MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 08-11-05, 23:34
eagle2's Avatar
eagle2 eagle2 is offline
Private E-2
 
Join Date: Aug 2005
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default adware causing popups in Ie (outerinfonetwork)

i read and followed all the directions in the Read This First: Spyware, etc, thread. i still get popups in Ie for things such as winfixer and partypoker.com four days ago a trojan got through my noton quarantine and zonealams. now i have a program on my add/remove menu called OIN (outerinfonetwork). it gives me the remove option, but i was affraid to try it before asking an expert. can you please help?
Reply With Quote
Sponsored links
  #2  
Old 08-11-05, 23:36
bjgarrick's Avatar
bjgarrick bjgarrick is offline
MajorGeeks Admin - Malware Expert
 
Join Date: Oct 2004
Location: Southern Alabama
Posts: 16,069
Thanks: 0
Thanked 224 Times in 221 Posts
Default Re: adware causing popups in Ie (outerinfonetwork)

Download HijackThis 1.99.1

Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

Run HijackThis and save your log file.

Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

Need help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting
Reply With Quote
  #3  
Old 08-12-05, 00:06
eagle2's Avatar
eagle2 eagle2 is offline
Private E-2
 
Join Date: Aug 2005
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: adware causing popups in Ie (outerinfonetwork)

thanks
Attached Files
File Type: log hijackthis3.log (7.9 KB, 2 views)
Reply With Quote
  #4  
Old 08-12-05, 00:22
bjgarrick's Avatar
bjgarrick bjgarrick is offline
MajorGeeks Admin - Malware Expert
 
Join Date: Oct 2004
Location: Southern Alabama
Posts: 16,069
Thanks: 0
Thanked 224 Times in 221 Posts
Default Re: adware causing popups in Ie (outerinfonetwork)

Download Pocket KillBox
(Don't run it yet)

Please look in Add or Remove Programs for the following and Uninstall them if found:

Microsoft Antispyware
(Uninstall this because it will block parts of this fix)


Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {961EE06B-74FF-040E-DE9F-7582C86D7CB4} - C:\WINDOWS\system32\bqdiaiwn.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0802] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0802NetInstaller.exe"/BEFOREINSTALL
O4 - HKCU\..\Run: [Oevs] C:\WINDOWS\system32\??anregw.exe
O4 - HKCU\..\Run: [Cpue] C:\Program Files\sswp\cruu.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab

O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K92RWXIN\CWShredder[1].exe (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.


NOW:
Navigate to and DELETE the following if they should remain:

C:\Program Files\sswp ← Delete this whole folder if it exist!

C:\WINDOWS\system32\??anregw.exe
(You will need to manually search for this file, the ? represents an unprintable character so it will be at the bottom of the list. Once located right click and delete it)


Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0802NetInstaller.exe into the box If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now Click YES and allow your PC to reboot.
  • If you get an error message about Pending Operations, just reboot your computer manually.
After you complete the above, reboot and attach a fresh HJT log. Also let me know how things are running.

Last edited by chaslang; 09-02-05 at 20:59.. Reason: change PK to MG's link
Reply With Quote
  #5  
Old 08-12-05, 01:19
eagle2's Avatar
eagle2 eagle2 is offline
Private E-2
 
Join Date: Aug 2005
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: adware causing popups in Ie (outerinfonetwork)

almost everything went ok but,

O4 - HKCU\..\Run: [Oevs] C:\WINDOWS\system32\??anregw.exe
and
O4 - HKCU\..\Run: [Cpue] C:\Program Files\sswp\cruu.exe
didn't show up in the safe mode scan.

also I deleted C:\Program Files\sswp i couldn't find C:\WINDOWS\system32\??anregw.exe

here's my new HJT log not in safemode
Attached Files
File Type: log hijackthis5.log (6.7 KB, 1 views)
Reply With Quote
Sponsored links
  #6  
Old 08-12-05, 02:01
eagle2's Avatar
eagle2 eagle2 is offline
Private E-2
 
Join Date: Aug 2005
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: adware causing popups in Ie (outerinfonetwork)

update: i'm still getting poppups
Reply With Quote
  #7  
Old 08-12-05, 22:04
bjgarrick's Avatar
bjgarrick bjgarrick is offline
MajorGeeks Admin - Malware Expert
 
Join Date: Oct 2004
Location: Southern Alabama
Posts: 16,069
Thanks: 0
Thanked 224 Times in 221 Posts
Default Re: adware causing popups in Ie (outerinfonetwork)

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.

Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:

??anregw.exe

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

O4 - HKCU\..\Run: [Oevs] C:\WINDOWS\system32\??anregw.exe
O4 - HKCU\..\Run: [Cpue] C:\Program Files\sswp\cruu.exe

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\Program Files\sswp ← Delete this whole folder if it exist!

C:\WINDOWS\system32\??anregw.exe (You will need to manually search for this file, the ? represents an unprintable character so it will be at the bottom of the list. Once located right click and delete it)

NEXT:
Run CCleaner to clean up cookies and temp files.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin


And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Reply With Quote
  #8  
Old 08-31-05, 20:20
eagle2's Avatar
eagle2 eagle2 is offline
Private E-2
 
Join Date: Aug 2005
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: adware causing popups in Ie (outerinfonetwork)

sorry its been so long, i've been moving into the dorm.

i did everything you asked.

couldn't find

C:\WINDOWS\system32\??anregw.exe
Attached Files
File Type: log hijackthis6.log (6.7 KB, 1 views)
Reply With Quote
  #9  
Old 09-01-05, 13:27
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,237
Thanks: 61
Thanked 7,613 Times in 4,098 Posts
Default Re: adware causing popups in Ie (outerinfonetwork)

BJ is one of the many people impacted by hurricane Katrina. Let's hope all is well.

You log is clean now. Are you have any other malway problems?
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 22:18.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger