I have read the 'pre read' stuff... and still have adware..

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by lucid1, Nov 25, 2004.

  1. lucid1

    lucid1 Private E-2

    I have read the page that I was susposed to read before posting here. I followed all of the instructions, downloaded a bundle of software etc, and still get the malware symptoms that led me here. I think it is related in some way to the valuead line... I am not very familier with the terminology etc, but I have hijackthis and am prepared to post a log file and hope someone can halp me get rid of these problems...
    Thanks,
    Jason
     
    lucid1, Nov 25, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you have run ALL the steps in < READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal > then you should read the tutorial in this Sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis log file as an attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

    Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

    Make sure you have HJT version 1.98.2 and follow the guidelines on where to install it and how to post a log as an attachment.
     
    chaslang, Nov 25, 2004
    #2
  3. lucid1

    lucid1 Private E-2

    I will do that now....
     
    lucid1, Nov 25, 2004
    #3
  4. lucid1

    lucid1 Private E-2

    After closing all open programs that were on the task bar, while preparing to run hijackthis, I had an interesting thing happen. Everything closed and when I opened the windows explorer to the folder (C:/prograp files/hjt) that holds the hijack this file, a pop up window came up. I use mozilla as my default browser and avoid many of the symptoms while browsing, but this is very much an invasion when I get these popups when just opening a local folder... ok, enough of my rant... attached should be the log (.txt) file I just made.
    Thanks,
    Jason
     

    Attached Files:

    lucid1, Nov 25, 2004
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Why did you skip the Symantec online scan? Did you skip anything else?

    Do you know what these two programs are:
    C:\Program Files\CursorEx\CursorEx.exe
    C:\Program Files\ClocX\ClocX.exe
     
    Last edited: Nov 25, 2004
    chaslang, Nov 25, 2004
    #5
  6. lucid1

    lucid1 Private E-2

    I do know those two programs, they have been ok for a long while....
    I didnt know that I skipped any steps...
     
    lucid1, Nov 25, 2004
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your log shows no sign of the Symantec online scan being run. That was why I asked the question. Did you run Stinger and CWShredder?
     
    chaslang, Nov 25, 2004
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Make sure you have system restore disabled and viewing of hidden files enabled (per the tutorial).

    Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Find the below process and End it:
    C:\Documents and Settings\Lucid One\Application Data\tcra.exe

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    O2 - BHO: (no name) - {6C8C360E-B348-2DC7-8756-6D5508F17B48} - C:\WINDOWS\System32\vutj.dll
    O4 - HKCU\..\Run: [Roam] C:\Documents and Settings\Lucid One\Application Data\tcra.exe
    O4 - HKCU\..\Run: [Zdylvcd] C:\WINDOWS\System32\w?nspool.exe

    Boot into safe mode and use Windows Explorer to delete:
    C:\WINDOWS\System32\vutj.dll
    C:\Documents and Settings\Lucid One\Application Data\tcra.exe

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    chaslang, Nov 25, 2004
    #8
  9. lucid1

    lucid1 Private E-2

    ok, I think that did it... well I havent noticed any troubles since... well since I restarted... I am writing this in IE just to give it a chance to 'pop'...
    I am posting the new hijackthis log.
    thanks a bundle,
    Jason
     

    Attached Files:

    lucid1, Nov 26, 2004
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Nov 27, 2004
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds