MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 09-05-04, 17:44
ilya ilya is offline
Private E-2
 
Join Date: Sep 2004
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Major Spyware Problem on slow laptop

It seems that a DSO Exploit is somehow crushing me here when it comes to the war on spyware.

Advertisement.com, CoolWWWSearch and various other toolbars and such are appering on my IE explorer and draining my virtual memory. I'm using Spybot with the updated definitions as of September 5th, and it seems to clear out whatever exploits it finds other than DSO. However, after opening IE Explorer and running it again - the problems reappear. My homepage is hijacked and a search page comes up (as well as popups) if I attempt to use a search engine or submit something in Google.

Could anyone help?
Reply With Quote
Sponsored links
  #2  
Old 09-05-04, 17:57
ilya ilya is offline
Private E-2
 
Join Date: Sep 2004
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Major Spyware Problem on slow laptop

Quick update, getting the following when I startup:

Advertising.com
CoolWWWSearch
DoubleClick
DSO Exploit
Avenue A, inc.
VX2/f

After running Spyware S&D, I'm left with:

Advertising.com
DSO Exploit
Reply With Quote
  #3  
Old 09-06-04, 00:17
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,346
Thanks: 61
Thanked 7,650 Times in 4,121 Posts
Default Re: Major Spyware Problem on slow laptop

Ignore DSO Exploit reports from SpyBot. It is a known bug. Or you can configure it to ignore the DSO Exploits too.

To address your other issues, please follow all the steps in this Sticky thread < READ ME FIRST: Basic Spyware, Trojan And Virus Removal >

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #4  
Old 09-08-04, 17:37
ilya ilya is offline
Private E-2
 
Join Date: Sep 2004
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Major Spyware Problem on slow laptop

Problem is still occuring after taking all of the mentioned steps.

About:blank is coming up along with some pop-ups.
Reply With Quote
  #5  
Old 09-08-04, 18:06
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,346
Thanks: 61
Thanked 7,650 Times in 4,121 Posts
Default Re: Major Spyware Problem on slow laptop

Quote:
Originally Posted by ilya
Problem is still occuring after taking all of the mentioned steps.

about:blank is coming up along with some pop-ups.
Okay! Read this http://forums.majorgeeks.com/showthread.php?t=38752
and post a HijackThis log as a .txt file attachment.

You should also look at When all else fails - try Generic Solution to HSA (Only the Best) hijacker

It may be the next step and it also works on certain forms of about:blank.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Sponsored links
  #6  
Old 09-10-04, 08:40
ilya ilya is offline
Private E-2
 
Join Date: Sep 2004
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Major Spyware Problem on slow laptop

Here is the log... (attached)
Attached Files
File Type: txt hijackthis.txt (4.1 KB, 2 views)
Reply With Quote
  #7  
Old 09-10-04, 08:59
Major Attitude's Avatar
Major Attitude Major Attitude is offline
Co-Owner MajorGeeks.Com
 
Join Date: Dec 2001
Location: Treasure Coast, Florida
Posts: 12,544
Thanks: 180
Thanked 1,962 Times in 802 Posts
Default Re: Major Spyware Problem on slow laptop

You sure you did all the steps because you are still running Service Pack 1, not 2. Naturally, we need to wonder what else you may have skipped That was like Step #1. Theres a TON of problems in there, so you really need to make sure you did all the steps. Heres some to remove:

FYI, Viewpoint is called spyware, its installed by AOL. Should be able to remove it from add\remove programs but you will need to search for viewmgr.exe, delete it and remove all references to it in your Hijack This logfile. While in add\remove programs uninstall anything else you dont recognize.

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\uevdk.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uevdk.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\uevdk.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\uevdk.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uevdk.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\uevdk.dll/sp.html#29126
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {302FD6F2-399E-02BF-F24F-70F4CAF474E0} - C:\WINDOWS\system32\atlfh32.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com

Chaslang may have more to add, but please be sure that from SAFE MODE per the tutorial, you have completely virus scanned and run ALL of the optional tools especially about:buster and HSRemove and check back. Keep your browser closed until all steps are completed and you remove those lines. I would like to see you do all the steps this time, reading that log file wore me out The removal of these lines, installation of service pack 2 and complete virus and spyware scanning from safe more will take you a couple hours.
Reply With Quote
  #8  
Old 09-10-04, 23:31
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,346
Thanks: 61
Thanked 7,650 Times in 4,121 Posts
Default Re: Major Spyware Problem on slow laptop

I believe that Winad Client is removable from Add./Remove programs too.

Also note, there are couple of files that are of concern:
1) O4 - HKLM\..\Run: [atlfh32.exe] C:\WINDOWS\system32\atlfh32.exe
This is a typical sign of about:blank or HSA hijacks running. This process should be ended using Task Manager before fixing any lines with HijackThis. Then after fixing lines with HijackThis, I would also suggest running about:Buster a couple of times.

2) This next line looks like a typical trojan:
O4 - HKLM\..\Run: [gyzbburlpny] C:\WINDOWS\System32\niwzkv.exe

Unless you know different, I would fix that line to with HJT and then boot in safe mode and delete the file: C:\WINDOWS\System32\niwzkv.exe

3) This next one (DO NOT DELETE/FIX) I would like to confirm what it is:
O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START

Info out there indicates:
Possibly a left over from Windows Update for wireless NIC (maybe Linksys) drivers? Not required though.

Do you have a Wireles NIC card? Can use Windows Explorer to locate this file and right click on an get us some Properties info (like Company and Product Name)?
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #9  
Old 09-15-04, 17:04
ilya ilya is offline
Private E-2
 
Join Date: Sep 2004
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Major Spyware Problem on slow laptop

Updated HJT log attached - still having popup and about: problem after going through the reccomended steps twice and updating Windows XP security.
Attached Files
File Type: txt hijackthis2.txt (3.7 KB, 1 views)
Reply With Quote
  #10  
Old 09-15-04, 18:43
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,346
Thanks: 61
Thanked 7,650 Times in 4,121 Posts
Default Re: Major Spyware Problem on slow laptop

You need to use my When all else fails - Generic Solution to HSA (Only the Best) & about:Blank hijack thread. I list below the lines of concern from the log you last posted. See if you can use this as a start to following the Generic Solution steps. Follow them exactly do not skip anything and do not stop in the middle anywhere and reboot or power down (unless told to).

Processes of concern:
C:\Documents and Settings\Ilya Galperin\Desktop\Source\aiepk2.exe
C:\WINDOWS\apprb32.exe

HijackThis lines of concern:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vhuyx.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vhuyx.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vhuyx.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vhuyx.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vhuyx.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vhuyx.dll/sp.html#29126
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {30A95DF7-FBEA-D763-E682-9D786EF30062} - C:\WINDOWS\system32\javavw32.dll
O4 - HKLM\..\Run: [aiepk] C:\Documents and Settings\Ilya Galperin\Desktop\Source\aiepk2.exe
O4 - HKLM\..\Run: [apprb32.exe] C:\WINDOWS\apprb32.exe
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Sponsored links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 03:20.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger