EXACTLY what the pop-up says, you'll find an active X controlled application that will get rid of it!
post #4 of 17
Dude i got this one before. Is it the one were you get pop ups and it puts it as your wallpaper aswell?

If so, i did shed loads of research on it. At the time there was no cure, most probably still isn't sorry.

However i did a repair install and it went away

You could also try a restore point, that will most probably work.
Smallville
(16 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i5 3570k Asus Sabertooth Z77 Asus HD7950 DirectCU II Asus HD7950 DirectCU II 
RAMHard DriveOptical DriveCooling
8GB DDR3 Corsair Vengeance 1600Mhz 128GB Corsair Force Pro, 2 x 2TB HDD, 500GB Ext... LG Blu-Ray, DVD/CD RW drive Corsair H60 
OSMonitorKeyboardPower
Windows 8.1 Pro 64-bit Genuine 27" Crossover 27Q S-IPS 1440p Cyborg V7 Corsair HX1000 
CaseMouseMouse PadAudio
NZXT Phantom White Microsoft Sidewinder X8 Wireless Steelseries QcK Sennheiser eH250 
  hide details  
Reply
Smallville
(16 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i5 3570k Asus Sabertooth Z77 Asus HD7950 DirectCU II Asus HD7950 DirectCU II 
RAMHard DriveOptical DriveCooling
8GB DDR3 Corsair Vengeance 1600Mhz 128GB Corsair Force Pro, 2 x 2TB HDD, 500GB Ext... LG Blu-Ray, DVD/CD RW drive Corsair H60 
OSMonitorKeyboardPower
Windows 8.1 Pro 64-bit Genuine 27" Crossover 27Q S-IPS 1440p Cyborg V7 Corsair HX1000 
CaseMouseMouse PadAudio
NZXT Phantom White Microsoft Sidewinder X8 Wireless Steelseries QcK Sennheiser eH250 
  hide details  
Reply
post #5 of 17
Download SpyBot S&D, and adaware.
    
CPUMotherboardGraphicsRAM
Intel Core i7-930 ASUS P6X58D Premium XFX HD-585X-ZAFC Radeon HD 5850 1GB Tri-Fire CORSAIR DOMINATOR 6GB TR3X6G1600C8D x 2 =12GB 
Hard DriveOptical DriveOSMonitor
Western Digital Caviar Black WD1002FAEX 1TB x 2 LG Windows 7 Home Premium x64 3 x LG E2350V 
KeyboardPowerCaseMouse
Logitech 920-000914 SILVERSTONE ST1200 1200W SILVERSTONE RAVEN RV02-BW Razer Lachesis 
Mouse Pad
Huge Black Cloth 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel Core i7-930 ASUS P6X58D Premium XFX HD-585X-ZAFC Radeon HD 5850 1GB Tri-Fire CORSAIR DOMINATOR 6GB TR3X6G1600C8D x 2 =12GB 
Hard DriveOptical DriveOSMonitor
Western Digital Caviar Black WD1002FAEX 1TB x 2 LG Windows 7 Home Premium x64 3 x LG E2350V 
KeyboardPowerCaseMouse
Logitech 920-000914 SILVERSTONE ST1200 1200W SILVERSTONE RAVEN RV02-BW Razer Lachesis 
Mouse Pad
Huge Black Cloth 
  hide details  
Reply
post #6 of 17
Here's the Link to HiJackThis
post #7 of 17
yeah, HiJackThis probably is your best bet
PURE ACTION!
(14 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II X4 955 GA-990XA-UD3 NVIDIA GeForce GTX 460 Corsair  
RAMHard DriveOptical DriveOS
Corsair  2x500GB 7200.11 RAID 0 + 320GB 7200.11 1x DVD Windows 7 x64 
MonitorKeyboardPowerCase
22" Acer WS Logitech Ergo 700W OCZ GameXstream Antec 300 
Mouse
MX-600 
  hide details  
Reply
PURE ACTION!
(14 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II X4 955 GA-990XA-UD3 NVIDIA GeForce GTX 460 Corsair  
RAMHard DriveOptical DriveOS
Corsair  2x500GB 7200.11 RAID 0 + 320GB 7200.11 1x DVD Windows 7 x64 
MonitorKeyboardPowerCase
22" Acer WS Logitech Ergo 700W OCZ GameXstream Antec 300 
Mouse
MX-600 
  hide details  
Reply
post #8 of 17
^ I would suggest using HiJackTHis to clean the computer.

Run hiJackThis, locate odd processes and write them down or print them out.

Restart your computer in SAFE mode and track down those suckers, deleting them by hand. After you've deleted them all and found every trace of the SpyWare, restart as normal and run HiJackThis again to see if they've returned.

Then... install ZoneAlarm, disable Windows built-in firewall and never worry again. xD For the most part, anyway.
Final Cut Studio
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 (L724A841) @ 3.6Ghz Asus P5k-E BFG nVidia GeForce 7900GS Ballistix DDR2-1066 1gb x 4 (4Gb) 
Hard DriveOptical DriveOSPower
3 x Seagate 250gb 7200.10 | Seagate 500gb EXT. Pioneer IDE DVD-DL Win xP | OS X 10.4.9 PC P&C 610W 
Case
COOLER MASTER Centurion 5 
  hide details  
Reply
Final Cut Studio
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 (L724A841) @ 3.6Ghz Asus P5k-E BFG nVidia GeForce 7900GS Ballistix DDR2-1066 1gb x 4 (4Gb) 
Hard DriveOptical DriveOSPower
3 x Seagate 250gb 7200.10 | Seagate 500gb EXT. Pioneer IDE DVD-DL Win xP | OS X 10.4.9 PC P&C 610W 
Case
COOLER MASTER Centurion 5 
  hide details  
Reply
post #9 of 17
Thread Starter 
Quote:
Originally Posted by Audi View Post
^ I would suggest using HiJackTHis to clean the computer.

Run hiJackThis, locate odd processes and write them down or print them out.

Restart your computer in SAFE mode and track down those suckers, deleting them by hand. After you've deleted them all and found every trace of the SpyWare, restart as normal and run HiJackThis again to see if they've returned.

Then... install ZoneAlarm, disable Windows built-in firewall and never worry again. xD For the most part, anyway.
the problem is that i am doing all of this remotely so i can't boot into safe mode.

here is the log file
Logfile of HijackThis v1.99.1
Scan saved at 6:35:01 PM, on 6/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\Video ActiveX Access\\iesmn.exe
C:\\Program Files\\ULI5289\\ALi5289.exe
C:\\WINDOWS\\system32\\Rundll32.exe
C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe
C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe
C:\\WINDOWS\\Mixer.exe
C:\\Program Files\\X3watch\\x3watch.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\AIM6\\aim6.exe
C:\\Program Files\\Messenger\\msmsgs.exe
C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe
C:\\Program Files\\Video ActiveX Access\\iesmin.exe
C:\\Program Files\\Expedia\\Expedia Fare Alert\\ExpediaFareAlert.exe
C:\\Program Files\\AIM6\\aolsoftware.exe
C:\\Program Files\\OpenOffice.org 2.1\\program\\soffice.exe
C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\aawservice.exe
C:\\Program Files\\OpenOffice.org 2.1\\program\\soffice.BIN
C:\\PROGRA~1\\Grisoft\\AVG7\\avgamsvr.exe
C:\\PROGRA~1\\Grisoft\\AVG7\\avgupsvc.exe
C:\\PROGRA~1\\Grisoft\\AVG7\\avgemc.exe
C:\\Program Files\\Analog Devices\\SoundMAX\\SMAgent.exe
C:\\WINDOWS\\system32\\sessmgr.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe
C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe
C:\\Program Files\\Support.com\\bin\gcmd.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr. exe
C:\\WINDOWS\\system32\\RDSHOST.exe
C:\\Documents and Settings\\Family\\My Documents\\Downloads\\HijackThis.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.comcast.net/
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\\Software\\Microsoft\\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion \\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\\PROGRA~1\\COMCAS~1\\COMCAS~1.DLL
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\\WINDOWS\\system32\\laf123.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.5.0_11\\bin\\ssv.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\\WINDOWS\\system32\\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar2.dll
O2 - BHO: (no name) - {B8C5186E-EC37-4889-9C2E-F73649FFB7BB} - C:\\Program Files\\Video ActiveX Access\\iesplg.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\\PROGRA~1\\COMCAS~1\\COMCAS~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\\WINDOWS\\system32\\TwcToolbarIe7.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar2.dll
O3 - Toolbar: Protection Bar - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - C:\\Program Files\\Video ActiveX Access\\iesbpl.dll (file missing)
O4 - HKLM\\..\\Run: [ALi5289] C:\\Program Files\\ULI5289\\ALi5289.exe
O4 - HKLM\\..\\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\\..\\Run: [AVG7_CC] C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] "C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe"
O4 - HKLM\\..\\Run: [ATICCC] "C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe" runtime -Delay
O4 - HKLM\\..\\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\\..\\Run: [tgcmd] C:\\Program Files\\Support.com\\bin\gcmd.exe /server /startmonitor /deaf
O4 - HKLM\\..\\Run: [x3watch] C:\\Program Files\\X3watch\\x3watch.exe
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [Aim6] "C:\\Program Files\\AIM6\\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\\..\\Run: [MSMSGS] "C:\\Program Files\\Messenger\\msmsgs.exe" /background
O4 - HKCU\\..\\Run: [DW4] "C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe"
O4 - HKCU\\..\\Run: [AdobeUpdater] C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe
O4 - Startup: Expedia Fare Alert.lnk = C:\\Program Files\\Expedia\\Expedia Fare Alert\\ExpediaFareAlert.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\\Program Files\\OpenOffice.org 2.1\\program\\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\\Program Files\\Adobe\\Reader 8.0\\Reader\
eader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_11\\bin\\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_11\\bin\\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174250890821
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify: WgaLogon - C:\\WINDOWS\\SYSTEM32\\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\\WINDOWS\\system32\\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\\WINDOWS\\system32\\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\\WINDOWS\\system32\\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\\PROGRA~1\\Grisoft\\AVG7\\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\\PROGRA~1\\Grisoft\\AVG7\\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\\PROGRA~1\\Grisoft\\AVG7\\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\\Program Files\\Analog Devices\\SoundMAX\\SMAgent.exe
post #10 of 17
http://prevx.com

It's excellent.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Windows
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › stupid spyware i can't get rid of!