Free6.se problem

Is this spyware or WTF

Greetings,

I have been clean for so long and now 2nite, bang. Anyway, I've run all the tools and removed what was suspect, but now I keep getting a pop-up that is either : "540.scmg.net/randomsites/pages/28.html" or "free6.se". I don't even use this pc for pron or warez so wtf. And why is it being allowed to pop up ? Any help would be greatly appreciated !

Thanx

 

Re: Is this spyware or WTF

Download everything you can and run the stuff. Worked for me so far..lol

 

Re: Is this spyware or WTF

Hi Synthetic_Inside,

If I am not mistaken, free6.se is a malicious porn site. Usually, where there is one, we often find more.

Generally, it is a good idea to start with the Cleanup Tutorial HERE:
READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan and Virus Removal

There are only a few of us Volunteers who regularly offer advice in this forum. Running through the above Tutorial will remove a lot of stuff that would otherwise clog a HijackThis Log and save us valuable time.

Please let us know the steps that you are able to complete and the ones that give you problems. Note that you need to be in Safe Mode with System Restore OFF (if you have it - you didn't give OS) and have the Viewing of Hidden Files ENABLED as per the instructions in the link. Make sure to do the Online Scans.

Post back and let us know how you fared. Also, send us a HijackThis Log. Be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.98.2) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!

If you need a Fresh Download of HJT, get it HERE: HijackThis 1.98.2

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

I’ve been pretty busy with work lately, but somebody will try to take a look when they get a chance.

Best luck
PP

 

Free6.se problem still remains

Greetings,

The first time I had this problem was last week and after following all the instructions, it was ad-aware that found it out ... it was CWS and CWSShredder hadn't even picked it up. Anyway, it was gone and I continued to surf with no hassles. Tonight it's back and this time no program is picking it up for removal ! Like I said, I used all the tools suggested on the help page and nada. As always, any help on this bastard of a matter would be greatly appreciated. Also, I'm adding my HJT log below.

Edit by chaslang: Unrequested, inline log deleted

Thanks much.

 

Re: Free6.se problem still remains

Greetings,

Please ignore this HJT log ... it's the wrong one. I'll get the correct one done and post that hopefully 2morrow.

Sorry

 

Greetings,

I did a proper HJT scan (I think) and most of it makes no sense to me. So instead of me tinkering, I'll take PhilliePhan's advice and post my log and see what you guys could do to help.

Thanks much.

 

Hi Synthetic_Inside,

Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Now scan with HijackThis and Check the Boxes for the following:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

R3 - Default URLSearchHook is missing

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
These two are considered mild spyware – I usually leave them alone, though. See this --> http://www.imilly.com/alexa.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab

O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab

O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode and navigate to and DELETE the following if they should remain:

C:\PROGRAM FILES\Toolbar ---> The Folder
C:\WINDOWS\System32\vbsys2 ---> Doublecheck this one, but it should be gone.

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows and Scan with HijackThis and attach that log.
Let me know of any problems you may have encountered with the above instructions and how your computer is running now. I will try to check back when time permits.

Best luck
PP

 

Greetings,

Hail to the Major Geeks helpers once again !!! I guess you can tell that my prob is gone.

PhilliePhan ... I can't put into words how to thank you enough ... "applause".
Here is the new updated HJT log file you requested, hopefully everything is in order now. Once again, my many thanks.

Cheers

 

You're Welcome! Your HJT Log looks good

You should now visit Windows Updates and get updated. Also, have a look at Chaslang's suggestions HERE: How to Protect yourself from malware!

SpybotSD, Ad-Aware, and SpyWare Blaster are Must Haves!!!!

Happy Holiday Computing

PP