Do you have Adware, Spyware, Virus/Trojan or a Browser Hijacker?

I would advise against running REGEDIT unless you really know what you are doing. In W98se you can run MSCONFIG. I think config was put back in for XP. For W2K, it is absent and must be downloaded and either installed ro run from removable media. An option is a program called WINPATROL.

For security & program integrity & such, try using BELARC ADVISOR.

Time for some Google searching.

TC

 

@ Buik

If you look at the previous page, I did link to Spyware Doctor. However there is one stupid thing about it. The free version does not clean or remove anything. All it does is search for problems but it doesnt fix them.

Now if you know what you're doing you can remove them manually. That's actully how I use it. But if you don't know your way around Windows, it's kind of pointless to use Spyware Doctor unless you're going to buy it.

But yes I agree if you're going to buy a tool Spyware Doctor would be a good choice.

 

well i think i finally figured out the problem. thanks to gamespy, i had port 6667 open... after running spydoctor it said that was a common port for spyware to come through. i closed it, installed Norton again, and everything is working fine now. thanks for the help you offered, ill be sure to come back in case more problems come up.

 

glad to hear that everything got fixed but i want emphasize that a firewall is a must. At least have one firewall. I would recommend getting some Antivirus that has built in firewall capability and using the Windows firewall.
like Trend Micro Internet Security

Also if you already have some antivirus you can try some free excellent firewalls like:

KPF: http://www.kerio.com/kpf_home.html
ZA: http://www.zonelabs.com/store/conte...st_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za

Did you have a firewall running before? What firewall do you use now?

 

ok, originally i had norton internet security, with a firewall. but something happened with norton and i had to uninstall it. so then i enabled the windows firewall, and installed Avast for the anti virus. soon after, i was getting the pop ups and spyware ads, dispite the FOUR anti spyware programs i had on my computer. recently i installed gamespy (shitty program in my opinion) and it requires u to open like , 6 or 7 ports on your fire, one being the 6667 port, which i later found out was a common port used by spyware programs. so i closed it. then, i decided to put norton back on, becasue i found out the problem with that, and reinstalled the firewall on that. since then its been fire. on a side note, after opening all those ports for gamespy, i still couldnt get it to work......but im willing to not use that program, in order to stop getting those annoying adds... before i finally got rid of them, i was getting 4 or 5 different ones for internet explorer, taking up entire pages and just randomly showing up. i also was getting one for firefox. but it seems everything is better now. i checked 3 different sites to make sure my firewall is secure, and all are saying its fine. thanks for your help.

 

you're welcome, come back if you ever need to

 

Hey guys can you help me out, my problem is that some thing called intel32.exe keeps on loading at startup, so i decided to go 2 msconfig and turn it off, It hasnt been a problem to me ever scince so i left it alone,but one day i thought i should remove that crap permanenty So i used ad aware and spybot search and destroy to remove it and it did but them when i rebooted my cpu it came again so i disabled it now, now sumthing else comes up called psguard its a spyware action to clean your cpu so i deleted all my files with that thing on it.....how do i permentantly destroy those two

 

Hi

I just ran a Trend micro House Call check.... and it turn out that i have some trojans -
TROJ PUPER.AO - \system32\itmon.exe
TROJ PUPER.AQ - \system32\itmonp.exe
TROJ PUPER.AQ - \popuper.exe

how can i remove these virus? i had nortons but that expired & i dont have the rego stuff to renew
any other programs to recommend?

 

worst case search for the files and delete them yourself

 

Use NOD32. If it still does not work take backup and format your drive.

 

thanks ddp and troman12....whats NOD32?

 

It's an anti virus. The best thing to do to is low level format your drive:

Take backup by putting another harddisk and copying your files or something and do this:

1) If you have a win98 Boot up disk then start your computer wit it.
2) Type debug then type the following:

-F 200 L1000 0 <enter>
-A CS:100 <enter>
xxxx:0100 MOV AX,301 <enter>
xxxx:0103 MOV BX,200 <enter>
xxxx:0106 MOV CX,1 <enter>
xxxx:0109 MOV DX,80 <enter>
(80 for hd 0 or 81 for hd 1 )
xxxx:010C INT 13 <enter>
xxxx:010E INT 20 <enter>
xxxx:0110 <enter>
-g <enter>
It will say Program terminated normally
-q<enter>

 

Hi

For performing Low Level format you can either use the codes or use the Hard Disk manufacturer's software.
For seagate you can use the disc utility given by them.
But they dont have low level format ibn the 2005 version.

 

Hey.

Earlier today a Norton AntiVirus "Virus Alert" popped up on my computer that says:
"Norton AntiVirus has detected and remoced a virus from your computer
Object Name..........C:\WINDOWS\TEMP\TMP%%%%.TMP
Virus Name...........IRC.Backdoor.Trojan
Action Taken.........The file was automatically deleted."

The %%%% displays a four digit group of letters and numbers from 1-9 and then from A-F after 1-9. Every time I click okay, another window pops up, but the number goes up one. So far I've clicked okay about 500 times (at least; literally) and it just keeps popping up with another window. Can someone tell me wether or not this means I still have a virus on my computer, or if Norton got rid of it, how I don't have to sit through clicking that box probably about 15,000 times?

 

I ran a few of those programs and restarted my computer again and things seem to be back to normal now. Thanks!

 

hey everyone! this thread has been super useful but i have one question. i seem to have a .dll hijacker (wingenerics.dll) somewhere on my computer, that adware away cant take care of.
i dont know what to do! ive ran spybot, spysweeper, adwear away and adadware(sp?). the computer turns off from time to time when i try to remove certain files (especially through that "housecall" thing.
this is my moms computer and she usually browzes the web through google (i always tell her not to) and she must have picked something up :/
oh this might help:
windowsXP with avantbrowser(ie)
i keep getting tons of popups from "ad-w-a-r-e.com" or something
and i keep getting a popup saying that
SUBJECT BAR: qmgis11n.exe - bad image
BODY: The application or DLL c:\program files\setahoo!\wingenerics.dll is not a valid windows image. please check this against your installation diskette.

this is my hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:12:00 PM, on 11/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avant Browser\avant.exe
C:\hjt\HijackThis.exe

O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant

Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program

Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant

Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant

Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -

C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -

http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) -

http://thesims.ea.com/teleport/hotdate/NPC/MaxisHotDateTeleX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} -

http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

http://software-dl.real.com/220ae2f7f66caedcd122/netzip/RdxIE601.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) -

http://thesims.ea.com/teleport/superstar/MaxisSuperstarTeleX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1

130896773750
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -

http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) -

http://thesims.ea.com/teleport/unleashed/LOT/MaxisUnleashedLotTeleX.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -

http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) -

https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -

http://a19.g.akamai.net/7/19/7125/1451/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) -

http://thesims.ea.com/teleport/families/MaxisSimsFamilyTeleX.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl

Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) -

http://livesc03.rightnowtech.com/5571-b301h/rnl/java/RntX.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) -

http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) -

http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -

http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\gp8sl3l71.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe

(file missing)
O23 - Service: lxbt_device - Lexmark International, Inc. -

C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. -

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB

Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

can anybody help??
thanks in advance! oh and feel free to ask for more info!