Spyware haven?!?!?!

Discussion in 'Malware Help (A Specialist Will Reply)' started by sleepygamer213, Jun 3, 2005.

  1. sleepygamer213

    sleepygamer213 First Sergeant

    I read and performed everything stated in the READ THIS FIRST guide but still couldnt get rid of this stuff... my homepage has also been hijacked... A squared cannot delete any of these but this is what it found.... I cannot run Microsoft Antispyware either...

    C:\Documents and Settings\Mike\Local Settings\Temp\6.qtdfmp Trojan-Downloader.Win32.Small.aux
    C:\Documents and Settings\Mike\Local Settings\Temp\go.exe Trojan-Dropper.Win32.Small.we
    C:\Documents and Settings\Mike\Local Settings\Temp\ptf_0010.exe AdWare.Pacer.d
    C:\Documents and Settings\Mike\Local Settings\Temp\vx3.game Trojan-Downloader.Win32.Agent.ho
    C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\W6MTVPTW\abc[1].exe Trojan-PSW.Win32.LdPinch.os
    C:\WINDOWS\system32\abc.exe Trojan-PSW.Win32.LdPinch.os
    C:\WINDOWS\system32\init32m.exe Trojan-Downloader.Win32.Agent.ho
    C:\WINDOWS\system32\rdrlib.dll Trojan-Clicker.Win32.Redir.b
    C:\WINDOWS\system32\vxgame3.exe Trojan-Downloader.Win32.Agent.ho
    C:\WINDOWS\system32\vxh8jkdq6.exe Trojan-Downloader.Win32.Small.aux
    C:\WINDOWS\system32\wirl.dll Trojan.Win32.StartPage.xs
     
    sleepygamer213, Jun 3, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you ran the READ ME FIRST and did it in safe mode as requested, running CCleaner should have removed the below:
    C:\Documents and Settings\Mike\Local Settings\Temp\6.qtdfmp Trojan-Downloader.Win32.Small.aux
    C:\Documents and Settings\Mike\Local Settings\Temp\go.exe Trojan-Dropper.Win32.Small.we
    C:\Documents and Settings\Mike\Local Settings\Temp\ptf_0010.exe AdWare.Pacer.d
    C:\Documents and Settings\Mike\Local Settings\Temp\vx3.game Trojan-Downloader.Win32.Agent.ho
    C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\W6MTVPTW\abc[1].exe Trojan-PSW.Win32.LdPinch.os

    You should be able to delete all the files yourself in safe mode. If you cannot delete them in safe mode and still need help, follow the steps below:


    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, Jun 3, 2005
    #2
  3. sleepygamer213

    sleepygamer213 First Sergeant

    It would be nice if i could run any of my antispyware/virus programs... however when i try to run or even install one it always says "(program name) has encountered an error and needs to be shutdown" and once ok is clicked it stops installation or program running, i cant run hijack this (even in C:/program files/HJT) I cant run microsoft anti spyware or avast, not even a squared... When i try to go into task manager it says "Task manager has been disabled by your administrator" and i never disabled it.... how do i fix this???

    PS i just did a fresh windows install after...
     
    sleepygamer213, Jun 4, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    But you said you ran the READ ME FIRST in your first message. Why did you say that if you cannot run the scanners?

    What do you mean by
    Do you mean you no longer have problems because you reinstalled?

    If you still have problems, continue with the below.

    For your Task Manager problem do the following:

    Copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixtm.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Double-click on the fixtm.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to add to the registry say yes.
    Now shut down all unnecessary processes and try to get the HJT log. If you cannot run in normal boot mode, boot into safe mode and try to get a log.
     
    chaslang, Jun 4, 2005
    #4
  5. sleepygamer213

    sleepygamer213 First Sergeant

    By fresh install i meant that I cleared the C drive and reinstalled windows, but i still had problems, so i decided just to clear the C and D drives and now i have no more problems...
     
    sleepygamer213, Jun 5, 2005
    #5
  6. peterparker

    peterparker Corporal

    Thanks Chaslang for the regedit file. Had a problem with Task Manager a while back. One question though do you have an idea what the last key does? "DisableCAD"
     
    peterparker, Jun 5, 2005
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Jun 5, 2005
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds