Possible Spyware Hijacker??Followup

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Gensuknives, Jan 28, 2007.

  1. Gensuknives

    Gensuknives Grand pooty-meister

    I went into HJT and selected all the lines which were there and after closing browser (firefox 2.0) I clicked FIX.
    I then went in and deleted the file you suggested:
    C:\WINDOWS\glhvz.dll

    I had a busy 2 days since my first post so my machine had run 2 episodes of CounterSpy since.

    Am attaching the CounterSpy.txt file from this morning's scan.
    I had it quarantine both files found.

    Since new problems turned up, I have not yet done the part about turning off and then back on, the system restore.

    Of note, on my First scan, I am not sure I had my K: disc (seagate 120gb ext. hard disc drive turned on, so it may NOT have been scanned in the first round.

    Am not sure where to go from here. Please advise.
    And thanks so much for your expertise and help.
     

    Attached Files:

    Gensuknives, Jan 28, 2007
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to uninstall these files and the programs:
    C:\Documents and Settings\My Computer\Start Menu\Programs\Absolute Poker
    C:\Program Files\PartyGaming
    C:\Program Files\MANSION\FreePoker
    C:\Program Files\Poker.com\

    Run HJT and have it fix these:


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\My Computer\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
    O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\My Computer\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) G
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) G
    O9 - Extra button: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\FreePoker\MANSION.exe (file missing) G
    O9 - Extra 'Tools' menuitem: MANSION - {CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - C:\Program Files\MANSION\FreePoker\MANSION.exe (file missing)
    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe (HKCU)


    Attach new logs:
    ShowNew
    GetRun
    HJT
     
    TimW, Jan 28, 2007
    #2
  3. Gensuknives

    Gensuknives Grand pooty-meister

    Tim, I uninstalled the listed files and programs. I ran HJT but not all the listed things you asked me to fix were listed, probably because I had uninstalled the poker programs above.

    Am attaching new logs.
     

    Attached Files:

    Gensuknives, Jan 29, 2007
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If you don't know what this is, please delete it.

    C:\10494ca8bfa4d1097e

    Remove SearchAssistant using Spybot S&D, Open the anti-spyware utility and click the Check For Problems button. Wait while Spybot S&D looks for spyware, adware, and other malware. When the scan is complete, click the Fix Selected Problems button. Click Yes to confirm that you want to remove the selected files and, if prompted, reboot your PC so that Spybot S&D can finish its job.


    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    After clicking Fix, exit HJT.

    Run CCleaner.

    Tell me how things are running.
     
    TimW, Jan 29, 2007
    #4
  5. Gensuknives

    Gensuknives Grand pooty-meister

    I manually deleted the C:\10494ca8bfa4d1097e file from my C drive. It was some type of mxsm<lots of numbers>enu.log....Anyway I deleted it manually.

    Ran Spybot S&D, but it didn't say anything about SearchAssistant, only Zedo something (cookies I think). Had it fix selected problems, wasn't prompted to reboot.
    Ran HJT and selected the 2 R0 files. Then closed browser and clicked FIX.
    Ran CCleaner. Is it ok to uncheck the "cookies" block before running? I hate to have to keep resigning in to sites I frequent, like MajorGeeks, hotmail, etc.
    I need your opinion here.

    Do you need the logs of Ccleaner, HJT, or CounterSpy from today?

    Computer still will NOT send me to the Hypertracker.com site from inside an email on Hotmail, when I click on the link????? It isn't a massive problem, because my laptop will.

    Otherwise, I think computer running fine.

    Questions:
    1. How many of the following can I (should I) get rid of?
    Ad-Aware SE Personal
    Spybot S&D
    A-Squared Free
    Spyware Blaster
    AVG Free
    AVG Anti-Spyware
    CCleaner
    CounterSpy
    2. Of the ones I should keep, how often should I run them?
    3. Should I keep a .txt file log of each run?
    4. Could I reinstall 1 or 2 of those poker sites? I enjoy online poker.

    Or should I just see my shrink now to treat my paranoia?

    I really DO appreciate your help and suggestions. Thanks a bunch.

    I STILL have not disabled System Restore and rebooted and re-enabled it.

    Please tell me when in this process I should do that.
    Thanks.
     
    Gensuknives, Jan 29, 2007
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    1. If you are running Windows XP or Windows ME, do the below:
      • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    2. After doing the above, you should work thru the below link:
      How to Protect yourself from malware!
    As to your cookies: As to your cookies: Cookies are not problems! However it is useful while cleaning malware and running scans to delete most of them using CCleaner. It makes scans go faster and logs smaller. You can provision within CCleaner which cookies you want to preserve. Check this feature out so you don't have that issue anymore.

    The rule of thumb is to not have more than one anti-virus and at least one anti-spyware that has real time protection.

    How often you run is a function of your usage. More sites that you visit that may have potentially nasties, daily.

    The poker sites are up to you....

    YOu should remove any software that we had you download.
     
    Last edited by a moderator: Jan 29, 2007
    TimW, Jan 29, 2007
    #6
  7. Gensuknives

    Gensuknives Grand pooty-meister

    Tim ------- everything seems to be doing OK, except that now, when I shut down the computer, it seems often to sort of hang up and stop with the blue screen that says "Windows is shutting down" or "Saving your settings" and will sit there endlessly without actually shutting down. ??????

    Is there something I can do to force a shutdown to finish, once it starts?

    Tried Ctrl-Alt-Delete, but didn't help. Had to unplug power or hit reset switch to reboot to get it out of that hang-up.

    Ideas??? Thanks.
     
    Gensuknives, Feb 3, 2007
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It would be best to try and find out what process is slowing down or stopping the shut down. You may want to post in software.
    For a work around:
    For a one-click method to quickly shut down or reboot your system without the fuss of going through the Start menu, make use of the Shutdown command, a command line utility in XP.

    Here's how you can set up a restart button on your desktop:

    1. Create a shortcut (Right-click on desktop, select New > Shortcut).

    2. For location, type the following:

    shutdown -r -t 0

    3. Click Next, enter a name for the shortcut ("Restart" is appropriate), and click Finish.

    When you click your Restart shortcut, Windows XP will reboot *automagically*!

    The "-r" switch tells XP to reboot. If you'd like the shortcut to shut off your PC instead, change it to "-s"; to simply log off, change it to "-l". The "-t 0" sets the timeout (in seconds), so up this value if you find the need for it. To force running applications to close, add "-f" -- be careful with this one!

    For more information on Shutdown, type "shutdown" in a command prompt window (Start > All Programs > Accessories > Command Prompt), or search for Shutdown in Windows XP's Help and Support Center.
     
    TimW, Feb 3, 2007
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds