New.net

Discussion in 'Malware Help (A Specialist Will Reply)' started by The Brewer, Dec 21, 2005.

  1. The Brewer

    The Brewer Private E-2

    I've been following the instructions within the 'sticky' posts to treat a machine that had Spyaxe 3.0.

    Having followed those instructions (had no problems running the online scans or following any other step) the machine doesn't have any noticable symptoms, but the Panda activescan isn't coming back clean.

    It lists spyware of new.net and adware of delfinmedia and brilliant digital.

    I attach a log file from HJT and the file from the Panda Activescan

    Hope you guys can help me further.
     

    Attached Files:

    The Brewer, Dec 21, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Where is the require log from BitDefender online scan?

    Looks like you may not have installed and run Spybot or did not use the steps in the sticky to fix some bugs with its ignore products settings.

    Does BrilliantDigital appear in Add/Remove programs? If so, uninstall it.

    You should also run the below to make sure nothing else for SpyAxe is found:

    Smitfraud, SpySheriff, SpyAxe & PSGuard Removal

    Post the requested smitfiles.txt log too.
     
    chaslang, Dec 21, 2005
    #2
  3. The Brewer

    The Brewer Private E-2

    I've attached the Bitdefender log file.
    I definitely ran Spybot, and don't believe that I missed any of the steps in the instructions.
    Brilliant Digital is not in Add/Remove programs.

    Will post smitfiles ASAP.
     

    Attached Files:

    The Brewer, Dec 21, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O19 - User stylesheet: (file missing)

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete    :
    C:\Documents and Settings\Kris\Local Settings\Temp\BDECache <-- the whole folder
    C:\WINDOWS\NDNuninstall4_80.exe C:\WINDOWS\NDNuninstall4_88.exe
    C:\WINDOWS\NDNuninstall4_94.exe
    C:\WINDOWS\NDNuninstall5_40.exe
    C:\WINDOWS\NDNuninstall5_48.exe
    C:\WINDOWS\NDNuninstall5_64.exe
    C:\WINDOWS\NDNuninstall6_10.exe
    C:\WINDOWS\NDNuninstall6_22.exe
    C:\Installed Games\SimCity 2000\Cdrwin.3.8c.RB0
    C:\Installed Games\SimCity 2000\cdr38c-e.exe
    C:\34chjkhj.exe

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    chaslang, Dec 21, 2005
    #4
  5. The Brewer

    The Brewer Private E-2

    Have followed those instructions without any issue.
    I've attached the smitfile log and the most recent HJT.

    As for as how things are looking - they were fine as soon as I'd god rid of Spyaxe keeping popping up fromn the system tray. - I'd just run the Panda scan to check all was well as things appeared to be sorted.

    How am I looking now?
     

    Attached Files:

    The Brewer, Dec 22, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Dec 22, 2005
    #6
  7. The Brewer

    The Brewer Private E-2

    Chaslang, again you've been a great help. It's truly appreciated.
    Many thanks.
     
    The Brewer, Dec 22, 2005
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    Enjoy he holidays malware free!
     
    chaslang, Dec 22, 2005
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds