Ad-Aware hanging

Discussion in 'Malware Help (A Specialist Will Reply)' started by mdowns, Mar 28, 2005.

  1. mdowns

    mdowns Private First Class

    Hey folks! :)

    I'm trying to run Ad-Aware on a friends computer, but I'm having a little difficulty. It hangs whenever it reaches a particular registry key in the system scan. This is after it has found about 14 problems to fix. But, since it hangs and won't complete the scan, I must cancel the scan, therefore being unable to remove the problems.

    Any ideas on why this would happen?

    My friends comp specs are NEC LaVie laptop, with Celeron 2.2, 256 MB RAM, Windows XP Home (Japanese version).

    Thanks for your help.
     
    mdowns, Mar 28, 2005
    #1
  2. Whovian33

    Whovian33 Private First Class

    I saw your problem. You probably have multiple Trojans. If you have Spybot S&D, run that in safe mode; then run Ad-Aware in safe mode; if it's still a problem then go to majorgeeks.com and get a WinPatrol download. You will have to do a TAC on each Trojan so you can track it down in WinPatrol. Good Luck. OLB
     
    Whovian33, Mar 28, 2005
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Below I have included our complete standard cleanup procedures. These will include running Ad-Aware and Spybot S&D in safe mode as whiteturtle33 suggested, but a bunch of other scans are also included. If you still have problems after running the READ ME FIRST, the follow up HijackThis log will help us locate the remaining problems.


    - Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem:

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, Mar 28, 2005
    #3
  4. mdowns

    mdowns Private First Class

    Hey folks.

    Thanks for all your suggestions with this. I did everything you suggested in the tutorial. I ran the scans (during the McAfee scan, it picked up one trojan, while Avast also picked up 2 trojans durning the scan...sorry, I didn't catch their names). I ran the various programs suggested in the tutorial. But, when trying to run Ad-Aware, it was still hanging during the deep scans of the registry and files. (If I did a custom scan and didn't deep scan the registry and excluded the NEC file from the file scan, then everything went fine.) So, I ran HijackThis, and attached the log file.

    Other than the hang with Ad-Aware, Spybot and Spyware blaster work just fine. And Avast doesn't seem to have any problems either.

    Let me know what you guys think. And, thanks again. :)
     

    Attached Files:

    mdowns, Apr 3, 2005
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Look for the below process(es) and if found, End them:

    C:\WINDOWS\System32\conime.exe

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O2 - BHO: IDN Helper Object - {118CE65F-5D86-4AEA-A9BD-94F92B89119F} - C:\WINDOWS\Downlo~1\CNSMIN~1.DLL
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    After clicking Fix, exit HJT.

    Boot into safe mode and use Windows Explorer to delete:
    C:\WINDOWS\System32\conime.exe
    C:\WINDOWS\Downlo~1\CNSMIN~1.DLL

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now run Ccleaner (installed while running the READ ME FIRST).

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.

    As for a lot of other items in your log, I'm not familiar with a lot of them. Many appear to link to information for from sites in Japanese. Can you provide feedback on any of the below processes and items loading that you do not recognize:
    C:\Program Files\DigiOn\DiXiM Media Server\dmsf.exe
    C:\WINDOWS\system32\NTMETER.EXE
    C:\Smdata\ReadSctService.exe
    C:\Program Files\Justsystem\ATOK15\ATOK15MN.EXE
    C:\Program Files\necmfk\necmfk.exe
    C:\Program Files\SmartHobby\PlugIn\MovieWriter\PlugPlayDetect.exe
    C:\Program Files\nectvrc\tvrc.exe
    C:\Program Files\SmartHobby\PlugIn\CopyFromDigitalCamera\SearchM.exe
    C:\Program Files\Justsystem\JSLIB32\JSQSF32.EXE
    C:\Program Files\PLANEX\GWUS54GZ\WLAN_GW-US54GZ.exe
    C:\Program Files\wlman\wlman.exe
    O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
    O4 - HKLM\..\Run: [SHRunOnce] C:\Program Files\SmartHobby\SHRunOnce.exe
    O4 - HKLM\..\Run: [NECTVRC] C:\Program Files\nectvrc\tvrc.exe
    O4 - HKCU\..\Run: [SearchM] C:\Program Files\SmartHobby\PlugIn\CopyFromDigitalCamera\SearchM.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.biglobe.ne.jp/
    O23 - Service: DiXiM Media Server - Unknown owner - C:\Program Files\DigiOn\DiXiM Media Server\dmsf.exe
    O23 - Service: NT Meter - Unknown owner - C:\WINDOWS\system32\NTMETER.EXE
    O23 - Service: BroadPass Manager (Poling_Service) - “ú–{“d‹CŠ”Ž®‰ïŽÐ - c:\Program Files\BIGLOBE\BroadPass\base\base.exe
    O23 - Service: ReadSector (ReadSctService) - Unknown owner - C:\Smdata\ReadSctService.exe
     
    chaslang, Apr 3, 2005
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds