Help removing known spyware/addware

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by horyce, Aug 5, 2006.

  1. horyce

    horyce Private E-2

    Cant get rid of malware/virus please help

    Hiya im new to this sort of thing so sorry for the lack of technical terms ect.

    Im having problems with what i assume is a hijacker (could be wrong) but my internet network usage and cpu usage are always jumping around like i have demanding programs running, even when i try to close as much programs as i can.

    I tried everything from your READ & RUN ME FIRST stick but ive still not gotten rid of it i could really use some help and/or advice.

    Thanks in advance for your help
     
  2. horyce

    horyce Private E-2

    Re: Cant get rid of malware/virus please help

    Possibly should also say that regardless of how i configure my startup it always tries to start my internet connection at startup and re-tries if i disconnect. Not sure if this helps.

    Also attached all files you may need to see.
     

    Attached Files:

  3. horyce

    horyce Private E-2

    Hiya Id appreciate some help or advice in removing some malware from my machine.

    As far as i can see my problems are these.

    DollarRevenue
    Hidewindow.A
    Killapp.B
    BehavesLike

    I dont know which is the worst or if they are at all connected but i cant seem to get rid of them please help.
     
  4. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    I merged your previous thread with your new one, please post in here from now on.

    Please see the below threads...
    Once you have followed each thread you should attach these three logs to your next post.
    • WinPFind.txt
    • runkey.txt
    • newfiles.txt
     
  5. horyce

    horyce Private E-2

    Sorry bout the multiple posts/threads i couldnt find how to edit my post.
    Ok heres the three logs you requestd hope it helps.
     

    Attached Files:

  6. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Download Pocket KillBox
    • Save it to your desktop or a place easy to find.
    • Do not run it yet
    Please look in Add/Remove Programs for the following and uninstall them if found:

    SpywareBot
    (This was added to the Rogue antispyware products list)

    Next, run CCleaner to clean up cookies and temp files.

    Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.
    Locate PocketKillbox
    (Procede with this step even if they do not show in blue)

    Now, Copy and Paste C:\WINDOWS\scvv.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

    Now, Copy and Paste C:\WINDOWS\system32\win_yq.dll into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

    • If you get an error message about Pending Operations, just reboot your computer manually.

    Once you complete this post attach a fresh HJT log and let me know how things are running.
     
    Last edited: Aug 6, 2006
  7. horyce

    horyce Private E-2

    OK ran through your last post fine with no problems and after reboot there seemed to be improvement as i got no attempt to coonect to my isp.

    I manually connected to check network usage andnoticed its still the same though along with cpu usage, im getting strange regular spikes of activity on both varying between 0% - 13% for network and 0% - 10% for cpu, im pretty damn sure i wasnt getting this before i had these problems.

    It definitly seems like my machine is a bit slower and it takes longer for web pages to load ect than before too.

    I appreciate all the help so far though :)

    Also heres the new HJT log you need.
     

    Attached Files:

  8. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Have HJT fix the below entries:

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

    O20 - AppInit_DLLs: C:\WINDOWS\system32\win_yq.dll

    Once you fix these entries, reboot and attach one last HJT log.
     
  9. horyce

    horyce Private E-2

    Hiya again

    OK fixed those lines in HJT but it produced an error message as follows.
    Heres the latest HJT log too.
     

    Attached Files:

  10. horyce

    horyce Private E-2

    Sorry forgot to mention that there is no change in network/CPU usage.
     
  11. horyce

    horyce Private E-2

    Sorry to be a pest but any news on the last log i gave?
     
  12. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Your logs look ok, are you having any further problems?
     
  13. horyce

    horyce Private E-2

    Well i was still having a lot of network/cpu usage problems but since my last post ive ran bitdefender again and it found and deleted 3 cases of BehavesLike
    and now it seems a whole lot better.

    Im now about to do another panda activescan and see if it picks up anything else, i did start one earlier but had to stop it running the full scan but it did pick up DollarRevenue before i stopped it.

    I could post another activescan log if you want.
     
  14. horyce

    horyce Private E-2

    ok ran activescan and it picked up a few problems, any advice on removing these would be greatly appeciated thanks very much.
     
  15. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Attach the logs so I can see what's being detected.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds