Major Problem With Spyware

Hi, I'm new to this forum and was referred by a friend. I have major spyware on my pc and have used every program I know of to get rid of it with no luck. I run the spyware, it says it's deleting it, but then it's still there. This is what hijack this shows. I am pretty illiterate as far as the technical stuff, but any help would be much appreciated.

Logfile of HijackThis v1.97.7
Scan saved at 9:31:31 AM, on 01/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

C:\DOCUME~1\Margaret\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\7V5B394K\HijackThis.exe

 

Welcome to MG
Well first you need to read the following Sticky thread and make sure you complete all steps listed.

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

After doing ALL of the above if you still have a problem please post back as stated above and also do the following so you are prepared to attach a hijackthis log when you are asked to.

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread
NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

After you post back with your findings after completing the tutitorial please be patient and someone will get back with you as soon as they can as we all are busy helping others and lead busy lives away from the computer as well.


sw

 

Hi Babyann,

You have the latest VX2 variant baddie - It should be simple enough to remove. Don't let the preparation intimidate you

First, though, you must get the latest version of HijackThis and EXTRACT it from the ZIP File to its own SAFE folder. Use the link Shewolf provided above to download HJT. Here is how to properly locate it :

To create a new folder:
Click START > My Computer > Local Disc C: > Program Files
Now, RightClick on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:
Now, RightClick your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder (C:\Program Files\HijackThis)and click Next.

ALSO:

Please download the following tools and have them handy (Perhaps create an Anti-Spyware Folder for them). Make sure to get them from the links below:

L2MeFix Tool
Generic Detection Tool - NT/2000/XP
VX2.BetterInternet Finder XP/2k - Version Msg126
Pocket KillBox


NOW:

Please scan with HijackThis - Note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

ALSO:

Please move the L2MeFix Tool to your Desktop and DoubleClick l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix Folder on your Desktop. DoubleClick l2mfix.bat and Type 1 and ENTER to select Option #1 for Run Find Log . Allow it as much time as it needs to run until NotePad opens with a log.

NOTE:Please do not run any other options or files in the l2mfix Folder!

Please attach the l2mfix log along with the HijackThis log and we’ll see where you stand. Please TRY NOT TO REBOOT after scanning for these logs!! I will try to check back as time permits.

Best Luck
PP

 

Ok, hopefully I have followed your instructions correctly PP and am attaching my Hijack This log and the L2MeFix log. I truly appreciate your help.

 

Hi Babyann,

I would be more comfortable if you would please move HijackThis to a safer folder - C:\Program Files\HijackThis


For the next step, please make sure ALL Browser Windows are Closed!

NOW:
Go to the L2MFix Folder on your Desktop and DoubleClick l2mfix.bat and type 2 and ENTER to select option #2 for Run Fix. Then, press any key to Reboot your machine.
Your computer will go nuts for a bit, but just let it run. It should eventually spit out another log in Notepad. Please attach that log along with a fresh HijackThis log.

Again, please do not run any other files in the L2MFix folder.

I will try to check back when time permits and we'll see how things shook out.

PP

 

Just wanted to let you know that it appears my spyware is gone. I followed the directions Shewolf gave on following the procedures in "Read Me First". Thank you so much Shewolf and Phil for your help. Can't tell you how relieved I am. I had been working on this for 2 weeks and in 1 day, my problem is fixed. Thanks! Thanks! Thanks!

 

Glad to hear the good news and I know exactly how you feel as when I first came to this forum I had spyware that was driving me batty and couldnt' figure it out. If it wouldn't have been for MG and the wonderful people that help others out on here I would never have gotten rid of the spyware crap that was infesting my computer.
Now that you have the programs downloaded use them frequently to scan your computer, always keep your computer and software (spyware, antivirus etc.. ) up to date. If anything in the future developes go through the Read Me First steps again and feel free to post back here looking for help in anything that you have questions with. I know I have posted on MG for a variety of things I have questions on and the help is wonderful.
sw

 

We are happy to help, but I must say that, unless you ran the fix in my last post, the malware is still on your machine! Nothing in the Read Me First Tutorial addresses this baddie as yet.
If you have run the fix from L2MeFix, you ought to submit the logs I requested to be sure all is gone!
Of course, this is up to you.

Definitely look at Chaslang's Suggestions

Best luck
PP