Description of my "spyware "problem

Hello,

I have been able to get rid of all but one "sypware" using Ad-Aware and Spybot. The one remaining is the appearance of http://anal.freegayspace.com about 1-2 minutes after I open MSN explorer or IE6. The pages usually have different url's like http://sbchbarchatthere.321.ch OR http://odgamechatthere.321.ch. I use WIN XP Home with SP2 and IE6. I have make a Kijack This log and would like to post for analysis.

Thanks, krazykat

 

chaslang & Sgt sweetie

I have done all the things and scans you requested before I post. I still have the "porn page problem" whicl loads about 1-2 minutes after I open MSN explorer.

The additional scans found 2-3 files which were removed.

One additional item, that might mot might not be related: About 3 minutes fter logging on to my MSN account I receive the message that "MSN can not connect to the e-mail server" . I click OK to remove the error message ---- but I am now unable to go to any other web sites, even MNS home page. I get the "Page not founf "error. BEFORE the "can not connect to e-mail server" I have no problem connecting to any other web page eg. GOOGLE, CNN, MSN, majorgeeks.

So, attached is my hijackthis log file for yor review. Thanks in advance for your time.

There is no file attached because whenI click on "manage attachements" I do not receive a bouse window to go to the file. What am I doing wrong???

krazykat

 

haslang & Sgt sweetie

I have done all the things and scans you requested before I post. I still have the "porn page problem" whicl loads about 1-2 minutes after I open MSN explorer.

The additional scans found 2-3 files which were removed.

One additional item, that might mot might not be related: About 3 minutes fter logging on to my MSN account I receive the message that "MSN can not connect to the e-mail server" . I click OK to remove the error message ---- but I am now unable to go to any other web sites, even MNS home page. I get the "Page not founf "error. BEFORE the "can not connect to e-mail server" I have no problem connecting to any other web page eg. GOOGLE, CNN, MSN, majorgeeks.

So, attached is my hijackthis log file for yor review. Thanks in advance for your time.

There is no file attached because whenI click on "manage attachements" I do not receive a bouse window to go to the file. What am I doing wrong???

krazykat

 

Chaslang,

THANKS for the reply and the instructions.

I have followed your instructions and attached a new hijackthis log.

After I made the corrections I went on line for about 10 minutes as a check and the porn pages DID NOT pop up as before. So, for the 10 minute test, they appear to be gone. I will do a longer test after I post this reply.
Thanks again for your time, Let me know if there are additional instruction concerning the new hijack this log.

AGAIN thanks, at least for the short test the porn pages did not pop up.


I have added some comments/results, underlined, to some of your instructions. I could not complete some of the items, but I listed the things I was able to do.

Next time please run ALL steps of the READ ME FIRST. You never ran the online scans. In safe mode my modem would not connect.( I did see that I could have completed this step in normal mode after a second read), Did you skip anything else? Not that I know of.

Make sure you have system restore disabled and viewing of hidden files enabled (per the tutorial).

Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Look for any of the below processes and if found end them:
bwqdkar.exe not present
yawuha.exe not present
msass43.exe ended

Boot into safe mode and use Windows Explorer to delete
:
C:\WINDOWS\system32\msass43.exe deleted

C:\WINDOWS\SYSTEM\blank.htm "blank.htm" not present in \SYSTEM. I did find it in C:\WINDOWS\SYSTEM\OOBE\BLANK.HTM but DID NOT DELETE also found C:\windows\PCHealth\HelpCtr\System\panels\blank.htm but DID NOT delete.

C:\WINDOWS\System32\bwqdkar.exe NOT PRESENT. I did find this file C:\Documents and Settings\Allusers\Applications Data\Spybot – Search & Destroy\Recovery\CallingHomebiz.zip\bwqdkar.exe but DID NOT delete

C:\WINDOWS\system32\yawuha.exe this exact file was not present but \yawuha.exe – up.txt was present---- I deleted.
krazykat

 

chaslang,

THANKS for the reply and help. Looks like the problem is fixed --- no "porn" pages popped up during 2 hours of log on time.

I have reset the IE home page to my normal URL. Should I need to post again I will remember to post a .txt file.

As a preventive measure ----- are ther any "pro active" spy ware programs. Ones that scan and watch for known spyware and block install; so you do not need to do scans to clean up a mess after the program(s) load and do their dirty work?

Norton AntiVirus and other anti-virus programs stand by and intercept virus programs and prevent install. Is there spyware programs that work the same way?

THANKS again,

krazykat