spyware infection

i have a message that my computer has has a spyware infection as my background. Now i have tried to remove it and put my own background but i cant pliz help!

 

youve got that damm thing, i sorted that for my friend.

install and update http://www.ewido.net/en/download/

ccleaner http://www.ccleaner.com/
cwshredder http://www.intermute.com/products/cwshredder.html
ad-aware se http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-...
spybot s&d http://www.majorgeeks.com/download2471.html
download, update & run in safemode for the above in this order
online virus scan http://housecall.trendmicro.com/housecall/start_corp.asp


do that for now

 

You have SpyAxe/Spysheriff on your computer. We have to identify it first, to help you remove it. So we need your HijackThis log. Do the steps 3 and 4 from here > http://forums.afterdawn.com/thread_view.cfm/263784
Read the instructions and post the log here.

 

@rav009

If that is smitfraud as I suspect that doesnt help =)

But that was a good try.

 

lol, no i said do that for now as i thought theres a few spywares that change the background.

isnt there a few spywares that do that?

"that damm thing" refers to it....

incase it was not that particluar one i though try that fist.

i think thats a smart move anyway

 

If there is a text "spyware infection" or "your computer is infected" on background it´s most likely a variant of smitfraud, which needs it´s own fix. Ewido or any other anti-spyware programs won´t fix it.

 

yeh ino about the special fix i did that last week for a friend, but i didnt know that smitfraud was the only spyware that puts that on the background but i do know.

 

jus going through house call at the mo will update u as to how i am getting on..isnt there a law against this sort of practice coz its spytrooper that are tring to prompt me to download thei software for a price to resolve this problem i have tried using ad aware 6 aswell but no luck

 

@rav009

Sure there are other viruses/spyware that do the same thing. That´s why I asked the log in first place. That´s the fastest way to identify what it is. But I would bet a lot for smitfraud =) Let´s wait for the log and we´ll finally see what it is...

 

i agree with you there spertti.

 

yeah thats the one! smitfraud

 

@solive28

Just post the log and I´ll check it in hour and help you remove that bastard....

 

so you know you had it,shouldve said, anyway just send your log plz.

 

and as my luck would have it my housecall was stopped! the windows just closed!

 

windows just closed?, you were back on quick, is it 2gb of ram or somthing or do you mean the window for housecall closed.

well anyway just send the log in now.

 

here is the report



COMETCURSOR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[0]=RegKey : CLSID\{062efa85-8bbb-11d3-80d0-00500487b1c5}
obj[1]=RegKey : CLSID\{0922ec1a-9ec7-11d3-80b9-00500487bdba}
obj[2]=RegKey : CLSID\{0e42926e-96d8-11d3-80d5-00500487b1c5}
obj[3]=RegKey : CLSID\{0e429272-96d8-11d3-80d5-00500487b1c5}
obj[4]=RegKey : CLSID\{15940F5D-D8BD-49BC-851D-29DCFB166950}
obj[5]=RegKey : CLSID\{1678F7E1-C422-11D0-AD7D-00400515CAAA}
obj[6]=RegKey : CLSID\{212b99a1-9cf6-11d3-80b7-00500487bdba}
obj[7]=RegKey : CLSID\{37D026C3-84D7-4AC5-A026-C08B7907CACF}
obj[8]=RegKey : CLSID\{39e01e09-2b45-11d4-810d-00500487b1c5}
obj[9]=RegKey : CLSID\{4320AEEB-2F2A-4F97-B573-232C6576AA3A}
obj[10]=RegKey : CLSID\{4AA5D526-44D5-4AF6-AC53-5CE1534CC40B}
obj[11]=RegKey : CLSID\{64726B8A-0CBE-4F80-90B7-1CA1BC69FCFB}
obj[12]=RegKey : CLSID\{6F2D6A5E-E3E7-4F18-887C-C777650DEF57}
obj[13]=RegKey : CLSID\{7BE4E188-DD04-47E4-8C1B-4AA330B18D9F}
obj[14]=RegKey : CLSID\{7F0F5DA7-84CB-11D4-8137-00500487B1C5}
obj[15]=RegKey : CLSID\{827A2ECE-D76F-4BCC-82ED-D6A287C11211}
obj[16]=RegKey : CLSID\{8AE68B04-D492-4474-A6E2-FD5FE884F4B1}
obj[17]=RegKey : CLSID\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E}
obj[18]=RegKey : CLSID\{941228B3-3AD1-4633-A9F5-59154CB362D4}
obj[19]=RegKey : CLSID\{A335D52F-D489-472D-9EAA-D72A40AAF7CA}
obj[20]=RegKey : CLSID\{A5EA242A-442E-4ecb-9CAC-97037CCD6EC6}
obj[21]=RegKey : CLSID\{C38FC998-3B1B-4F59-A710-5A6C9CF8BD92}
obj[22]=RegKey : CLSID\{cbe7d5e7-90a2-11d3-80d1-00500487b1c5}
obj[23]=RegKey : CLSID\{cd74b159-a1d3-11d3-80bc-00500487bdba}
obj[24]=RegKey : CLSID\{d14d6793-9b65-11d3-80b6-00500487bdba}
obj[25]=RegKey : CLSID\{DFA771A5-2138-48EE-A58E-F782C879AF8E}
obj[26]=RegKey : CLSID\{e28fcb54-8c8e-11d3-80d1-00500487b1c5}
obj[27]=RegKey : CLSID\{E3A6E4B2-16B4-4F56-A98A-5F4DE04CA2BE}
obj[28]=RegKey : CLSID\{e5c39db9-9dcc-11d3-80d6-00500487b1c5}
obj[29]=RegKey : CLSID\{EA5BB125-A227-40A7-BCAA-652D497C2F65}
obj[30]=RegKey : CLSID\{EB07A6D4-8E36-11D4-8138-00500487B1C5}
obj[31]=RegKey : CLSID\{EDC4193F-34AD-4D07-AA87-E3FDB89E3E76}
obj[32]=RegKey : CLSID\{EDEE4CCB-0913-4CC9-8EA9-3DDD87AB8BDE}
obj[33]=RegKey : CLSID\{F147AE85-1855-4182-BE3A-174160995A40}
obj[34]=RegKey : CLSID\{FE6BC4EF-5676-484B-88AE-883323913256}
obj[35]=RegKey : CometAppUtil.CometUIEvents
obj[36]=RegKey : CometAppUtil.CometUIEvents.1
obj[37]=RegKey : CometIEToolbar.CometToolbar
obj[38]=RegKey : CometIEToolbar.CometToolbar.1
obj[39]=RegKey : ComUtil.FCParam
obj[40]=RegKey : ComUtil.FCParam.1
obj[41]=RegKey : ComUtil.FctCall
obj[42]=RegKey : ComUtil.FctCall.1
obj[43]=RegKey : ContextParser.ContextProxy
obj[44]=RegKey : ContextParser.ContextProxy.1
obj[45]=RegKey : ContextParser.ContextProxyMgr
obj[46]=RegKey : ContextParser.ContextProxyMgr.1
obj[47]=RegKey : ContextParser.CSRegExp
obj[48]=RegKey : ContextParser.CSRegExp.1
obj[49]=RegKey : ContextParser.URLContextParser
obj[50]=RegKey : ContextParser.URLContextParser.1
obj[51]=RegKey : CORE.BHO1
obj[52]=RegKey : CORE.BHO1.1
obj[53]=RegKey : CORE.BrowserAppProxy
obj[54]=RegKey : CORE.BrowserAppProxy.1
obj[55]=RegKey : CORE.CometCursor
obj[56]=RegKey : CORE.CometCursor.1
obj[57]=RegKey : CORE.CometFrame
obj[58]=RegKey : CORE.CometFrame.1
obj[59]=RegKey : CORE.CometWindow
obj[60]=RegKey : CORE.CometWindow.1
obj[61]=RegKey : CORE.CS15Cursor
obj[62]=RegKey : CORE.CS15Cursor.1
obj[63]=RegKey : CORE.FileINfo
obj[64]=RegKey : CORE.FileINfo.1
obj[65]=RegKey : CORE.HttpComm
obj[66]=RegKey : CORE.HttpComm.1
obj[67]=RegKey : CORE.MyBrowser1
obj[68]=RegKey : CORE.MyBrowser1.1
obj[69]=RegKey : Core.SelfUpdater
obj[70]=RegKey : Core.SelfUpdater.1
obj[71]=RegKey : CORE.System
obj[72]=RegKey : CORE.System.1
obj[73]=RegKey : CORE.WIndowProxy
obj[74]=RegKey : CORE.WIndowProxy.1
obj[75]=RegKey : CSBand.HorizontalIEBand
obj[76]=RegKey : CSBand.HorizontalIEBand.1
obj[77]=RegKey : CSBand.VerticalIEBand
obj[78]=RegKey : CSBand.VerticalIEBand.1
obj[79]=RegKey : CSBRange.ByteRange
obj[80]=RegKey : CSBRange.ByteRange.1
obj[81]=RegKey : CSEng.CSEngine
obj[82]=RegKey : CSEng.CSEngine.1
obj[83]=RegKey : CSEng.CSHost
obj[84]=RegKey : CSEng.CSHost.1
obj[85]=RegKey : CSEng.EvHandler
obj[86]=RegKey : CSEng.EvHandler.1
obj[87]=RegKey : CSIP.CSCollection
obj[88]=RegKey : CSIP.CSCollection.1
obj[89]=RegKey : CSIP.CSIPDispatch
obj[90]=RegKey : CSIP.CSIPDispatch.1
obj[91]=RegKey : CSIP.CSIPPacket
obj[92]=RegKey : CSIP.CSIPPacket.1
obj[93]=RegKey : Interface\{012b0571-2cd6-11d4-810d-00500487b1c5}
obj[94]=RegKey : Interface\{062efa84-8bbb-11d3-80d0-00500487b1c5}
obj[95]=RegKey : Interface\{0922ec19-9ec7-11d3-80b9-00500487bdba}
obj[96]=RegKey : Interface\{0e42926f-96d8-11d3-80d5-00500487b1c5}
obj[97]=RegKey : Interface\{0e429271-96d8-11d3-80d5-00500487b1c5}
obj[98]=RegKey : Interface\{1348E05A-21C7-4134-B4A4-3C12234FCA3F}
obj[99]=RegKey : Interface\{1E587528-41AA-4F19-97E8-BB75ACC3035C}
obj[100]=RegKey : Interface\{212b99a0-9cf6-11d3-80b7-00500487bdba}
obj[101]=RegKey : Interface\{29089B98-AF05-4769-B627-86A745D4B672}
obj[102]=RegKey : Interface\{2da93e50-9d08-11d3-80d5-00500487b1c5}
obj[103]=RegKey : Interface\{2FCFB3FD-7184-4C42-AED3-30FFF0119964}
obj[104]=RegKey : Interface\{34FDD882-5530-4A90-89CD-416612C8855E}
obj[105]=RegKey : Interface\{43F1B4AD-92EF-4DB3-BDA9-12335B012DD0}
obj[106]=RegKey : Interface\{50d7c4ab-3c82-11d4-8111-00500487b1c5}
obj[107]=RegKey : Interface\{58C59F56-CA66-4B5D-9132-ECEA5193BE5A}
obj[108]=RegKey : Interface\{788E0D0E-CAF7-473B-9183-76BE6D30DC9A}
obj[109]=RegKey : Interface\{7AA7D1C3-F0F8-460C-936D-B5886D0928EB}
obj[110]=RegKey : Interface\{7F0F5DA6-84CB-11D4-8137-00500487B1C5}
obj[111]=RegKey : Interface\{832786EC-9632-4919-8972-59F79D621C87}
obj[112]=RegKey : Interface\{899BE974-D575-48BB-A9C7-1D24E8042BE4}
obj[113]=RegKey : Interface\{8BEE173B-C006-4F0E-ACD2-84A882BEBCFF}
obj[114]=RegKey : Interface\{910E67A6-BD53-46DF-8434-41498B7D22F7}
obj[115]=RegKey : Interface\{9464C98E-B5F1-4C6A-BD3F-9696E3BD081E}
obj[116]=RegKey : Interface\{97284959-A553-4576-859C-B3B3FF283DE0}
obj[117]=RegKey : Interface\{a0ca55a0-a112-11d3-80d6-00500487b1c5}
obj[118]=RegKey : Interface\{a0ca55a1-a112-11d3-80d6-00500487b1c5}
obj[119]=RegKey : Interface\{A4B977F5-1EFC-4DA0-B9C2-67C53CBA140F}
obj[120]=RegKey : Interface\{A9E67CBE-7A42-47BE-962A-C07E73C34FBA}
obj[121]=RegKey : Interface\{AEB17FC4-2A52-4945-9866-81CC343A59E3}
obj[122]=RegKey : Interface\{B0DB6360-8D7F-11D4-8137-00500487B1C5}
obj[123]=RegKey : Interface\{B0E9399E-FE6F-43B0-98D3-2F47080DDE4A}
obj[124]=RegKey : Interface\{BFCBF73B-6EB2-49C1-ADCA-CF0CD589B140}
obj[125]=RegKey : Interface\{C0CAD17E-00A3-4F40-9015-D569C3114BA3}
obj[126]=RegKey : Interface\{C4D86DC8-B73B-4470-9914-3DAC14EE6F95}
obj[127]=RegKey : Interface\{c7291310-3c8c-11d4-8111-00500487b1c5}
obj[128]=RegKey : Interface\{C81B4B57-B06B-409D-AED0-028051683796}
obj[129]=RegKey : Interface\{cbe7d5e6-90a2-11d3-80d1-00500487b1c5}
obj[130]=RegKey : Interface\{cbe7d5e8-90a2-11d3-80d1-00500487b1c5}
obj[131]=RegKey : Interface\{cd74b15b-a1d3-11d3-80bc-00500487bdba}
obj[132]=RegKey : Interface\{CE2EAB19-E31D-43CA-A860-F95A2CA50040}
obj[133]=RegKey : Interface\{d14d6792-9b65-11d3-80b6-00500487bdba}
obj[134]=RegKey : Interface\{DC86768F-5ADF-4D84-9DE8-FD047B1FE8F5}
obj[135]=RegKey : Interface\{DDD1E8CA-678D-4C9A-A472-CE9578B14DC5}
obj[136]=RegKey : Interface\{e28fcb53-8c8e-11d3-80d1-00500487b1c5}
obj[137]=RegKey : Interface\{ea3b6c62-70a6-11d1-b69e-444553540000}
obj[138]=RegKey : Interface\{EB07A6D3-8E36-11D4-8138-00500487B1C5}
obj[139]=RegKey : Interface\{FFE56921-248B-4C75-9EEE-01706310E371}
obj[140]=RegKey : SkinUI.ActiveWindow
obj[141]=RegKey : SkinUI.ActiveWindow.1
obj[142]=RegKey : SkinUI.CSkinUI
obj[143]=RegKey : SkinUI.CSkinUI.1
obj[144]=RegKey : SkinUI.WebBrowserSink
obj[145]=RegKey : SkinUI.WebBrowserSink.1
obj[146]=RegKey : SkinUI.WindowsHelper
obj[147]=RegKey : SkinUI.WindowsHelper.1
obj[148]=RegKey : Software\Comet Systems
obj[149]=RegKey : Software\Microsoft\Windows\CurrentVersion\Uninstall\CC2k
obj[150]=RegKey : Typelib\{062efa78-8bbb-11d3-80d0-00500487b1c5}
obj[151]=RegKey : TypeLib\{07FA131E-2EB2-446F-93D2-9F877320010B}
obj[152]=RegKey : TypeLib\{3F4386E5-2FBE-44A8-81CF-4B792490605F}
obj[153]=RegKey : TypeLib\{74232635-A013-49F2-B869-1B1AB932D944}
obj[154]=RegKey : TypeLib\{7F0F5D9A-84CB-11D4-8137-00500487B1C5}
obj[155]=RegKey : TypeLib\{878ACE1B-8DB0-4D75-9034-504756AD4215}
obj[156]=RegKey : TypeLib\{BF986691-7F7B-4F94-85E0-20E75350701F}
obj[157]=RegKey : TypeLib\{BFA2C963-FC24-4770-8C19-0D5A1CD58DF9}
obj[158]=RegKey : TypeLib\{C09FB84D-B9ED-43EB-AFED-F145C26CB839}
obj[159]=RegKey : Typelib\{d14d6786-9b65-11d3-80b6-00500487bdba}
obj[160]=RegValue : SOFTWARE\Microsoft\Internet Explorer\Toolbar

TRACKING COOKIE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[161]=File : c:\documents and settings\sol & petty\cookies\sol & petty@advertising[1].txt
obj[162]=File : c:\documents and settings\sol & petty\cookies\sol & petty@atdmt[2].txt
obj[163]=File : c:\documents and settings\sol & petty\cookies\sol & petty@doubleclick[1].txt

 

Just look at my first post and do what I said. That doesn´t help me at all....

 

i was talking about a HJT log.

 

windows for housecall

 

ok as spertti said HJT log please.