MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 03-25-05, 06:21
sprtfrk22 sprtfrk22 is offline
Private First Class
 
Join Date: Mar 2005
Posts: 48
Thanks: 0
Thanked 0 Times in 0 Posts
Default Spyware problems, just lots of problems and need help

many problems. i'll start with one:
Party poker...Adware? i'm not sure but i need it gone from my computer but it won't let me uninstall because it says cannot run with DOS or something like that so i went and deleted the files but don't know if it will leave the registry. need help on that or comments.

next, i have spy bot S&D. i got on aol and i didn't realize it but aol spy zapper found a keylogger thing so i blocked that and then downloaded aol spyware protection. It already found 6 problems, i just ran spy bot right before i signed on aol and downloaded it. its still searchin and i'll post the results when its done.

another thing is viewpoint. i was reading on this site that someone had some trouble a program. well i went to add/remove programs and found something similiar: viewpoint media player, and viewpoint manager (remove only). Should i remove these two?

DANG, here's another thing. this problem keeps coming back and coming back. i need it all gone at once to rid this dang computer of spyware and all that other junk. shopathomeselect cash back is now on the programs list but it wasn't there earlier today. Should i remove it?

ok here's what aol spyware found: Apropos Media, lLookup, HUNTBAR (OH KNOW ITS BACK AGAIN...i've gotten rid of this thing like 5 times in the past 10 days yet keeps on comin back), Activity Logger 2.0, DyFuCa, MicroGaming...this all slipped past spy bot...i am really disturbed about activity logger 2.0, i just blocked a different keylogger found by aol spyzapper, which runs everytime i sign on. so i'm blockin those.

watch, i guarentee that if i run spy bot and aol spyware protection, i will find more stuff. i mean it just won't stop. i've been at it with all this stuff for about 6 days in-depth getting rid of this. its way time consuming and need a lot of help.

anyway i think its from activeX? should i remove this and everything related to it?

and windows media connect is also in my programs and wonder if i should remove it? and iQfx2? and windows media connect?

I have just learned that AOL spyware doesn't work when blockin the key logger so i downloaded spyhunter 2.0. it found 50 problems in the registry and 3 cookies, all of the registry problems are wild tangent...game driver i think. i remember downloading that but i don't use it anymore so i'll just remove it. umm 53 things with winactive, should i fix those? i'm just doin scanning right now with spyhunter 2.0. i'll put a log on for you to show you and then u can tell me what i need to fix or delete.
Attached Files
File Type: doc SPYWARE SCAN SPYHUNTER 2.0.doc (56.0 KB, 3 views)
Reply With Quote
Sponsored links
  #2  
Old 03-25-05, 19:24
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,583
Thanks: 62
Thanked 7,741 Times in 4,181 Posts
Default Re: Spyware problems, just lots of problems and need help

Viewpoint Media is something AOL sneaks right by you and installs along with a bunch of other things that you did not ask for nor do you need (including WildTangent). Uninstall Viewpoint Media and/or Viewpoint Manager using Add/Remove programs. Also uninstall anything for WildTangent if found.
You should also uninstall SpyHunter because it had been on a list of rogue/suspect spyware removal tools for quite some time and while it has improved it still does not remove anything unless you buy it. You do not need it. See: http://www.spywarewarrior.com/rogue_anti-spyware.htm

What you need to do is run our clean up procedures, which I'll give below.

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus RemovalMake sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #3  
Old 03-29-05, 23:30
sprtfrk22 sprtfrk22 is offline
Private First Class
 
Join Date: Mar 2005
Posts: 48
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Spyware problems, just lots of problems and need help

I just ran all the procedures. It found a lot of stuff and I removed it all...mostly manually.

Symantec helped a lot:

C:\WINDOWS\Downloaded Program Files\bridge.inf is infected with Adware.WinFavorites COULD NOT FIND ANYTHING
C:\WINDOWS\Downloaded Program Files\NavInst2.ocx is infected with Adware.NavHelper COULD NOT FIND


When I went to find these they weren't in the folder. I ran the symantec overnight and when I went to delete them they weren't there. Anything suspicious?

Do you have any suggestions for firewalls or better virus scans that are free?

Thanks for your help. I really appreciate it.
Reply With Quote
  #4  
Old 03-29-05, 23:52
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,583
Thanks: 62
Thanked 7,741 Times in 4,181 Posts
Default Re: Spyware problems, just lots of problems and need help

Quote:
Originally Posted by sprtfrk22
ISymantec helped a lot:

C:\WINDOWS\Downloaded Program Files\bridge.inf is infected with Adware.WinFavorites COULD NOT FIND ANYTHING
C:\WINDOWS\Downloaded Program Files\NavInst2.ocx is infected with Adware.NavHelper COULD NOT FIND

When I went to find these they weren't in the folder. I ran the symantec overnight and when I went to delete them they weren't there. Anything suspicious?
.
They are there. You just cannot see them using Windows Explorer. Either do it from a command prompt or use a tool like: ExplorerXP

You should have post the HJT log as requested.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #5  
Old 03-30-05, 15:34
sprtfrk22 sprtfrk22 is offline
Private First Class
 
Join Date: Mar 2005
Posts: 48
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Spyware problems, just lots of problems and need help

Quote:
Originally Posted by chaslang
They are there. You just cannot see them using Windows Explorer. Either do it from a command prompt or use a tool like: ExplorerXP

You should have post the HJT log as requested.
Oops...yes i forgot to attach the hijackerThis log...its attached now.

No they are not...ok well how do i do a command prompt? but i downloaded explorerXP and removed the last two.

and do you guys send popups to my screen? because everytime i'm on this site i get atleast one every 10 minutes...My mom was on all day and didn't get one. just got this one:
http://adopt.hbmediapro.com/adopt.hb...0&r=h&rnd=3288

if u find anything wrong...please tell me and if u have any information and a new virus scan or firewall...please post. thanks
Attached Files
File Type: log hijackthis.log (7.3 KB, 3 views)
Reply With Quote
Sponsored links
  #6  
Old 03-30-05, 17:23
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,583
Thanks: 62
Thanked 7,741 Times in 4,181 Posts
Default Re: Spyware problems, just lots of problems and need help

No popups come from MG's. The problem is that you are still infected. That is why I asked for the follow up HijackThis log.

Download LSP - Fix

Now run LSP-Fix.

Check the Box labeled "I know what I'm doing" and then click on the connwsp.dll file (in the Keep section) to select it.

Then, Select the >> button to move connwsp.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.

Now follow the steps below.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
C:\WINDOWS\system32\picsvr\picsvr.exe

After killing all the above processes, click "Back".
Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [cxin] C:\DOCUME~1\James\LOCALS~1\Temp\~MySetup.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0411.DLL (file missing)
O9 - Extra button: (no name) - {1B7AE680-87FA-11D4-AF0B-0050BF17E519} - (no file) (HKCU)
O9 - Extra button: Dell Home - {6EB4B300-AC7A-11D3-AF0A-708357C10000} - http://www.dell.com/ (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\system32\nsvsvc <--- the whole folder <---- Note: do not delete C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\picsvr <--- the whole folder
C:\Documents and Settings\James\Local Settings\Temp\~MySetup.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot in normal mode and post a new HJT log. And tell us how things are working.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #7  
Old 03-30-05, 23:01
sprtfrk22 sprtfrk22 is offline
Private First Class
 
Join Date: Mar 2005
Posts: 48
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Spyware problems, just lots of problems and need help

O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing

when i ran HJT...010 couldn't be found...don't know why. but i continued as followed.

C:\Documents and Settings\James\Local Settings\Temp\~MySetup.exe

this item also wasn't there...i'm now switching back to normal setup and i'll post the attachment in a few minutes.
Reply With Quote
  #8  
Old 03-30-05, 23:10
sprtfrk22 sprtfrk22 is offline
Private First Class
 
Join Date: Mar 2005
Posts: 48
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Spyware problems, just lots of problems and need help

attached hjt
Attached Files
File Type: log hijackthis.log (6.3 KB, 2 views)
Reply With Quote
  #9  
Old 03-31-05, 00:05
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,583
Thanks: 62
Thanked 7,741 Times in 4,181 Posts
Default Re: Spyware problems, just lots of problems and need help

Quote:
Originally Posted by sprtfrk22
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing

when i ran HJT...010 couldn't be found...don't know why. but i continued as followed.

C:\Documents and Settings\James\Local Settings\Temp\~MySetup.exe

this item also wasn't there...i'm now switching back to normal setup and i'll post the attachment in a few minutes.
The first item was fixed by using LSP-fix. I left it in HJT as a backup.
In the second item, HJT probably was able to remove the file when it fixed that O4 line. We leave in the delete manual instructions again as a backup because somethings will not be deleted by HJT.

So how is everything working!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #10  
Old 03-31-05, 01:14
hardrive's Avatar
hardrive hardrive is offline
Senior Member
 
Join Date: Sep 2004
Posts: 100
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Spyware problems, just lots of problems and need help

Quote:
Originally Posted by chaslang
Viewpoint Media is something AOL sneaks right by you and installs along with a bunch of other things that you did not ask for nor do you need (including WildTangent). Uninstall Viewpoint Media and/or Viewpoint Manager using Add/Remove programs. Also uninstall anything for WildTangent if found.
I'm not sure about WildTangent, but I just looked up some information on Viewpoint Media Player and I got a different point of view about it. According to the forum page from the link below, VMP is suppose to be "an application designed to better your internet experience" and is suppose to be "safe and not spyware or a bug." Click on the link below and scroll down to michael_tzez's post, time stamped: Jan 13 2005, 06:08.

http://www.neowin.net/forum/lofivers...p/t245560.html
Reply With Quote
Sponsored links
  #11  
Old 03-31-05, 01:17
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,583
Thanks: 62
Thanked 7,741 Times in 4,181 Posts
Default Re: Spyware problems, just lots of problems and need help

Quote:
Originally Posted by hardrive
I'm not sure about WildTangent, but I just looked up some information on Viewpoint Media Player and I got a different point of view about it. According to the forum page from the link below, VMP is suppose to be "an application designed to better your internet experience" and is suppose to be "safe and not spyware or a bug." Click on the link below and scroll down to michael_tzez's post, time stamped: Jan 13 2005, 06:08.

http://www.neowin.net/forum/lofivers...p/t245560.html
Very few people use it and just about everyone can get along without it. It is just more crap that AOL has running on your PC all the time even when it is not needed.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #12  
Old 03-31-05, 01:36
hardrive's Avatar
hardrive hardrive is offline
Senior Member
 
Join Date: Sep 2004
Posts: 100
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Viewpoint Media Player and 3D Effect

Quote:
Originally Posted by chaslang
Very few people use it and just about everyone can get along without it. It is just more crap that AOL has running on your PC all the time even when it is not needed.
If it's the program that provides the 3D effect as the poster stated in the link that I provided, I'm all for it.
Reply With Quote
  #13  
Old 03-31-05, 01:41
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,583
Thanks: 62
Thanked 7,741 Times in 4,181 Posts
Default Re: Viewpoint Media Player and 3D Effect

Quote:
Originally Posted by hardrive
If it's the program that provides the 3D effect as the poster stated in the link that I provided, I'm all for it.
It is only required for sites who program specifically for that application. Rather rare I would think. The only way most people get this on their PC's is from AOL. If it were such an important component it would be more universally required. I have never gone to one website where I have needed it accept for the link you just posted.

IMHO it is just more stuff from AOL that is not needed. That's the same way I feel about AOL too.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #14  
Old 03-31-05, 08:16
sprtfrk22 sprtfrk22 is offline
Private First Class
 
Join Date: Mar 2005
Posts: 48
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Spyware problems, just lots of problems and need help

chaslang-
YOUR HELP WAS GREAT. My internet speed has doubled, nearly tripled. I ran symantec's online scan again because when i was looking at the thing i saved it read it ran like 6 times and it was cancelled? Don't know how because i was sleeping, I left it ranning overnight. It found one thing, an uninstaller so my brother deleted it. It works great now. This site is very helpful and I'll use it for future references. Thanks so much. OH yeah and do you have any suggestions for firewalls or anything? mcafee seems not to be working for me all that well.

PS-
I feel exactly how you feel about AOL. Only used for a chatting tool. I mean not even good for mail or anything. Peice of garbage. I don't know why my dad still has it around. I don't even use it anymore. It is the one that started my computer messup when i downloaded the 9.0 security version.
Reply With Quote
  #15  
Old 03-31-05, 14:41
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,583
Thanks: 62
Thanked 7,741 Times in 4,181 Posts
Default Re: Spyware problems, just lots of problems and need help

You're welcome. See the below on suggestions for firewalls and some other steps you should be taking:

How to Protect yourself from malware!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Sponsored links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 21:22.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger