Pop-ups

Discussion in 'Malware Help (A Specialist Will Reply)' started by evilevets, Feb 11, 2006.

  1. evilevets

    evilevets Sergeant Major

    XP Home, SP1

    Getting pretty frequent pop-ups. Followed the Sticky.

    Spybot, MS and Adaware found a few things, but removed them. AVG finds nothing.

    BitDefender found a hanfull of things. Log is attached, along with HJT log.

    Panda scan wouldn't work.


    Thanks in advance,

    -Steve
     

    Attached Files:

    evilevets, Feb 11, 2006
    #1
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Download LSP-Fix

    After download is complete, Run LSP-Fix

    Check the Box labeled "I know what I'm doing" and then click on the bmnet.dll file (in the “Keep” section) to select it.

    Then, Select the >> button to move bmnet.dll into the Remove section.

    Now, click the Finish Button. When the Repair Summary box appears, click OK.

    (Note: If the file bmnet.dll is already in the remove section, then just click FINISH.)

    Next, follow the steps in the below thread on how to install and run Ewido Anti-Malware.
     
    bjgarrick, Feb 11, 2006
    #2
  3. evilevets

    evilevets Sergeant Major

    Did the LSP fix, and ran Ewido.

    Attached the Ewido log and a new HJT log.

    After the Ewido scan, I rebooted and IE stopped working again!



    Thanks,

    -Steve
     

    Attached Files:

    evilevets, Feb 12, 2006
    #3
  4. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Please look in Add/Remove Programs for the following and uninstall them if found:

    Ewido

    Viewpoint

    Now scan with HijackThis and check the boxes for the following entries:
    ( Make sure ALL browser windows are closed when you click FIX )

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*windowsupdate.microsoft.com;*windowsupdate.com;download.microsoft.com;codecs.m icrosoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupdate. symantec.com

    O2 - BHO: (no name) - {3D75B7D0-0DDC-4F1A-A6B2-CABF699CDCE2} - (no file)

    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)

    Again, make sure ALL browser windows are closed when you click FIX.

    NOW:
    Click Start > Run > type services.msc and Click OK

    Locate Local Security Authority Subsystem Service (lsass) and RightClick on it to bring up the Service Properties Window.
    First: Stop the service by clicking the Stop Button.
    Next: Disable it by changing the Startup Type to Disabled and click Apply

    Next, run CCleaner to clean up cookies and temp files.

    After you complete the above, reboot and let me know how things are running.
     
    bjgarrick, Feb 12, 2006
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds