Need help w/ ad/spyware removal

Discussion in 'Malware Help (A Specialist Will Reply)' started by iAMliz, Jun 24, 2006.

  1. iAMliz

    iAMliz Private E-2

    Hi,

    My computer has been running more slowly lately, and sometimes I'll click a link or enter a url in my address bar and I'll get sent to a page with another url (sorry I havn't recorded the exact address its "chrome: . . . ") that says address not found. I don't know if that had to do with my wireless connection or if my browser was hijacked. I finally decided to see if my machine is clean.

    I followed the directions in the "read and run me" thread. The Panda online scan found some spyware and adware in my Windows registry. I have been advised that I should not proceed with it's removal without experienced help seeing as I don't even know how to access my windows registry.

    I'm running Windows XP sp2, I'm running an AMD Athlon XP, and I have 2 harddrives, C:, and E:

    Below I've attached my log files.
     

    Attached Files:

    iAMliz, Jun 24, 2006
    #1
  2. iAMliz

    iAMliz Private E-2

    wiat. It just happend. here's the url that I sometimes get, chrome://global/content/netError.xhtml?e=netTimeout&u=http%3A//auraobrien.com/vdeck&d=The%20operation%20timed%20out%20when%20attempting%20to%20contact%20auraobrien.com.

    and the error message on the page is "Net Timeout Error" it says "The operation timed out when attempting to contact auraobrien.com

    The browser timed out while trying to connect to the specified site. The site may be experiencing high loads that are slowing it down, or network problems are preventing data from being received from it in a timely manner. If the site is likely to be busy, consider waiting a few moments before retrying the request.
    "


    which makes me think that this is normal.
     
    iAMliz, Jun 24, 2006
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs do not show any real malware problems. The stuff that Panda show are just a few left over registry keys that are more than likely not causing you and problems. And since Panda gives no info on where it is finding anything, we cannot even try to fix them anyway. I do see two non malware related issues with MySQL and Symantec. The below service appear to be broken. Do you still use these?

    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\SymProxySvc.exe (file missing)

    Since I do no see any malware issues, I suggest you try the below steps.

    Download HOSTER and then follow the below steps.
    • Unzip Hoster to a convenient folder such as C:\Hoster
    • Run Hoster.exe, click Restore Original Hosts and then click OK.
    • Click the X to exit the program
    Now we need to Reset Web Settings:
    1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.


    Now follow the below procedure and attach the Ewido log when finished:

    Running Ewido Anti-Malware
     
    chaslang, Jun 25, 2006
    #3
  4. iAMliz

    iAMliz Private E-2

    Thanks. I ran Ewido and it said there were no detections.
     
    iAMliz, Jun 25, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There was a lot more than Ewido in my previous message and it also began with questions to answer.
     
    chaslang, Jun 25, 2006
    #5
  6. iAMliz

    iAMliz Private E-2

    Sorry for the distracted reply,

    In answer to the question: I'm not using the two programs you mentioned. I removed the MySQL from add and remove programs, and I thought all of they symantic products were gone from my system.

    I did run HOSTER and reset my browser settings before following the Ewido procedure.

    I'm not experiencing any more problems with my machine.
     
    iAMliz, Jun 25, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to Norton Internet Security Proxy Service Service ... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

    Now repeat the above stop and disable for the following services:
    MySQL

    Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

    SymProxySvc

    Now repeat the Delete NT Service steps for:
    MySQL

    If you receive any error messages just ignore them and continue.

    Now exit HJT and reboot when it tells you it needs to.

    After reboot, run a new scan with HijackThis and verify the below lines are gone.
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\SymProxySvc.exe (file missing)

    Also delete the below if found
    C:\Program Files\Norton Internet Security <--- the whole folder
    C:\Program.exe


    If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

    After that, you should work thru the below link:

    How to Protect yourself from malware!
     
    chaslang, Jun 25, 2006
    #7
  8. iAMliz

    iAMliz Private E-2

    Hi,

    My HJT log didn't show either file, and I didn't find C:\Program Files\Norton Internet Security or C:\Program.exe.

    Thanks so much. I've created a new restore point and I'm in the process protecting myself from malware.

    I had no idea Windows firewall wasn't very secure.

    Thank you for all your help and time.

    You've got an excellent opperation here.
     
    iAMliz, Jun 26, 2006
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Jun 26, 2006
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds