All spyware programs fail to detect, except for Norton Antivirus

Ive printed all the instruction and I’ve spend hours to run all the programs and still gettingpopups.
I’ve saved all the logs as asked.
My last scan was w/ Norton and the problem is still there, it’s called;
“ Spyware.Apropos.C”
File name ; C:\WINDOWS\System32\plufeman.dll

Can u help? plz

 

Download this trial version of Ewido Security Suite

• Install ewido security suite
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will have a window come up. One of the buttons on the left is to Update. Click the Update button.and then Start the Update. The update will start and a progress bar will show the updates being installed.
• After it completes the update, click the Scanner button

Now exit Ewido. Now print the below instructions or save them locally because I want you do have no browsers opened and also have no connection to the internet (unplug your cable) while doing the below.

Okay, reboot into safe mode and follow the steps below. (If you have any problems at all trying to get into safe mode to complete these steps, just run them in normal boot mode and make sure you tell me when you come back.)

Open up Ewido and do the following:

• Click on Scanner
• Then click Settings
• Under What to Scan? Select Scan every file
• Then click OK
• Click on Complete System Scan and the scan will start.
• Let the program scan the machine

While the scan is in progress you will be prompted to clean files that are infected. Leave the defaults selections (to Remove and backup) and click OK. To save yourself some time, you can select Perform action with all infections and then click OK. With the option to scan every file, a lot of cookies will be removed.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

• Click Save report
• Save the report to your desktop or anyplace you will be able to find it to upload here.

Reboot into normal mode and reconnect to the internet.

Come back here and post the Ewido Scan Report along with a fresh HJT log.

 

I've tried this program as per instructions.
None of this programs have detected this spyware, only my NortonProfesinal2005 is detecting this problem.
As per Symantec instructions , their is nothing to delete .

 

We will worry about what detects it later, just procede with these scans as listed. These are basic cleanup steps...

Please download Spy Sweeper

• Click the link above to download the program.
• Install it. Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed, click Options on the left side.
• Click the Sweep Options tab.
• Under What to Sweep please put a check next to the following:
  
  • Sweep Memory
  • Sweep Registry
  • Sweep Cookies
  • Sweep All User Accounts
  • Enable Direct Disk Sweeping
  • Sweep Contents of Compressed Files
  • Sweep for Rootkits
  • Please UNCHECK Do not Sweep System Restore Folder.
• Click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into notepad and save it as spysweeper.txt and attach it to your next post along with a fresh HJT log.

 

Re; Ewido Security Suite scan in Safe Mode,
I had to stop after about 1 hour, because it showed 1.2% scanned, at this speed it will take me all night and all day just to run this scan in safe mode,
is this normal? should i disable Norton? What am I doing wrong?

If that’s the case I'll be in touch w/ you tomorrow evening.
Advice plz.

 

No, thats not normal at all with Ewido, skip that and run Spy Sweeper, disable Norton to be sure. After you run SS, then try Ewido again, if problem remains just skip it all together.

 

ok I’ve scanned w/SS and I'm attaching the log and there is new HJT log.
I've tried Ewido program, same thing ,vvvv slow, 0.2% in 15 min so I just canceled as u suggested

 

Hi Bj,
took me all night and I've scanned w/Ewido.
I hope this will help, here is the att. hope this will help to see whats wrong.

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Spy Sweeper

Ewido

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (file missing)

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (file missing)

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

Again, make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


After you complete the above, REBOOT and attach a fresh HJT log and let me know how things are running.

 

unplug internet?

 

You don't have to for this fix.

 

Ok, I;ve done as per instructions, uninstall this 2 programs then I run 2 scans with flying colors, thn I run HJT and loge is saved, than I run Norton and the problem is still there (Spyware.Apropos.C ) there.
Then I try to report to u but somehow I’ve lost Internet connection, took me a while to find out what was it, it as my router.
So here I’m back with HJT log.

 

Download Pocket KillBox
(Don't run it yet)

One thing I notice is that your running Norton and Avast, this is not recommended as running more than one antivirus will cause conflicts on your computer. Pick one and uninstall the other!

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\System32\plufeman.dll into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, reboot and let me know how things are running!

 

Everthing goes fine untill when it comes to click on red X, when i click on it nothing happens.

 

Never have I heard of this, make sure the complete filename is in the provided space before you click the red X.

 

After few tries it let me do the thing as per instructions.
After the reboot I run Norton again, the damn thing is still there.

 

Have you uninstalled one of your antivirus programs?

Disable Norton & Microsoft AntiSpyware and try the previous fix again.

 

yes i did uninstall Avast.
I've disabled Norton & Microsoft AntiSpyware
Now when i get KillBox and paste C:\WINDOWS\System32\plufeman.dll ,
plufeman.dll its not there in blue.
Its empty.

 

bj i just finish scanning w/ Norton, and i got clean bill of health !!
the spy ware is GONE , i hope.
BJ what is your advice re. spyware program, which should i keep?
Microsoft Spyware or AdAware Se Personal program?

I'll be in touch in about 1 week

Thanks, thanks thanks!!!

 

Hi Bj , I'm still getting popups,what else can I do?

 

Sorry about the delay, been really busy lately at work.

If your still having problems attach a current HJT log from normal mode.

 

ok Bj , here is the log

 

Your log is clean, what problems are you having?

 

Hi Bj , I’m getting 3 types of popup;
1 -“Your computer maybe infected …….
To scan your PC click here..”
2 – Popup with smiling faces
3 - small popup the size of 2”x3” with general advertising

 

Let's do a sweep with SS and see if anything is detected.

Please download Spy Sweeper

• Click the link above to download the program.
• Install it. Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed, click Options on the left side.
• Click the Sweep Options tab.
• Under What to Sweep please put a check next to the following:
  
  • Sweep Memory
  • Sweep Registry
  • Sweep Cookies
  • Sweep All User Accounts
  • Enable Direct Disk Sweeping
  • Sweep Contents of Compressed Files
  • Sweep for Rootkits
  • Please UNCHECK Do not Sweep System Restore Folder.
• Click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into notepad and save it as spysweeper.txt and attach it to your next post along with a fresh HJT log.

 

As per instructions

 

Can't remove SpySweeper , whats wrong w/ this programs?

 

Please Download TrojanHunter 4.2

• Install TrojanHunter, At the end of the install setup will prompt you to update definitions. Click YES to update TH!

• Once installed and updated, select drive C:\ and do a Full Scan. Remove all found infections.

• After you have completed the scan and removed all found infections reboot and attach a fresh HJT log.

 

The scan did not show any spyware or enything to delete, here is HJT log.

 

You can uninstall TrojanHunter, SpySweeper and Ewido unless you just want to keep them.

Your HJT log is clean, are you having any problems?

 

Ok I've done it as u asked ( uninstalling ).
The problem is still the same, i'm getting 3 types of popup as I've mentioned
before.
(1 -“Your computer maybe infected …….To scan your PC click here..”
2 – Popup with smiling faces
3 - Small popup the size of 2”x3” with general advertising)

It dose not matter if i use IE or Mozilla browser

 

Click on the link below and run the online scan...

Kaspersky Anti-Virus Online Scan

• Click on "Kaspersky Online Scanner"
  
• Click Accept to procede...
  
• If this popup displays, Install Kaspersky's ActiveX Control
  
• If this popup displays, Install the "kavwebscan_unicode.cab"
  
• After all updates are downloaded, click NEXT to continue...
  
• Click Scan Settings and select extended and make sure both boxes are checked at the bottom, Click OK to continue.
  
• Now click on My Computer and let it run!
  
• This scan may take a while but it is very thorough. After the scan is complete save the log as a txt file and attach it to your next post.

 

Kaspersky scan done, log atachted.

 

'm just moving this back up

BJ,
Im still here, what now?
Have u seen my lod from Kaspersky?

 

It appears the detected items are part of your files, if you didnt download these items and know nothing about them then I would delete them.

Go back and run post #4 again, get the latest updates and run one further scan and post the log. After you complete the above, run the below...

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

 

I've done #4, but .. at the first scan i got stack so i had to aborted the scan and what ever was found was cleaned and than i made a second scan and i got clean bill of health, so there was nothing to save for the log( there was no option to click " next")

Next scan went w/out any problems, plz see the att.

Re: ""It appears the detected items are part of your files, if you didn’t download these items and know nothing about them then I would delete them."" -yes i did download these programs

 

What is the file attached? Please repost this log as a .txt or .log attachment.

Also, are you still having problems?

 

Hi BJ,
The attached file was saved in Words, so now i've change it to txt.
It is the scan from WinPFind .
Now i'm still getting popups w/ diffrent mesadges.

 

The log looks ok to me, the only thing I see that is a concern is the below...

C:\WINDOWS\prctG

Manually locate this folder/file and check it out to see what it is and if it looks legit to you.

Run this Panda Online Scan. After the scan attach the log to your next post. Also please follow the below:[/B]

 

Can not find "C:\WINDOWS\prctG" or there is no such thing on my C drive or I don't know how to find it .

Panda scan , i got clean health of bill , all resaults were 0 found.
Than u asked me run WinPFind, so i did, plz see att.

 

Surf in to windows updates and get updated. Install Service Pack 2 and afterwards get all critical updates.

After you update your OS let me know how things are running.

 

I do not want Service Pack2, some people have problems with it,
U cant have SP2 if your computer was infected and I’m still infected ( did u see Kamensky log?)
SP2 want get rid off my problem, u know that, than y such advice?
U just gave up on me and don’t know how to get rid off the problem

 

If I tell you to do something, I'll assure you it will not hurt anything. Serivce Pack 2 is a critical update and must be applied to the Windows XP operating system. What that means is you dont need to install it when your infested, as in loaded with a ton of infections, not one or two things. It's best to be clean but in some cases you have to have this update before you can remove those due to vulnerabilities in SP1.

Yes, I saw the log, the infections that were detected are items that belong to you. You chose to keep them so therefore thats your risk.

Not having Service Pack 2 is very critical and I highly recommend you update, if you still choose not to then I would recommend you have Service Pack 1a with all critical updates applied with a up-to-date antivirus and firewall.

To continue with this, please follow the below...

Download L2MeFix Tool and save it where you will be able to find it.

Please print out these instructions now or save locally so that you can operate with All Browser Windows CLOSED.

Exit Browsers now before continuing

Please move the L2MeFix Tool to your Desktop and DoubleClick l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix Folder on your Desktop. DoubleClick l2mfix.bat and Type 1 and ENTER to select Option #1 for Run Find Log . Allow it as much time as it needs to run until NotePad opens with a log. Save this log. You will need to post this log back here later when you come back.

Next DoubleClick l2mfix.bat and type 2 and ENTER to select option #2 for Run Fix. Then, press any key to Reboot your machine.

Your computer will go crazy for a bit, but just let it run. It should eventually spit out a log in Notepad. Please also attach this log to your next message.

Now open your browser and come back here and post the above two logs as attachments to your message. Also indicate your current status.


NOTE: Please do not run any other options or files in the l2mfix Folder!

 

Bj , all scaning went without any problems, see atts.

 

I dont see any infections in any of the logs you have posted, are you still having popups?

 

I'm getting about 1 to 2 pops in 1 hour.
U said " Yes, I saw the log, the infections that were detected are items that belong to you. You chose to keep them so therefore thats your risk"
which ones , how to get rid off them?

 

These are ok as they are in quarantine.

These can be delete by navigating to the directory and removing it. You will most likely have to have the hidden files enabled along with the hide operating system files unchecked to see this folder.

Same thing here, just delete the FTP4 folder to remove all of these at once.

Here, just locate and delete the Programy z eMule folder.

Same thing as above, delete the folder!

Here, manually locate these files and delete them one by one.

Same as above, just delete the folder.

Like I mentioned before, these may or may not be things you have downloaded but I recommend they be removed because they are infected.

If you choose to remove these, reboot into Safe Mode so you wont have any trouble. Afterwards let me know how things are running.

 

I think i've done everthing as u said.
Ive run another scan w/Kaspersky, still there is e problem as u can see.
I 've att. 2 logs , one from Nov 26 and the last one Nov 28.
What now?

 

Download Pocket KillBox

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\system32\loclsapi.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\system32\spmuicom.dll into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\Program Files\Norton AntiVirus\Quarantine\6F610198.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

 

Everything went as per instructions.
Now wait to see if i get any popups?