1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Do you have Adware, Spyware, Virus/Trojan or a Browser Hijacker?

Discussion in 'Windows - Virus and spyware problems' started by CJC, Nov 21, 2004.

Thread Status:
Not open for further replies.
  1. Buik

    Buik Regular member

    Joined:
    Nov 15, 2003
    Messages:
    260
    Likes Received:
    0
    Trophy Points:
    26
    I would advise against running REGEDIT unless you really know what you are doing. In W98se you can run MSCONFIG. I think config was put back in for XP. For W2K, it is absent and must be downloaded and either installed ro run from removable media. An option is a program called WINPATROL.

    For security & program integrity & such, try using BELARC ADVISOR.

    Time for some Google searching.

    TC
     
  2. eLeCTR0n

    eLeCTR0n Regular member

    Joined:
    Mar 26, 2003
    Messages:
    129
    Likes Received:
    0
    Trophy Points:
    26
    @ Buik

    If you look at the previous page, I did link to Spyware Doctor. However there is one stupid thing about it. The free version does not clean or remove anything. All it does is search for problems but it doesnt fix them.

    Now if you know what you're doing you can remove them manually. That's actully how I use it. But if you don't know your way around Windows, it's kind of pointless to use Spyware Doctor unless you're going to buy it.

    But yes I agree if you're going to buy a tool Spyware Doctor would be a good choice.
     
    Last edited: Sep 7, 2005
  3. Cbielling

    Cbielling Guest

    well i think i finally figured out the problem. thanks to gamespy, i had port 6667 open... after running spydoctor it said that was a common port for spyware to come through. i closed it, installed Norton again, and everything is working fine now. thanks for the help you offered, ill be sure to come back in case more problems come up.
     
  4. eLeCTR0n

    eLeCTR0n Regular member

    Joined:
    Mar 26, 2003
    Messages:
    129
    Likes Received:
    0
    Trophy Points:
    26
    glad to hear that everything got fixed but i want emphasize that a firewall is a must. At least have one firewall. I would recommend getting some Antivirus that has built in firewall capability and using the Windows firewall.
    like Trend Micro Internet Security

    Also if you already have some antivirus you can try some free excellent firewalls like:

    KPF: http://www.kerio.com/kpf_home.html
    ZA: http://www.zonelabs.com/store/conte...st_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za

    Did you have a firewall running before? What firewall do you use now?
     
  5. Cbielling

    Cbielling Guest

    ok, originally i had norton internet security, with a firewall. but something happened with norton and i had to uninstall it. so then i enabled the windows firewall, and installed Avast for the anti virus. soon after, i was getting the pop ups and spyware ads, dispite the FOUR anti spyware programs i had on my computer. recently i installed gamespy (shitty program in my opinion) and it requires u to open like , 6 or 7 ports on your fire, one being the 6667 port, which i later found out was a common port used by spyware programs. so i closed it. then, i decided to put norton back on, becasue i found out the problem with that, and reinstalled the firewall on that. since then its been fire. on a side note, after opening all those ports for gamespy, i still couldnt get it to work......but im willing to not use that program, in order to stop getting those annoying adds... before i finally got rid of them, i was getting 4 or 5 different ones for internet explorer, taking up entire pages and just randomly showing up. i also was getting one for firefox. but it seems everything is better now. i checked 3 different sites to make sure my firewall is secure, and all are saying its fine. thanks for your help.
     
  6. eLeCTR0n

    eLeCTR0n Regular member

    Joined:
    Mar 26, 2003
    Messages:
    129
    Likes Received:
    0
    Trophy Points:
    26
    you're welcome, come back if you ever need to
     
  7. Glitched

    Glitched Guest

    Hey guys can you help me out, my problem is that some thing called intel32.exe keeps on loading at startup, so i decided to go 2 msconfig and turn it off, It hasnt been a problem to me ever scince so i left it alone,but one day i thought i should remove that crap permanenty So i used ad aware and spybot search and destroy to remove it and it did but them when i rebooted my cpu it came again so i disabled it now, now sumthing else comes up called psguard its a spyware action to clean your cpu so i deleted all my files with that thing on it.....how do i permentantly destroy those two
     
  8. crxshn

    crxshn Member

    Joined:
    Dec 24, 2004
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    11
    Hi

    I just ran a Trend micro House Call check.... and it turn out that i have some trojans -
    TROJ PUPER.AO - \system32\itmon.exe
    TROJ PUPER.AQ - \system32\itmonp.exe
    TROJ PUPER.AQ - \popuper.exe

    how can i remove these virus? i had nortons but that expired & i dont have the rego stuff to renew
    any other programs to recommend?
     
  9. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,327
    Likes Received:
    120
    Trophy Points:
    143
    housecall didn't delete those files? did it give you an option to do something about that?
    download, update & run in this order
    ccleaner http://www.ccleaner.com/
    cwshredder http://www.intermute.com/products/cwshredder.html
    ad-aware se http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-...
    spybot s&d http://www.majorgeeks.com/download2471.html
    do an online virus & spyware scan with this link
    http://housecall60.trendmicro.com/en/start_corp.asp
    avg7 free edition http://free.grisoft.com/doc/2/lng/us/tpl/v5
     
  10. eLeCTR0n

    eLeCTR0n Regular member

    Joined:
    Mar 26, 2003
    Messages:
    129
    Likes Received:
    0
    Trophy Points:
    26
    worst case search for the files and delete them yourself
     
  11. troman12

    troman12 Regular member

    Joined:
    Oct 3, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    26
    Use NOD32. If it still does not work take backup and format your drive.
     
  12. crxshn

    crxshn Member

    Joined:
    Dec 24, 2004
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    11
    thanks ddp and troman12....whats NOD32?
     
  13. troman12

    troman12 Regular member

    Joined:
    Oct 3, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    26
    It's an anti virus. The best thing to do to is low level format your drive:

    Take backup by putting another harddisk and copying your files or something and do this:

    1) If you have a win98 Boot up disk then start your computer wit it.
    2) Type debug then type the following:

    -F 200 L1000 0 <enter>
    -A CS:100 <enter>
    xxxx:0100 MOV AX,301 <enter>
    xxxx:0103 MOV BX,200 <enter>
    xxxx:0106 MOV CX,1 <enter>
    xxxx:0109 MOV DX,80 <enter>
    (80 for hd 0 or 81 for hd 1 )
    xxxx:010C INT 13 <enter>
    xxxx:010E INT 20 <enter>
    xxxx:0110 <enter>
    -g <enter>
    It will say Program terminated normally
    -q<enter>
     
  14. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,327
    Likes Received:
    120
    Trophy Points:
    143
    if want to low level format your hd than get the program from the hd manufacturer.
     
  15. troman12

    troman12 Regular member

    Joined:
    Oct 3, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    26
    Hi

    For performing Low Level format you can either use the codes or use the Hard Disk manufacturer's software.
    For seagate you can use the disc utility given by them.
    But they dont have low level format ibn the 2005 version.
     
  16. j6stik

    j6stik Guest

    Hey.

    Earlier today a Norton AntiVirus "Virus Alert" popped up on my computer that says:
    "Norton AntiVirus has detected and remoced a virus from your computer
    Object Name..........C:\WINDOWS\TEMP\TMP%%%%.TMP
    Virus Name...........IRC.Backdoor.Trojan
    Action Taken.........The file was automatically deleted."

    The %%%% displays a four digit group of letters and numbers from 1-9 and then from A-F after 1-9. Every time I click okay, another window pops up, but the number goes up one. So far I've clicked okay about 500 times (at least; literally) and it just keeps popping up with another window. Can someone tell me wether or not this means I still have a virus on my computer, or if Norton got rid of it, how I don't have to sit through clicking that box probably about 15,000 times?
     
  17. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,327
    Likes Received:
    120
    Trophy Points:
    143
  18. j6stik

    j6stik Guest

    I ran a few of those programs and restarted my computer again and things seem to be back to normal now. Thanks! :)
     
  19. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,327
    Likes Received:
    120
    Trophy Points:
    143
    no problem, teach & learn
     
  20. nomonster

    nomonster Member

    Joined:
    Nov 1, 2005
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    hey everyone! this thread has been super useful but i have one question. i seem to have a .dll hijacker (wingenerics.dll) somewhere on my computer, that adware away cant take care of.
    i dont know what to do! ive ran spybot, spysweeper, adwear away and adadware(sp?). the computer turns off from time to time when i try to remove certain files (especially through that "housecall" thing.
    this is my moms computer and she usually browzes the web through google (i always tell her not to) and she must have picked something up :/
    oh this might help:
    windowsXP with avantbrowser(ie)
    i keep getting tons of popups from "ad-w-a-r-e.com" or something
    and i keep getting a popup saying that
    SUBJECT BAR: qmgis11n.exe - bad image
    BODY: The application or DLL c:\program files\setahoo!\wingenerics.dll is not a valid windows image. please check this against your installation diskette.

    this is my hijackthis log:
    Logfile of HijackThis v1.99.1
    Scan saved at 11:12:00 PM, on 11/1/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\hjt\HijackThis.exe

    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant

    Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program

    Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant

    Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant

    Browser\OpenInNewBrowser.htm
    O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

    Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

    - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -

    C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.com
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -

    http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -

    http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) -

    http://thesims.ea.com/teleport/hotdate/NPC/MaxisHotDateTeleX.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

    Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} -

    http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

    http://software-dl.real.com/220ae2f7f66caedcd122/netzip/RdxIE601.cab
    O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) -

    http://thesims.ea.com/teleport/superstar/MaxisSuperstarTeleX.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1

    130896773750
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -

    http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) -

    http://thesims.ea.com/teleport/unleashed/LOT/MaxisUnleashedLotTeleX.cab
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -

    http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

    http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) -

    https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -

    http://a19.g.akamai.net/7/19/7125/1451/ftp.coupons.com/r3302/cpbrkpie.cab
    O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) -

    http://thesims.ea.com/teleport/families/MaxisSimsFamilyTeleX.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl

    Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

    http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) -

    http://livesc03.rightnowtech.com/5571-b301h/rnl/java/RntX.cab
    O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) -

    http://fdl.msn.com/public/investor/v13/ticker.cab
    O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) -

    http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -

    http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

    "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: policies - C:\WINDOWS\system32\gp8sl3l71.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

    C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe

    (file missing)
    O23 - Service: lxbt_device - Lexmark International, Inc. -

    C:\WINDOWS\system32\lxbtcoms.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. -

    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB

    Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

    can anybody help??
    thanks in advance! oh and feel free to ask for more info!
     
    Last edited: Nov 1, 2005
Thread Status:
Not open for further replies.

Share This Page