My computer is pretty much gonerz

Discussion in 'Malware Help (A Specialist Will Reply)' started by stezieb, May 14, 2006.

  1. stezieb

    stezieb Private E-2

    ok I am gettting pop-up's like crazy, I use mozilla but im getting ie pop-ups 2 by the minute. Also my background is solid black and i've lost the picture I had on the background.

    So far I have ran:

    Adware-
    Avg-
    Spybot-
    Spyware Nuker-

    All with the latest updates as of 5-12-2006

    I've delete cookies and all other temporary internet files and saved passwords......still i get pop -up's out of nowhere for places like party poker.net and stuff.......

    I really dont want to have to format and re-install so please help me out here is my hijackthis log:

    Edit by chaslang: Inline log removed.

    --------------------------------------------------------------------------------------
    I'm also getting this error from the bootup avg scanner "Virus Found C:NNSCIAA~.exe" but then i search at that location there is no files remotely close to that name.....

    And also on startup the message ibm0001.exe or one of it's components are not found.......hope this helps

    Spywarenuker and spybot say that zestyfind and webhancer are my problems but spybot and spyware nuker supposedly deleted them....
    they find and recognize these files:

    c:\Windows\System\CZWMDM.dll

    EXPLORER.EXE (ID -116133) MTVCR70.DLL

    c:\WINDOWS\SYSTEM\mtvcr70.dll
    ok I found out more about this.....i started saving all of the url's to the pop-up's i am getting here is what the list looks like:


    http://serving.rpowermedia.com/advertpro/s...e?zid=29&pid=10
    http://www.onlineshopp-ing.com/muon.html
    http://www.dealiotoday.com/muon.html
    http://www.winantivirus.com
    http://www.888.com
    http://www.buyer-shabit.com/muon.html
    http://www.bigdiscountbuy.com/muon.html
    http://www.blow-outsales.com/muon.html
    http://www5.zapmeta.com/cgi-bin/search/met...&thumbs=on&to=5

    http://www.hug-ediscounts.com/<b>muon[/b].html
    http://www.uniqueoffer-s.com/muon.html

    A simple google search led me here:
    http://forums.techguy.org/security/459211-...pages-muon.html

    And another search led me here:
    http://www.bleepingcomputer.com/forums/ind...c=49774&hl=muon

    Any help would be greatly appreciated....thanks in advance.........
     
    Last edited by a moderator: May 15, 2006
    stezieb, May 14, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please do not post any logs inline with messages. HijackThis is the last step to use.

    SpywareNuker is not a recommended program to use. At one time it was even listed as a rogue tool on the below list. It is delisted now, but we do not recommend using it it.

    http://www.spywarewarrior.com/rogue_anti-spyware.htm#swn_note


    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
    • Bitdefender
    • Panda Scan
    • HijackThis
    Question: Did you set your Main and seach pages to about:blank (like below) on purpose?
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

    Serious Note: If you have files like ibm0001.exe on your PC, you could have a serious problem to deal with related to a password stealing trojan. Your financial accounts (passwords etc) may have been compromised. See this link:

    http://www.liutilities.com/products/wintaskspro/processlibrary/ibm00001/
     
    Last edited: May 17, 2006
    chaslang, May 15, 2006
    #2
  3. stezieb

    stezieb Private E-2

    I did set it to about:blank and I also have my ie settings to work offline.....the pop-up's are terrible and after a couple of them my computer usually freezes....i cant close them unless i have it set to work offline......then when it says......would you like to connect? i just say cancel and they go away........

    Ive ran everything except these:
    * Bitdefender
    * Panda Scan
    * HijackThis

    Because they just freeze up my computer after supposedely scanning for ages...

    Here is my new HJT log:

    Edit by chaslang: Link to HJT log at remote site removed. Attached locally.

    and keep in mind im running 98se with only 256mb of ram....
     

    Attached Files:

    Last edited by a moderator: May 17, 2006
    stezieb, May 17, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to run CounterSpy and attach the log as requested in the READ ME. You do not appear to have run Spybot either. At least it is not installed as requested with the SDhelper function. You also did not follow the instructions in step 7 and as a result have HJT installed exactly where we do not want it installed. Please install it properly.

    Also please do not attach links to logs at remote sites. Attach your log here as the links given in the READ ME instruct.

    You have no protection software installed on this PC:
    - no antivirus
    - no antispyware
    - no firewall

    This is extremely dangerous and can result in huge amounts of malware infecting your PC. This may also be the reason you are getting so many popups. You have nothing installed to block anything bad.

    Like I said before the ibmxxxx.exe files are password stealing trojans and your financial security can be a severe risk.

    Let's get an installed programs list from HijackThis!
    • Run HijackThis, click Open the Misc Tools section
    • Click Open Uninstall Manager
    • Click Save List (generates uninstall_list.txt)
    • Click Save, to save it to a file where you can find it.
    • Attach the uninstall_list.txt file to your next message.
     
    Last edited: May 17, 2006
    chaslang, May 17, 2006
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds