Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Virus causing pop-ups
New Posts  All Forums:Forum Nav:

Virus causing pop-ups - Page 2

post #11 of 23
Thread Starter 
Quote:
Originally Posted by f4t4l1ty View Post

I tried that. It doesnt just download a Mirar remover, it downloads a free trial of the spyware software. After I scanned with that it wouldnt remove anything because it was trial. Then I scanned with spybot and that program was full of spyware itself. The internet sucks.

Quote:
Originally Posted by PaRaDoX View Post
nod32.
I specified in my first post that I do use nod32, and I did scan with it.
FX Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-8320e Gigabyte GA-970A-UD3P Sapphire R9 380 4GB 2x8GB Crucial Ballistix DDR3-1600 
Hard DriveHard DriveOptical DriveCooling
Intel 240GB SSD HGST 4TB Storage DVD-RW Cooler Master Hyper 212 EVO 
OSMonitorPowerCase
Windows 7 x64 AOC 27" 1080p Corsair CX750m Corsair 200R 
Audio
Asus Xonar DS 
  hide details  
Reply
FX Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-8320e Gigabyte GA-970A-UD3P Sapphire R9 380 4GB 2x8GB Crucial Ballistix DDR3-1600 
Hard DriveHard DriveOptical DriveCooling
Intel 240GB SSD HGST 4TB Storage DVD-RW Cooler Master Hyper 212 EVO 
OSMonitorPowerCase
Windows 7 x64 AOC 27" 1080p Corsair CX750m Corsair 200R 
Audio
Asus Xonar DS 
  hide details  
Reply
post #12 of 23
Quote:
Originally Posted by Retrospekt View Post
I tried that. It doesnt just download a Mirar remover, it downloads a free trial of the spyware software. After I scanned with that it wouldnt remove anything because it was trial. Then I scanned with spybot and that program was full of spyware itself. The internet sucks.



I specified in my first post that I do use nod32, and I did scan with it.
People don't read threads..

Remove NOD32 (for a bit)
Try AVG.
Then if nothing try AVAST..
Workoholic REborn
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 2600K P8Z68-V PRO NVIDIA GeForce GTX 1080 Ti 12GB 1x4GB+1x8GB 
Hard DriveHard DriveOptical DriveCooling
Intel 520 Series WD Black ASUS DVD+RW Sunbeam Twister 120 
OSMonitorMonitorKeyboard
Windows 7 Ultimate LG OLED65C7P Oculus Rift Logitech K400 
PowerCaseMouse
Corsair 620 Modular Lian Li V1020B G9x 
  hide details  
Reply
Workoholic REborn
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 2600K P8Z68-V PRO NVIDIA GeForce GTX 1080 Ti 12GB 1x4GB+1x8GB 
Hard DriveHard DriveOptical DriveCooling
Intel 520 Series WD Black ASUS DVD+RW Sunbeam Twister 120 
OSMonitorMonitorKeyboard
Windows 7 Ultimate LG OLED65C7P Oculus Rift Logitech K400 
PowerCaseMouse
Corsair 620 Modular Lian Li V1020B G9x 
  hide details  
Reply
post #13 of 23
http://www.ewido.net/en/
this program works very well and can be installed/run in safe mode. Can't really see anything suspicious in your hijack log other then this line - O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\\Program Files\\Desktop Sidebar\\sbhelp.dll
Also if you got the vundo virus this is the only program I've found that removes all of it. Vundo is a trojan horse that replicates its self so most avg programs don't catch all the files it creates, however vundo fix is bascially a batch file that just erases all the vundo copies.

http://www.atribune.org/content/view/24/2/
i7 on the cheap
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 970 Gigabyte X58A-UD7 evga GTX470 Corsair Vengence 
Hard DriveOptical DriveOSMonitor
Intel X25-M 160GB LG GBW-H20L Windows 7 Ultimate Acer GD235HZ 23.6" 120HZ 
KeyboardPowerCaseMouse
Logitech G15 Rocketfish 900W 80+ Silver Corsair Obsidian 800D Cyborg Rat 7 
  hide details  
Reply
i7 on the cheap
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 970 Gigabyte X58A-UD7 evga GTX470 Corsair Vengence 
Hard DriveOptical DriveOSMonitor
Intel X25-M 160GB LG GBW-H20L Windows 7 Ultimate Acer GD235HZ 23.6" 120HZ 
KeyboardPowerCaseMouse
Logitech G15 Rocketfish 900W 80+ Silver Corsair Obsidian 800D Cyborg Rat 7 
  hide details  
Reply
post #14 of 23
Thread Starter 
Desktop Sidebar is a utility a installed myself. Its a vista like sidebar for xp.
FX Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-8320e Gigabyte GA-970A-UD3P Sapphire R9 380 4GB 2x8GB Crucial Ballistix DDR3-1600 
Hard DriveHard DriveOptical DriveCooling
Intel 240GB SSD HGST 4TB Storage DVD-RW Cooler Master Hyper 212 EVO 
OSMonitorPowerCase
Windows 7 x64 AOC 27" 1080p Corsair CX750m Corsair 200R 
Audio
Asus Xonar DS 
  hide details  
Reply
FX Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-8320e Gigabyte GA-970A-UD3P Sapphire R9 380 4GB 2x8GB Crucial Ballistix DDR3-1600 
Hard DriveHard DriveOptical DriveCooling
Intel 240GB SSD HGST 4TB Storage DVD-RW Cooler Master Hyper 212 EVO 
OSMonitorPowerCase
Windows 7 x64 AOC 27" 1080p Corsair CX750m Corsair 200R 
Audio
Asus Xonar DS 
  hide details  
Reply
post #15 of 23
Quote:
Originally Posted by Retrospekt View Post
Desktop Sidebar is a utility a installed myself. Its a vista like sidebar for xp.
well download vundofix then and run it, its probably vundo if you are getting pop ups, if that doesn't work then try the avg antispy.
i7 on the cheap
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 970 Gigabyte X58A-UD7 evga GTX470 Corsair Vengence 
Hard DriveOptical DriveOSMonitor
Intel X25-M 160GB LG GBW-H20L Windows 7 Ultimate Acer GD235HZ 23.6" 120HZ 
KeyboardPowerCaseMouse
Logitech G15 Rocketfish 900W 80+ Silver Corsair Obsidian 800D Cyborg Rat 7 
  hide details  
Reply
i7 on the cheap
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 970 Gigabyte X58A-UD7 evga GTX470 Corsair Vengence 
Hard DriveOptical DriveOSMonitor
Intel X25-M 160GB LG GBW-H20L Windows 7 Ultimate Acer GD235HZ 23.6" 120HZ 
KeyboardPowerCaseMouse
Logitech G15 Rocketfish 900W 80+ Silver Corsair Obsidian 800D Cyborg Rat 7 
  hide details  
Reply
post #16 of 23
Thread Starter 
Vundo fix found about 5 files, avg anti spyware found 57. With all that I still keep getting these detections from nod32. I keep pressing delete but they come back. Look at attachments.

FX Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-8320e Gigabyte GA-970A-UD3P Sapphire R9 380 4GB 2x8GB Crucial Ballistix DDR3-1600 
Hard DriveHard DriveOptical DriveCooling
Intel 240GB SSD HGST 4TB Storage DVD-RW Cooler Master Hyper 212 EVO 
OSMonitorPowerCase
Windows 7 x64 AOC 27" 1080p Corsair CX750m Corsair 200R 
Audio
Asus Xonar DS 
  hide details  
Reply
FX Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-8320e Gigabyte GA-970A-UD3P Sapphire R9 380 4GB 2x8GB Crucial Ballistix DDR3-1600 
Hard DriveHard DriveOptical DriveCooling
Intel 240GB SSD HGST 4TB Storage DVD-RW Cooler Master Hyper 212 EVO 
OSMonitorPowerCase
Windows 7 x64 AOC 27" 1080p Corsair CX750m Corsair 200R 
Audio
Asus Xonar DS 
  hide details  
Reply
post #17 of 23
You will probably need to print this for the instructions since you have to do it without internet connection:

First and foremost, disable the System Restore Points by doing these steps:
1)Log on to Windows XP as an Administrator
2)Right click the My Computer icon on the Desktop and click on Properties.
3)Click on the System Restore tab.
4)Put a check mark next to 'Turn off System Restore on All Drives'.
5)Click the 'OK' button.
6)You will be prompted to restart the computer. Click No.

Now download a few tools to use later:
Download KillBox and save it to your desktop, do not run it yet.http://www.downloads.subratam.org/KillBox.zip
Download AFTCleaner and save to your desktop, do not run it yet. http://www.atribune.org/ccount/click.php?id=1
Download SUPERAntiSpyware to your desktop, install it then run updates. Do not scan yet.. http://www.superantispyware.com/down...NTISPYWAREFREE


1)Shut down system then turn off main power, wait for 30sec then turn it back on.
2)After the initial POST, press F8 continuously to bring up the Boot Options then choose Safe Mode without Networking.
3)Control Panel-->Folder Option-->View, check "Show hidden files and folders", uncheck "Hide extensions for known file types" and "Hide protected system files".
4)Move hijackthis.exe to your driveroot such as C:\\hijackthis.exe then rename it to Retrospekt.exe
5)Bring up TaskManager and look for these entries. If exist then right-click on each and choose "End Process Tree":
C:\\WINDOWS\\svhost.exe
C:\\DOCUME~1\\KAROLZ~1\\LOCALS~1\\Temp\\MBDownload er_87 6919.exe

6)Open HJT and run a "Scan Only", put a check to each of the following entries then "Fix":
C:\\WINDOWS\\svhost.exe
C:\\DOCUME~1\\KAROLZ~1\\LOCALS~1\\Temp\\MBDownload er_87 6919.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.polwizjer.pl/
O4 - HKLM\\..\\Run: [KernelFaultCheck] %systemroot%\\system32\\dumprep 0 -k
O4 - HKLM\\..\\Run: [poolsv] "C:\\WINDOWS\\poolsv.exe"
O4 - HKLM\\..\\Run: [svhost] "C:\\WINDOWS\\svhost.exe"
O4 - HKLM\\..\\Run: [NBInstall] C:\\DOCUME~1\\KAROLZ~1\\LOCALS~1\\Temp\\MBDownload er_87 6919.exe
O4 - HKLM\\..\\Run: [MemoryManager] rundll32.exe "C:\\WINDOWS\\system32\\kpykhmmx.dll",forkonce
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{0D9C5AFA-4842-4DB9-BD6D-252B0B641D42}: NameServer = 192.168.0.1
O17 - HKLM\\System\\CS1\\Services\\Tcpip\\..\\{0D9C5AFA-4842-4DB9-BD6D-252B0B641D42}: NameServer = 192.168.0.1
O17 - HKLM\\System\\CS2\\Services\\Tcpip\\..\\{0D9C5AFA-4842-4DB9-BD6D-252B0B641D42}: NameServer = 192.168.0.1

________________________________________________

Now reboot back into Safe Mode without Networking. Open SUPERAntiSpyware and run a Complete Scan. Let it delete/quaranteen anything it finds. Then it should produce a scan result log, make sure you save the log and reboot normally. Copy paste that in your reply post along with a fresh HJT. If you're unable to fit all in one post, post each log in a new reply.
New rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
Athlon64 X2 5000 BE @3.3GHz ASUS M2R32-MVP HD3870 512MB CrossFire GeIL Esoteria 4x1GB DDR2-1100 
Hard DriveOptical DriveOSMonitor
WD Raptor 150GB Lite-On LH-20A1L DVDRW Vista Ultimate 32-bit ViewSonic 22" HD LCD 1680x1050 
KeyboardPowerCaseMouse
Logitech Media Elite PC Power & Cooling Silencer 750W Quad TT Armor Extreme Full ATX Logitech G5 Laser 
  hide details  
Reply
New rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
Athlon64 X2 5000 BE @3.3GHz ASUS M2R32-MVP HD3870 512MB CrossFire GeIL Esoteria 4x1GB DDR2-1100 
Hard DriveOptical DriveOSMonitor
WD Raptor 150GB Lite-On LH-20A1L DVDRW Vista Ultimate 32-bit ViewSonic 22" HD LCD 1680x1050 
KeyboardPowerCaseMouse
Logitech Media Elite PC Power & Cooling Silencer 750W Quad TT Armor Extreme Full ATX Logitech G5 Laser 
  hide details  
Reply
post #18 of 23
Quote:
Originally Posted by Crimsonite View Post
You will probably need to print this for the instructions since you have to do it without internet connection:

First and foremost, disable the System Restore Points by doing these steps:
1)Log on to Windows XP as an Administrator
2)Right click the My Computer icon on the Desktop and click on Properties.
3)Click on the System Restore tab.
4)Put a check mark next to 'Turn off System Restore on All Drives'.
5)Click the 'OK' button.
6)You will be prompted to restart the computer. Click No.

Now download a few tools to use later:
Download KillBox and save it to your desktop, do not run it yet.http://www.downloads.subratam.org/KillBox.zip
Download AFTCleaner and save to your desktop, do not run it yet. http://www.atribune.org/ccount/click.php?id=1
Download SUPERAntiSpyware to your desktop, install it then run updates. Do not scan yet.. http://www.superantispyware.com/down...NTISPYWAREFREE


1)Shut down system then turn off main power, wait for 30sec then turn it back on.
2)After the initial POST, press F8 continuously to bring up the Boot Options then choose Safe Mode without Networking.
3)Control Panel-->Folder Option-->View, check "Show hidden files and folders", uncheck "Hide extensions for known file types" and "Hide protected system files".
4)Move hijackthis.exe to your driveroot such as C:\\hijackthis.exe then rename it to Retrospekt.exe
5)Bring up TaskManager and look for these entries. If exist then right-click on each and choose "End Process Tree":
C:\\WINDOWS\\svhost.exe
C:\\DOCUME~1\\KAROLZ~1\\LOCALS~1\\Temp\\MBDownload er_87 6919.exe

6)Open HJT and run a "Scan Only", put a check to each of the following entries then "Fix":
C:\\WINDOWS\\svhost.exe
C:\\DOCUME~1\\KAROLZ~1\\LOCALS~1\\Temp\\MBDownload er_87 6919.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.polwizjer.pl/
O4 - HKLM\\..\\Run: [KernelFaultCheck] %systemroot%\\system32\\dumprep 0 -k
O4 - HKLM\\..\\Run: [poolsv] "C:\\WINDOWS\\poolsv.exe"
O4 - HKLM\\..\\Run: [svhost] "C:\\WINDOWS\\svhost.exe"
O4 - HKLM\\..\\Run: [NBInstall] C:\\DOCUME~1\\KAROLZ~1\\LOCALS~1\\Temp\\MBDownload er_87 6919.exe
O4 - HKLM\\..\\Run: [MemoryManager] rundll32.exe "C:\\WINDOWS\\system32\\kpykhmmx.dll",forkonce
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{0D9C5AFA-4842-4DB9-BD6D-252B0B641D42}: NameServer = 192.168.0.1
O17 - HKLM\\System\\CS1\\Services\\Tcpip\\..\\{0D9C5AFA-4842-4DB9-BD6D-252B0B641D42}: NameServer = 192.168.0.1
O17 - HKLM\\System\\CS2\\Services\\Tcpip\\..\\{0D9C5AFA-4842-4DB9-BD6D-252B0B641D42}: NameServer = 192.168.0.1

________________________________________________

Now reboot back into Safe Mode without Networking. Open SUPERAntiSpyware and run a Complete Scan. Let it delete/quaranteen anything it finds. Then it should produce a scan result log, make sure you save the log and reboot normally. Copy paste that in your reply post along with a fresh HJT. If you're unable to fit all in one post, post each log in a new reply.
I have SV host is that bad?? Isn't it some important process?
Workoholic REborn
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 2600K P8Z68-V PRO NVIDIA GeForce GTX 1080 Ti 12GB 1x4GB+1x8GB 
Hard DriveHard DriveOptical DriveCooling
Intel 520 Series WD Black ASUS DVD+RW Sunbeam Twister 120 
OSMonitorMonitorKeyboard
Windows 7 Ultimate LG OLED65C7P Oculus Rift Logitech K400 
PowerCaseMouse
Corsair 620 Modular Lian Li V1020B G9x 
  hide details  
Reply
Workoholic REborn
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 2600K P8Z68-V PRO NVIDIA GeForce GTX 1080 Ti 12GB 1x4GB+1x8GB 
Hard DriveHard DriveOptical DriveCooling
Intel 520 Series WD Black ASUS DVD+RW Sunbeam Twister 120 
OSMonitorMonitorKeyboard
Windows 7 Ultimate LG OLED65C7P Oculus Rift Logitech K400 
PowerCaseMouse
Corsair 620 Modular Lian Li V1020B G9x 
  hide details  
Reply
post #19 of 23
svchost.exe is the real one but some lethal malwares can overtake svchost.exe files and disguise themselves.

svhost.exe
scvhost.exe
svchos t.exe (notice the space before t)
svchosts.exe

These are all from malwares and never part of Windows.
New rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
Athlon64 X2 5000 BE @3.3GHz ASUS M2R32-MVP HD3870 512MB CrossFire GeIL Esoteria 4x1GB DDR2-1100 
Hard DriveOptical DriveOSMonitor
WD Raptor 150GB Lite-On LH-20A1L DVDRW Vista Ultimate 32-bit ViewSonic 22" HD LCD 1680x1050 
KeyboardPowerCaseMouse
Logitech Media Elite PC Power & Cooling Silencer 750W Quad TT Armor Extreme Full ATX Logitech G5 Laser 
  hide details  
Reply
New rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
Athlon64 X2 5000 BE @3.3GHz ASUS M2R32-MVP HD3870 512MB CrossFire GeIL Esoteria 4x1GB DDR2-1100 
Hard DriveOptical DriveOSMonitor
WD Raptor 150GB Lite-On LH-20A1L DVDRW Vista Ultimate 32-bit ViewSonic 22" HD LCD 1680x1050 
KeyboardPowerCaseMouse
Logitech Media Elite PC Power & Cooling Silencer 750W Quad TT Armor Extreme Full ATX Logitech G5 Laser 
  hide details  
Reply
post #20 of 23
Personally...in the extreme rare event I get any spyware I just format and re-install windows. Hopefully before any other machines on my network are infected. that is the only true way to get rid of it.

However, if this isn't an option for you. Try running the anti-spyware while in safe mode. Or try renaming the the file causing you the problem and then try to delete it.

I saw some crap on a friends lap top about a month ago that when you tried to delete it, it made four copies of it self in random locations on the hardrive...all with different file names. An none of the free anti-spyware programs helped and he had a current upto date Norton anti-virus running.
Yeah...I just re-installed windows for him. There was no getting rid of that.
My System
(16 items)
 
  
CPUMotherboardGraphicsGraphics
2600K @ 4.7GHz Asus P8P67 B3 GTX 580 EVGA Hydro Copper 2 GTX 580 EVGA  
RAMHard DriveOptical DriveOS
4x4GB G.Skill Ripjaws bunch of 'em Blu-Ray For movies Windows 8.1 
MonitorMonitorKeyboardPower
24.4" Hans G HH251 X2 Yamakasi DS270  Blah 1000watt Super Flower 
CaseMouseMouse PadAudio
Built into Desk Microsoft SideWinder X8 Comfy one... Creative Extreme Gamer 
  hide details  
Reply
My System
(16 items)
 
  
CPUMotherboardGraphicsGraphics
2600K @ 4.7GHz Asus P8P67 B3 GTX 580 EVGA Hydro Copper 2 GTX 580 EVGA  
RAMHard DriveOptical DriveOS
4x4GB G.Skill Ripjaws bunch of 'em Blu-Ray For movies Windows 8.1 
MonitorMonitorKeyboardPower
24.4" Hans G HH251 X2 Yamakasi DS270  Blah 1000watt Super Flower 
CaseMouseMouse PadAudio
Built into Desk Microsoft SideWinder X8 Comfy one... Creative Extreme Gamer 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Virus causing pop-ups