Red ! - PC infected by Spyware button

Greetings!

I have followed all the instruction from your http://forums.majorgeeks.com/showthread.php?t=35407 tutorial and have gotten nowhere getting rid of this insidious thing.

I've run AdAware SE, Spybot S&D, CCleaner, Spywareblaster, Kill2Me, Stinger, CW Shredder, etc from the above thread. Followed all of the instructions carefully. Not once, but three times and gotten nowhere. I'm now 6 hours into this and it's still there.

I was playing a web game and suddenly I started getting popups all over the place and the red exclamation point in the white circle suddenly appeared. Which I didn't click, but it was already in my taskbar and in my IE bar.

Initially I ran Spybot and Adaware which came up with over 800 problems to fix. (I ran these only two weeks ago with only 20 items to fix.) Each time I re-run Adaware it comes up with 20'ish Ezula tracking items which I tell it to delete.

So I came to your website and started to follow through the tutorial. (I had done this a month ago because my main computer was infected with ads123 which your information helped me get rid of... thank you!)

My hijack log keeps showing the 09 Extra button: Your PC is infected with spyware - click here to fix your PC

When I tell it to fix checked and scan again, it's already back.

SO... now that I'm done rambling, now what?

 

You bet!

I did do an online virus scan after I ran my Norton Anti-virus which came up with nothing.

Trend Micro came up with 8 items it could clean. 6 of them were joke files I'd forgotten I even owned from 8 years ago, and two were viruses:
Troj Lalus.A
Troj Istbar.X
Both of which I hit the delete button for.

Hmm.. I see the begin2search just popped up on my Hijack log. *sighs* That wasn't there yesterday. If I rip my hair out and scream, don't mind me. This computer is old, but I use it for all my college and work related research so I don't infect my main computer with too much nonsense.

Okay, for my Hijack log:

 

Fixed!!!

I have managed to fix this (and quite a lot of other spyware I didn't even know I had!) myself. Thank you guys for the attempt.

I'll tell you what I did... I found a program called Spyware Nuker 2004. I couldn't afford to buy it, but I downloaded it to see what it'd do. Boy oh boy... it found a ton of spyware that I thought my other spyware items had found and gotten rid of, and some things I didn't even know I had!

Anyway, because I couldn't purchase it, it didn't fix any of the problems it found. But (and this is a big but!) it does allow you to hit the expand button so you can find all the files these programs are hidden in... including all the registry information!! **ding, ding, ding**

Two hours after finding this little program and discovering the 80 files it found, I am now spyware free of all it could find.

Oh, and the red exclamation point thingy? It's called spyware deleter, one of the files is sd.exe if anyone finds it in their stuff. There's other files associated with it you'll want to find and delete out. *grins and thumbs up*

Good luck all you folks with spyware problems!!

 

*nods avidly*

Picture me doing a bobble head dance nodding in agreement on the Spyware Killer response. I didn't install it, so out it went!

Apologies on the not making the last HJT a .txt, didn't realize you wanted it that way. I must not have researched your site as thoroughly as I thought I had.

The Spyware Nuker 2004 program... lol Adaware considers it to be Malware. *grins* Oh well, it helped me get rid of the worst of the problems I was having, so it can consider it that all it wishes.

Okay... I DL'd BHO Daemon, that seems to be helping a bit, too.
I also DL'd Zone Alarm so I'd have a firewall. Those are the only new additions since I last posted.

I went to the website in your guide for the items listed in HJT to see if the 04's were okay. I wasn't sure how to tell which were okay or not. ;( IE: that NeroCheck.exe... no idea if it's the OK one or nay. I dont' remember if I installed Nero or not on this computer to start with.

I hope this one meets a little more with your approval. I await your response avidly.

 

Shutting down before running HJT:
Whoops! I'm a fluffhead. Apologies.

Spyware Nuker comment:
*grins* Oh well, "supposedly" and "actually" can be considered separate things in this instance.

I have restore disabled and viewing hidden files enabled.

Do yo recognize this: O1 - Hosts: 64.24.234.120 swirve.com
Yes, that's the Utopia game I play where I think I'm getting this spyware, although the owner swears up and down it's not coming from him because then he'd have a lot of angry players.

Followed all instructions to get rid of kjberup.exe (which was also under system32) and wtsntcreate.exe.

Windows Update comment:
GMTA - Great minds think alike. I just went to Windows Update last evening and hit the install, then set it up to do auto update and install when I'm not awake.

Here's the latest HJT. -Gee, just think... this is only one of four of my computers I need to go over for spyware. I guess when I'm ready to hit the next one I'll be back here.

 

Hmmm

No clue? Cause I went and did installs and set it up to auto install in my absence.

I never said I was a computer genius. I do my best and hope.

 

ah well

Is the rest of my HJT clear for this comp, hon?

 

Whoot!

You're a doll! Thank you I'm giving myself a break before I tackle my main computer. I spent way too long on this for my secondary. I don't know how you do it all day! *hugs*

Have a wonderful weekend and you are the best!

 

Weather is beautiful now that all the hurricanes have gone through.
Was a little rainy today, but that was good, we had a fire nearby.
I'm only a couple hours north of Ft. Myers (in Tampa area).

If you wish to speak privately on this rather than digging up this old post when you've fixed my problems , feel free to private message me. I hate taking up people's forum space and digging of old posts more than necessary. It just feels rude to do. *blushes*

Yes, I'll start a new thread when the time comes to tackle that one. I haven't had any serious issues beyond ads123, which seems to be gone since I followed your instructions under "Read me first before asking for support" to start with (which was when I found this forum 2 weeks ago.) Of course, after that success, I had to send you new business!