Spyware PLEASE HELP! - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 10-23-2005, 04:10 AM   #1 (permalink)
Monster Techie
 
Join Date: Sep 2004
Posts: 1,446
Send a message via AIM to Alex81388
Default Spyware PLEASE HELP!

Okay, I'm not dumb when it comes to this stuff, but I have tried the following programs in removing the spyware from my computer, but I continuously get popups about once per minute, each from a bunch of different domains, but 70% end in 'yyy53.htm'. I also get flash popups that arnt in a browser window, just floating around.

The programs I've used are:
Ad Aware
Spy Sweeper S&D
Trend Micro Spy Sweeper
Microsoft AntiSpy Beta
CWShredder (continuouysly finds the same two stuff, but never removes all the way)
Kill2Me (But seems to fail since CWShreeder picks up this trace)

I've done some startups in safe mode and tried to do it that way too... but nothing.

It's corrupted BF2's punkbuster so I get the error "Inadequite OS Restrictions".

I attached the Hijack this log, but it's pretty clean, I'm at a loss, HELP WOULD BE GREATLY APPRECIATED!!!


EDIT:: Had problems attaching... I had to paste it (sorry)

Quote:
Logfile of HijackThis v1.99.1
Scan saved at 3:05:10 AM, on 10/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Alex\My Documents\Spyware Removal\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O17 - HKLM\System\CCS\Services\Tcpip\..\{88F8D1BE-16AC-4AED-919E-5820FDAD8209}: NameServer = 64.233.207.2,192.168.0.200
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\r4p80e7ueh.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
'

EDIT::
COMMON POP UP ADDRESSES:
http://www.searc-h.com/normal/yyy53.html
http://www.super-coupon.com/normal/yyy53.html
http://www.great-coupon.com/normal/yyy53.html
http://www.deal-mobile.com/normal/yyy53.html
http://e.rn11.com/adbuys/a174-admed-ron
__________________

__________________
Sig removed due to foul language. Please read the rules regarding the allowable content of sigs before reposting your COMPLIANT sig.
~Trotter
4/21/06
Alex81388 is offline  
Old 10-23-2005, 04:16 AM   #2 (permalink)
Lord Techie
 
Nitestick's Avatar
 
Join Date: May 2005
Location: смерти для спаме
Posts: 8,473
Default

could be a virus thats doing it. also what browser are you using? my sig pretty much gives my suggestion
__________________

Nitestick is offline  
Old 10-23-2005, 04:19 AM   #3 (permalink)
Monster Techie
 
Join Date: Sep 2004
Posts: 1,446
Send a message via AIM to Alex81388
Default

I ran Trendmicros online scan a little back and i was fine, but im running one as i type this too.

It makes me use IE to do it, and I've discovered IE has the about:blank **** now...

damnit...


EDIT::: Trend Micro found 0 viruses on any of my drives.
__________________
Sig removed due to foul language. Please read the rules regarding the allowable content of sigs before reposting your COMPLIANT sig.
~Trotter
4/21/06
Alex81388 is offline  
Old 10-23-2005, 07:43 AM   #4 (permalink)
Call me Mak or K
Mod Emeritus
 
KSoD's Avatar
 
Join Date: Sep 2004
Location: C:\
Posts: 35,647
Default

This to me sounds more like malware than spyware. Try running this and see if that is of any help for you. If not i would suggest a antivirus application like AVG Free or to get the best NOD32. AVG Free is located here. NOD32 is located here. I think NOD32 has a trial period i would try that out and use th trial to get the virus off the system (if that is a virus). You have run all the antispyware apps that could remove it except maybe Spybot S&D. Unless that is what you mean by Spy Sweeper.
__________________
I do not accept support questions via EMail, PM, IM or my G+ page!

Phone: LG Optimus G Pro
Running: Stock JB from LG with Nova Launcher

KSoD is offline  
Old 10-23-2005, 07:44 AM   #5 (permalink)
Master Techie
 
Join Date: Feb 2004
Posts: 2,172
Send a message via AIM to Win2kpatcher
Default

Looks like you have already tried a lot. Have you emptied out ALL temp file locations/IE temp files from your system? Check out this write up I did a while back. Also if you have multiple users on your system you should read it.

If the OS is XP this is what I usually start with for effectively removing all spyware and viri.

Boot into safe mode (after BIOS runs POST hit F8 rapidly to get to the boot menu options screen which you will see safe mode) Logon as administrator.

Go to START>RUN>MSCONFIG>STARTUP then disable ALL items under there except virus scan.

Go to START>CONTROL PANEL>FOLDER OPTIONS>VIEW and select show hidden files and folders. Then go to c:\documents and settings and go into each user folder and delete ALL of the following files c:\documents and settings\%user%\local settings\temp and C:\Documents and Settings\%user%\Local Settings\Temporary Internet Files and finally c:\documents and settings\%user%\cookies.

Delete all files under C:\WINDOWS\Temp and C:\WINDOWS\Prefetch. Empty the recycle bin and reboot the PC.

Download Spybot S&D 1.4, Adaware SE 1.6, and java cool Spyware blaster all of which can be downloaded at www.download.com. I also usually download and run the Microsoft AntiSpyware tool that can be downloaded from www.microsoft.com . I don¡¦t leave the Microsoft AntiSpyware tool installed because it is still in beta and has expiration dates that usually confuse many users when it expires, but it is a good tool to detect and remove spyware just be sure to un-install it once you¡¦re done using it. Ohh also before you run the scan with AdAware be sure you download there latest VX2 plugin found here:http://www.lavasoftusa.com/software/...2cleaner.shtml


Run all updates for all software then run the scans with adaware, spybot, and MS AntiSpyware (spyware blaster is not a scanner but helps prevent spyware by blocking active x controls from bad websites).
Fix all spyware then update your virus scan and run a full system scan for viri. After all this I usually re-isntall IE6 to rid any mess left over.

Also on a side note I noticed with my encounters of repairing spyware issues that each windows profile houses it own set of spyware. Meaning if you run a full system scan with say spybot, adaware, and MS AntiSpyware under one user profile and logon to another profile and run the same scans you will find more spyware (this becomes a HUGE pain when many profiles are on the system).

For the most part a majority of the spyware is fixed running it under one profile, but to remove ALL you must do it under each user profile. When I work on home PC¡¦s I just usually delete all the profiles and create new ones and backup there important settings such as My Documents, Favorites, and Desktop. This will save time of logging into each profile running a scan, removing spyware, running a scan again to make sure it was all removed.

Lastly if there is something stubborn or you have some BHO¡¦s you can not get rid of download HiJackThis 1.99.1 which can be found here with some other useful tools http://www.spywareinfo.com/~merijn/downloads.html . HiJackThis if a very POWERFUL tool. When you run a scan DO NOT check all items and FIX because usually they are legit applications such as virus scan, anti-spyware, Microsoft, and Adobe products. You can browse through the list though and select items you know are BAD and remove any BHO¡¦s you do not need. This is why I leave this tool last as it can really damage a system if not used correctly ƒº
Win2kpatcher is offline  
Old 10-23-2005, 11:00 AM   #6 (permalink)
Wizard Techie
 
Join Date: Jun 2005
Posts: 3,339
Default

Trend Micro Spy Sweeper


I don't know if they have a product called that or you confused who owns it. Either way try "Webroot Spy Sweeper" it's the best product out there in my opinion despite what others say.
__________________
<form action=\"http://www.srsyo.org/tfsearch.php\" method=\"get\">
<input type=\"text\" name=\"search\"> <input type=\"submit\" name=\"submit\" value=\"Search TF before you post!\"></form>
Vista Discussion | 64 Bit Discussion |Microsoft Homepage | Yo Linux | Paul Thurrott | Fire Fox | Thunder Bird | Image Shack | Photo Bucket | Put File | Anti-Spyware | MS Anti-Spyware | Trillian | Anti-Virus | On Line Virus Scan
Tyler1989 is offline  
Old 10-23-2005, 11:28 AM   #7 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: Spyware PLEASE HELP!

Quote:
Originally posted by Alex81388
Okay, I'm not dumb when it comes to this stuff, but I have tried the following programs in removing the spyware from my computer, but I continuously get popups about once per minute, each from a bunch of different domains, but 70% end in 'yyy53.htm'. I also get flash popups that arnt in a browser window, just floating around.

The programs I've used are:
Ad Aware
Spy Sweeper S&D
Trend Micro Spy Sweeper
Microsoft AntiSpy Beta
CWShredder (continuouysly finds the same two stuff, but never removes all the way)
Kill2Me (But seems to fail since CWShreeder picks up this trace)

I've done some startups in safe mode and tried to do it that way too... but nothing.

It's corrupted BF2's punkbuster so I get the error "Inadequite OS Restrictions".

I attached the Hijack this log, but it's pretty clean, I'm at a loss, HELP WOULD BE GREATLY APPRECIATED!!!


EDIT:: Had problems attaching... I had to paste it (sorry)

'

EDIT::
COMMON POP UP ADDRESSES:
http://www.searc-h.com/normal/yyy53.html
http://www.super-coupon.com/normal/yyy53.html
http://www.great-coupon.com/normal/yyy53.html
http://www.deal-mobile.com/normal/yyy53.html
http://e.rn11.com/adbuys/a174-admed-ron
Is that the whole log?
__________________
Osiris is offline  
Old 10-23-2005, 09:19 PM   #8 (permalink)
Monster Techie
 
Join Date: Sep 2004
Posts: 1,446
Send a message via AIM to Alex81388
Default

Well the whole log is quoted at the top, but your quote doesnt have it in it for some reason.

And yes that's it, I keep my comp pretty clean (or so I thought...)
__________________
Sig removed due to foul language. Please read the rules regarding the allowable content of sigs before reposting your COMPLIANT sig.
~Trotter
4/21/06
Alex81388 is offline  
Old 10-23-2005, 09:21 PM   #9 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

It looked fine to me
__________________
Osiris is offline  
Old 10-23-2005, 09:39 PM   #10 (permalink)
Monster Techie
 
Join Date: Sep 2004
Posts: 1,446
Send a message via AIM to Alex81388
Default

Ok so I ran those programs you guys posted, nothing was found except one thing by AVG. I deleted that and Im still getting those same popups and things.

Here is what that ad-aware plugin found, I think this is the one I'm infected with:

__________________

__________________
Sig removed due to foul language. Please read the rules regarding the allowable content of sigs before reposting your COMPLIANT sig.
~Trotter
4/21/06
Alex81388 is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 11:10 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.