Media-Tickets Spyware/Adware

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by mickeyd, Jun 4, 2005.

  1. mickeyd

    mickeyd Private E-2

    The other day I got an email with an attachment that looked like it had come from my webhost so I opened it since Norton didn't seem to find anything wrong with it like it usually does. When I did it threw spy-ware and a worm on my computer. Norton found the worm trying to send the virus away and stopped it, it also found the worm and got rid of it. Norton also found some spyware and deleted some but said it wasn't able to delete some of the files. So I ran ad-aware it found them claimed it got rid of them. Restarted my computer and ran the scans of norton and adaware again and it caught the same stuff. Restarted again and now I get a window telling me to click yes to unistall media-tickets, clicked yes and ran stuff found nothing so i restarted again. So I restarted and loaded up into safe-mode, ran all the scans of norton and adaware and trojan remover and adaware found one and that was it. Restarted back into windows and got the same thing. I then downloaded windows spyware removal tool beta. it found no files but 3 registry keys. it deleted those I restarted again. Now im stuck with windows loading up and at the beginning of loading up it shows a internet explorer pop up trying to tell me to support the "Media-Tickets" site by downloading their product and I "X" out of the window but this seems like an endless cycle so I ran Norton AntiVirus again and this is what I get...

    ----------------------------------
    Norton Anti-Virus Finds:
    ----------------------------------
    1. backup-20050604-112151-768.dll Adware.MediaPass At Risk
    2. bridge-c15[1].cab Adware.MediaPass At Risk
    3. main[1].htm Adware.Windupdates At Risk
    4. main[1].htm Adware.Istbar At Risk
    5. MediaAccX.dll Adware.MediaPass At Risk
    6. mt-uninstaller.exe Adware.MediaTicket At Risk
    7. mtrslib2[1].js Adware.MediaTicket At Risk

    I clicked "Delete" for Norton to well, delete the files and it said that out of the 8. detected (notice that there is one extra that wasn't shown until I clicked "More Info" after deleteing the threats) it was only able to delete 5. I clicked More Info and here are the statuses now....


    1. backup-20050604-112151-768.dll Adware.MediaPass Manually Deleted
    2. bridge-c15[1].cab Adware.MediaPass Manually Deleted
    3. main[1].htm Adware.Windupdates Manually Deleted
    4. main[1].htm Adware.Istbar DELETE FAILED
    5. MediaAccX.dll Adware.MediaPass DELETE FAILED
    6. mt-uninstaller.exe Adware.MediaTicket Manually Deleted
    7. mtrslib2[1].js Adware.MediaTicket Manually Deleted

    Note that "3. main[1].htm | Adware.CDT" didn't show up till I did the "Delete" and then clicked "More Info"

    So... don't know how to get rid of this stuff since this is what happens after restarting and then running norton again. always the same thing. PLZ help as I don't feel like reformatting since I've reformatted my computer alot of times in the past couple weeks.

    I've also Attached the Hijack This log after running Norton.


    -------------------------------------------------------------------------
    After clicking on the MediaAccX.dll and the main[1].htm that failed to get deleted I clicked on them and Norton Anti-Virus provided this info...

    The compressed file MediaAccX.dll within C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\8TAN8RMH\bridge-c15[1].cab is a Adware threat.

    The file C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\ILEL4LMF\main[1].htm is a Adware threat.

    Maybe that will help don't know maybe :p
     

    Attached Files:

    Last edited: Jun 4, 2005
    mickeyd, Jun 4, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please read the announcement and sticky threads. HJT logs should only be posted when requested and then they must be attachments to your message.

    - Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    Also to get you started and to reduce the size of your HJT log. Do the following:

    The below line is one of your main problems. Have HJT fix this line and delete the file while in safe mode.
    O4 - HKLM\..\Run: [Windows DLL Services] C:\svchost.exe


    After doing ALL of the above you still have a problem, boot into normal mode and make sure you follow these directions:


    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, Jun 4, 2005
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds