Message Mates, Bonzi, Cydoor

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by zakrz1, Sep 12, 2004.

  1. zakrz1

    zakrz1 Private First Class

    Spybot won't clean Message Mates, Bonzi, Cydoor... In safe mode ran Adaware, Spybot, Ccleaner. Would appreciate steps to try next!
     
    zakrz1, Sep 12, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow all the steps in this Sticky thread < READ ME FIRST: Basic Spyware, Trojan And Virus Removal > If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.
     
    chaslang, Sep 12, 2004
    #2
  3. zakrz1

    zakrz1 Private First Class

    Followed the sticky thread, ran all the programs (online v.scans afterwards) and none of 3 mentioned were there (although Spybot cleaned up others...). Ran Spybot in regular mode again, found and wasn't able to clean Message mates, Bonzi or Cydoor. Bizarre! Attaching Hijack log.
     

    Attached Files:

    zakrz1, Sep 13, 2004
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not run all the scans. That much I can tell since I do not see evidence of the
    Symantec Security Check .

    You also need read the HijackThis tutorial in this Sticky thread < Hijack This Tutorial And How To Post Your Log File > It states the following in bold print.

    Do not post a HijackThis log until we ask you to and when we do it must be text document attachment to your message.

    Do you get any kind of error message from SpyBot? Does it give any indication of where these problems are being located?

    I do not see any signs of these in your HijackThis log. Perhaps you need to look in Add/Remove programs or for installation directory left overs (maybe in c:\Program Files).
     
    chaslang, Sep 14, 2004
    #4
  5. zakrz1

    zakrz1 Private First Class

    Tried it again; Symantec found 1 file infected with the Download.Trojan (I followed their instructions on removal). Don't see anything out of the ordinary in program files to remove. Spybot has a problem with the following:

    BonziBuddy: User settings (Registry key, fixing failed)
    HKEY_USERS\S-1-5-20\Software\Bonzi Software

    BonziBuddy: User settings (Registry key, fixing failed)
    HKEY_USERS\S-1-5-19\Software\Bonzi Software

    Cydoor: User settings (Registry key, fixing failed)
    HKEY_USERS\S-1-5-20\Software\Cydoor services

    Cydoor: User settings (Registry key, fixing failed)
    HKEY_USERS\S-1-5-19\Software\Cydoor services

    Cydoor: User settings (Registry key, fixing failed)
    HKEY_USERS\S-1-5-20\Software\Cydoor

    Cydoor: User settings (Registry key, fixing failed)
    HKEY_USERS\S-1-5-19\Software\Cydoor

    Message Mates: User settings (Registry key, fixing failed)
    HKEY_USERS\S-1-5-20\Software\AdTools, Inc.

    Message Mates: User settings (Registry key, fixing failed)
    HKEY_USERS\S-1-5-19\Software\AdTools, Inc.
     
    zakrz1, Sep 14, 2004
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You could edit your registry by hand to remove references to all those itemsbut but first lets backup your registry using a tool like Erunt.

    The boot in safe mode and you can use regedit to navigate to each of those lines and delete them from your registry. Do you know how to use regedit?

    Click Start, Run, and enter 'regedit' without the quote into the box and click ok. Then navigate in the left hand window to each of those keys one at a time. Then select it and then right click on it and select delete. MAKE SURE THE BOTTOM OF THE regedit window shows the full path to the key you are trying to delete. Like HKEY_USERS\S-1-5-20\Software\Bonzi Software before deleting.
     
    chaslang, Sep 14, 2004
    #6
  7. zakrz1

    zakrz1 Private First Class

    Backed up reg, didn't find the reg entries in safe mode. Re-booted normal, found the reg entries, deleted, ran spybot, nothing found! Thanks for your help!
     
    zakrz1, Sep 15, 2004
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome!
     
    chaslang, Sep 16, 2004
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds