Avenue A, Inc & FunWebProducts

Hi,

I have read your How to's and downloaded, installed & run all your Spyware removals (except Hijack this) - bloody good stuff. Well done to the programmers. Plus MG for sharing it

However I still have FunWebProducts in the Spybot-S&D - it says it cannot remove it.

Also I keep getting message boxes with this message:
'Spybot-S&D reports you want to download "Avenue A, Inc.". This is a known threat. Do you want to BLOCK this download.'

Each time I click Yes - but I still get the message again.

Could anyone help pls I feel a bit like a small fish in a BIG pond...

Oh yeah run WinXP SP2

 

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT


We are very busy here at MajorGeeks.Com PhilliePhan, Chaslang or myself with check back when time permits.!

 

Hi bjgarrick plus any others watching

I have run all the Spyware you suggested in Safe Mode, with Sys Restore disabled.
No viruses were found from any of those listed by MG- Adaware did find some Non virus stuff which has been Quarantined.
Have also run CCleaner

I still get the message pop-ups from SpybotS&D

I also noted that the Sbybot S&D message about Avenue A, Inc, appears most frequently when I am logged on to MG website!
I have not run Hijack this yet...should I ?

Thanks - I understand your busy.

 

Yes, Go ahead and run HJT and post me a log. Attach it to your post.

 

BJGarrick.
Please find attached log - hope I did it right - excuse me if not....
like I said small fish BIG pond, just starting out

One more thing, when the message frm Spybot comes up + I click 'yes' to BLOCK Avenue A, Inc.... I need to refresh my web page as it freezes when loading.

Thanks

 

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.


R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adserv.internetfuel.com/cgi-bin/omnidirect.cgi?SID=82&PID=2&LID=3

O4 - Startup: Thumbs.db

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/

O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.co.uk/downloads/BUM/BUM_WIN_IE_1/axofupld.cab


Again make sure All Browser Windows are Closed when you Click FIX.


NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"



Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot, Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and how your computer is running now.

Good Luck

 

HI,

Back again - quick swig of T whilst all that went on. Did all as u asked
OK so I could not delete

O4 - Startup: Thumbs.db..... something about Start up

and running Spybot - FunWebProducts was back. S&D could not delete, again something about Start Up.

Have attached my new log

 

Oooh sorry mean't to add.

I do not appear to get the messages from S&D, fingers crossed.
Also u got me to remove:

O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsaf...unttracking.cab

Can my wife still use money manager ? Or will she have to create it again?

Thanks

 

Your log is clean!

Are you currently experiencing any problems?

 

This is where you installed the software from there website. When you access the site again it will prompt you to install again, no biggie!

 

No problems - so far. Will contact MG if I do
Although S&D could not remove FunWebProducts.
and I could not delete the 'O4' HJT key.

Presume I needn't worry any further then
Thanks

 

What does Spybot do when removing FunWebProducts?

 

It comes up with a message box - cannot fully remeber what it says, will run it again and post the message to you.
But from what I can remember it cannot delete it due to something to do with Start up.

 

Ok, Let me know so we can get this removed. Also look in Add\Remove Programs for anything relating to this. Sometimes it will be in there.

 

It says:
'Some problems couldn't be fixed; the reason could be that the associated files are still in use (in memory). This could be fixed after restart. May S&D run on restart?'

Sorry my mistake about Start up ! However I have clikcked YES to this, but still same response after restart.

 

Oh looked in Add/Remove Progs - nothing suspicious their.

 

What is it finding? Is it files or registry entries?

 

Looks like registry entries.
HKEY_USERS\S-1-5-19\Software\FunWebProducts

 

Let's try this before we start with .reg files.

First:

Download Ad-Aware SE

Second:

Select "Check For Updates" download the available udapte.

Third:

Click Start, Choose Full System Scan.

Remove all found infections.

Do you have either of these in add/remove?

Let me know if this fixes it.

 

I have neither of the programs you listed in the .gif files

I have been using Adaware SE Personal with regular updates - this finds nothing. Am downloading the new version now and will run that. Will reply with answer soon.
Thanks

Do you guys ever sleep - aren't you in USofA is it night there?
I applaud your assistance and persistance

 

Its 11:18 AM here right now.

 

Oh I see ~23hrs ahead.
Still scanning Adaware

Can I ask how you guys get your tags (e.g you are First Sergeant) Is there an order - there seem to be many different varietys

 

They are determined by post count. Your title will be "Private First Class" when you reach 30 post.

 

Oh nothing to do with cleverness in PC (or Mac) land !! Only joking

Anyhoot back to it Adaware done nothing found.

 

Download SpySweeper (30 Day Trial)

Update your definitions then do a full sweep of drive c:\


Let me know how this works

 

OK as long as I don't keep getting asked to pay after 30days !

 

You wont be able to update after the 30 days is up. This is a fully functional trial so it will remove everything, no limitations.

 

Cool its from MG - I kinda trust it then

Tis running now - will reply with its answer.....maybe some time.
Black coffee time

So what do you do - job wise?
I am currently trying to get into to IT field (just left metal pretreatment job), looking at MCDST exam soon, am learning as I go.

 

I am currently in school for Electrical & Computer Engr. Master's. Got a while left lol

 

Thats a tad different to what I thought.... is that PC build software type or hardware/motherboard etc?

SpySweeper still going

 

When I am complete, I hope to be able to do it all.

 

When you do can you create a PC with self destruct mode !

SpySweeper done - removed alot 138 traces 16 items, however 4 ignored traces... mean anything ?

 

, What was the 4 ignored products?

 

Ran Spybot S&D again..... removed DSOExploit, however CoolWWWSearch.Googlems + FunWebProducts could not be.

Now I have 2 unremovables in S&D, what is going on.

 

Download the Spybot - Search and Destroy DSO Exploit Fix. After you download, install this!


After applying the above, download CWShredder 2.13 and run it. Let me know if this helps.

 

Not sure how to view ignored traces in SpySweeper

 

Make sure you update SpyBot S&D by clicking on "Search For Updates" and download all available updates. Just in case you havnt

 

Scanning now - although have already done this.
Will be back

 

Ok now its getting wierd... CoolWWWSearch.Googlems was NOT present using CWShredder, but was in S&D.
Just run S&D again, NO CoolWWWSearch.Googlems? - however still got FunWebProducts

What is going on ??

 

This is weird, post me another HJT log to make sure everything there is still ok.

 

HJT log as requsted.
What a cuffuffle

 

Have HJT fix this entry,

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)

Other than this, everything looks ok. I will have Chaslang or PP check this out to be sure. Im sure they will think of something.
Hang in there until one of them arrives.

 

Have deleted the entry....

'Other than this, everything looks ok. I will have Chaslang or PP check this out to be sure. Im sure they will think of something.
Hang in there until one of them arrives.'

OK will wait for Chaslang or PhilliePhan - hope there not too long

Cheers for your help BJGarrick

 

Will be back 2morrow..... it is now 22:41 GMT

Hope to speak/annoy someone with my probs then !

 

Hi I reinstalled Sbybot + got rid of the older version - same for adaware.
Ran them both this morning (in safe mode, Sys Restore still off) and I appear to be clean !
How do I create a log file for Spybot ?

As for AVG + Symantec, symantec came with Norton (I think ).
Why should I only have one installed, isn't it better to be doubly protected

 

Please ignore my inability to find the log !
I have attached it for you.... hope its the right one.
I did a separate scan a 2nd time 'not in Safe Mode' and FunWebProducts is back

Now I am well confused as to what is going on.
In your opinion if I have to get rid of 1 AV should it be Symantec (which I cannot update & if I do uninstall it would I have to get rid of Norton) or AVG ?

Thanks

 

Just found some interesting reading on this. The registry keys are just leftovers and are not dangerous. SpyBot and other tools cannot fix the entries in "HKEY_USERS" like the ones you have. For complete removal, you need to delete the registry entries manually


Follow me here:

First:

Make a backup of your registry before modifying it.

Now click Start > Run > Type in regedt32 and press OK.

Second:

Navigate to the following key:

HKEY_USERS\S-1-5-19\Software

Now look for Fun Web Products, After you find it right click and delete it.

Third:

Exit Registry Editor.

Problem should be resolved. Let me know how this work

 

Yes, When running Norton Internet Security your running 2 firewalls including Windows XP Firewall. When running Norton AntiVirus & AVG your running 2 antivirus programs. You need to choose ONE firewall & ONE antivirus program so that you wont have any conflicts and/or problems. Personally I would do without NIS as it can cause major internet connectivity problems if something ever happens to it, same goes with NAV. But its completely up to you what you keep and what you uninstall.

 

Thanks for getting back to me - sorry was delayed - went out with kids.
OK please be gentle with me here I am a little wary of doing this, but in the cause of learning I will.
1. How do I back up reg keys ? On to what format CD, HDD etc
2. Would like to talk further on the AntiVirus (Norton AVG) topic some more. However one thing at a time is my way to go.