Help in Malware removal

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by alvinhky, Nov 26, 2007.

  1. alvinhky

    alvinhky Private E-2

    Hi

    I have followed the steps in malware removal. In summary of work done

    In Safe mode with networking,

    1. I run Ccleaner to remove the cookies and temp files
    2. I run Spybot and managed the clean the spyware
    3. I run AVG anti spyware and managed the clean some spyware

    In normal boot mode,

    4. i proceeded to run Panda Active Scan thru internet. At the same time as running the Panda Active Scan , I accessed certain sites and then the Panda scan found some spyware which are in cookie format
    5. I managed to get the "runkeys.txt" and "newfiles.txt" and will attach here
    6. I turned off system restore on all drives
    7. Since Panda detected the spyware, I went on to repeat steps 1 to 3. This time , there is no spyware anymore

    My question is why is it that each time i accessed certain legitimate sites, i get spyware in cookies. Is there a way to prevent it ?
    It seems that only when i run ccleaner , then only i can clear the spyware cookies

    I am attaching the HJT and "runkeys.txt" and "newfiles.txt" and Activescan results

    Thanks


    [U]Below is the list of spyware that i managed to clear[/U]

    Incident Status Location

    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\alvin\Cookies\alvin@apmebf[2].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\alvin\Cookies\alvin@tribalfusion[1].txt

    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\alvin\Cookies\alvin@adrevolver[1].txt
    Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\alvin\Cookies\alvin@adtech[1].txt
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\alvin\Cookies\alvin@apmebf[2].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\alvin\Cookies\alvin@bs.serving-sys[1].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\alvin\Cookies\alvin@go[1].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\alvin\Cookies\alvin@overture[1].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\alvin\Cookies\alvin@questionmarket[2].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\alvin\Cookies\alvin@serving-sys[1].txt
     

    Attached Files:

    alvinhky, Nov 26, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Were are the logs for AVG AntiSpyware and BitDefender Online Scan. BitDefender should have been run before Panda ActiveScan.

    You were not supposed to do this until your system was declared malware free.

    Cookies are not spyware nor are they problems. Ignore scan reports from any tool about cookies being problems. See step 11 of this: How to Protect yourself from malware!


    Did you have Spy Catcher installed and then uninstall it? It looks like it and it also looks like it did not uninstall properly which we will try to fix below.


    First run this Disable/Remove Windows Messenger to remove Windows Messenger.


    Uninstall the below old versions of software:
    Java 2 Runtime Environment, SE v1.4.2_03


    Now run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O15 - Trusted Zone: http://eresearch.bursamalaysia.com
    O20 - AppInit_DLLs: interceptor.dll
    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.
    After clicking Fix, exit HJT.


    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment


    Now attach a new log from HijackThis.


    What malware problems are you having?
     
    chaslang, Nov 26, 2007
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds