Spy Sherriff Problems (Again...)

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Haf-A-Mil, Jul 8, 2005.

  1. Haf-A-Mil

    Haf-A-Mil Private E-2

    Ok, here is the problem. I used the techniques that were in the Spy Sherriff removal sticky on this forum and it was gone for a couple of days. Yet, to my surprise 4 days later the vermin is back on my machine. I kind of knew something was up because when the desktop image had changed talking about "System Stopped" and some other mess on the main screen. After I thought it was removed the image was gone but my original desktop was not back. Then when I tried to go change it back in the Display option it would not let me change anything.

    The computer is a Gateway Tablet PC with WinXP SP2. 1 Ghz Intel Processor 504 MB of RAM. Thanks in advance and my hijack log is included.
     

    Attached Files:

    Haf-A-Mil, Jul 8, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not install HJT properly per the sticky thread and you did not exit browsers before running HJT.

    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\BitComet\BitComet.exe <--- this should not be running either.
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Tyrus\Desktop\HijackThis.exe

    Please install HijackThis properly and remember to exit browsers before using HJT.

    You need to run thru the sticky thread steps again (note it was updated a few days ago too). Start at step 4.

    Also have HijackThis fix the below two lines:

    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [Archive] C:\Program Files\Archive\archive.exe

    And when you boot into safe mode to delete files, also delete the C:\Program Files\Archive folder
     
    chaslang, Jul 9, 2005
    #2
  3. Haf-A-Mil

    Haf-A-Mil Private E-2

    Thanx man, will try....
     
    Haf-A-Mil, Jul 9, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay! Let me know your status afterwards.
     
    chaslang, Jul 9, 2005
    #4
  5. Haf-A-Mil

    Haf-A-Mil Private E-2

    chaslang: thanks for your help and assistance. Everything seems to be back to normal, Im able to edit my display features. Ill let you know if it happens again, but Im going with the notion that it wont. Thanks again and your help was greatly appreciated...
     
    Haf-A-Mil, Jul 9, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Post a current HJT log so we can see if anything is remaining.
     
    chaslang, Jul 9, 2005
    #6
  7. Haf-A-Mil

    Haf-A-Mil Private E-2

    Here is the new hi-jack log
     

    Attached Files:

    Haf-A-Mil, Jul 9, 2005
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay. You're clean. But to help keep it that way, you should perform the steps in the below thread.

    How to Protect yourself from malware!

    Make sure you install one of the firewalls mentioned and then disable the WinXP SP2 firewall which does not provide adequate protection.
     
    chaslang, Jul 9, 2005
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds