I've got an annoying spyware, hopefully you know how to get rid of it.

Discussion in 'Malware Help (A Specialist Will Reply)' started by Spakku, Feb 12, 2005.

  1. Spakku

    Spakku Private E-2

    it's located here:
    C:\Documents and Settings\Steve\Local Settings\Temp\se.dll
    i can't delete it because it's running. i'll delete the file that runs it with HijackThis, but it initiates again so quickly i don't have time to delete it. I've been trying for about a week now, but how can i get rid of this dll file?
     
  2. johnny5333

    johnny5333 Private E-2

    well, whats the name of files. A good way to find a cure for your trojan/virus is typing in the name of it to a search engine.

    It sounds like you have nnsearch.biz
     
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The file is more than like being loaded at boot time. It probably appears in your O4 section of your HJT log.

    First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


    After doing ALL of the above if you still have a problem:

    Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

    To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
     
  4. Spakku

    Spakku Private E-2

    I followed all the steps, and attached is my log
     

    Attached Files:

  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    \

    Please post a complete, unedited and unfiltered HJT log from normal boot.

    Try rebooting and do not run anything after reboot except HijackThis and do not shut anything down (ignore what is said in the HJT tutorial - I want to see everything that should be running).
     
  6. Spakku

    Spakku Private E-2

    what did you say to post? i didn't edit it, but what's normal boot? i did run that first with nothing else going, though. i swear.
     
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If that is your complete HJT log after booting up your PC. I would think someone has been deleting items using HijackThis or some other registry editing tool. You have nothing loading that should be loading. This is too empty. It shows no applications at all at boot time. (Other than one malware item.)

    You don't have a virus scanner, a firewall, any of the typical defaults that would load on a normal PC.

    Has someone been fixing things on this PC before coming here? Or did you run a HijackThis log and delete/fix everything it showed?
     
  8. Spakku

    Spakku Private E-2

    that's all i have, but can you help me lose the malware or not?
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You are missing the point and you did not answer my questions! Who has been experimenting on trying to fix things and what was done? You have none of the typical startup items that should be getting loaded for normal PC operation. This is a bigger problem then spyware. Who did this?

    You also show no signs that the steps in the Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal have been run. It is the first step at removing spyware problems. If all of it was run there would definitely be more things showing in your log.

    HijackThis has the ability to filter (not show) items. Did you use that feature?

    The only bad item showing (and in fact it is the only item showing which borders on the impossible) is:

    O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Steve\LOCALS~1\Temp\se.dll,DllInstall

    You can fix that line and boot in safe mode to delete the file. But it will more than likely come back. But as I said you have larger issues. If you cannot answer what happen to all of the items that should be in your log we will have problems getting anywhere.

    Did you have a antivirus application installed?
    What about all the spyware removal applications we asked you to install? Where are they?
     
  10. Spakku

    Spakku Private E-2

    Honestly, i don't know who's done what to this computer. And I found out how to fix the spy-ware, but now I can't show you a hijack this log and I don't know what programs I should have running normally. If you could tell me what to do at all right now that would be very helpful.
     
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Are you sure you fixed the problem? What did you do?

    What do you mean you cannot show a hijack this log now?

    Did you have an antivirus application installed on this PC?
    Are you logging in as the Administrator or a regular user account?

    Try installing Spybot S&D from the Read Me tutorial and make sure you select to use the SDhelper function. I want to see if this show up in your HJT log.

    Also do the below:

    Now we need to Reset Web Settings:
    1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.
     
  12. Spakku

    Spakku Private E-2

    To fix the problem I used Hijack This to delete the spyware on the next restart. I haven't seen it since. And about not being able to send a log, Hijack This doesn't let me do that if I have no malware on my computer at the time. I don't use Internet Explorer, but I delete all of my cookies and temporary internet files regularly. I don't really want to download Spybot, though. Last time I used Spybot I deleted a Windows file... I can't be trusted with that kind of power over my computer. I'm not aware of any antivirus programs on the computer except what I have downloaded from MajorGeeks, and I don't have a limited or guest account on this computer.
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Not true! You can always get a HijackThis log at any time.

    Note HijackThis was updated today to version 1.99.1. You should download the new version.
     
  14. Spakku

    Spakku Private E-2

    All I know is that the button doesn't appear. When there's no button I don't know how to save a log.
     
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    What button does not appear?

    Are you running HijackThis? Then just click the button that says "Do a scan and save a log"
     
  16. Spakku

    Spakku Private E-2

    it just goes right to the scan now. i think somebody changed it to that setting. i'm not the only one who uses it, but i don't know how to change it back.
     
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Click the Config button and then on the Main tab check the option that says Show intro frame at startup. Then tell the other users to not do that any more. ;)
     
  18. Spakku

    Spakku Private E-2

    I fixed Hijack This, and all other users are forbidden. And because this is me, of course, another problem popped up. Now when I choose to do a system scan and save logfile, it doesn't stop scanning. It just scans over and over until I close it. When I close it, it says to save the logfile now, but when I save it the file doesn't appear. I am apparently totally hated by all technology at this point, because my PS2 is also broken... :(
     
  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Let's just try deleting the HijackThis you currently have and then re-download it from the link I originally gave you. That will give you the new 1.99.1 version.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds