Spyware is evil and ive tried everything.

Discussion in 'Malware Help (A Specialist Will Reply)' started by Drakeskull, Aug 1, 2006.

  1. Drakeskull

    Drakeskull Private E-2

    Ive did everything in the Read & Run me first and when I booted back up the popups and everything were worse then before. My symptoms are random popups which are cleaning tools and there will be little notices that say your pc has kept track of everything you have done. Also sometimes a random site from my favorites will pop up. Once in awhile instead of poping up it will redirect the first browser I opened to the systemdoc or what its called. Also when I browse randomly it will also have some dinging sounds and then it will make whatever I was currently typing in or doing in the background and cause me to quit typing a message. It only happens when I have a Iexplorer running but sometimes after I close it out I ctrl alt del, and there will be a iexplorer still running that I have to end process on.
     

    Attached Files:

    Drakeskull, Aug 1, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You MUST FOLLOW THE DIRECTIONS in step 7! You are using a 3 year old version of HijackThis. ALSO, please read step 7 of the READ ME again. Disable MSConfig (i.e., select Normal Startup) then reboot and then attach a new HJT log.
     
    chaslang, Aug 1, 2006
    #2
  3. Drakeskull

    Drakeskull Private E-2

    Sorry been trying to peice togather the directions cause it wont stay on the same page for to long.
     
    Drakeskull, Aug 1, 2006
    #3
  4. Drakeskull

    Drakeskull Private E-2

    It stopped.........hmm it seems to have stopped after the reboot in normal mode. I didnt mean to skip anything It just keep redirecting while I was trying to gather all the info or the Iexplorer would keep taking up resources until it crashed. Its taken me a few hours every day over the last few days to get everything done cause im on dial up and it kept on messing me up in the middle of everything. Thanks for your help its been a lifesavor heres my new Hijack log if you think there might still be something hidden but it seems to be clean now.
     

    Attached Files:

    Drakeskull, Aug 1, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes there is still something there! Before giving you a fix I need another quick scan. It runs in about two seconds.

    Please run the below procedure and attach the runkeys.txt log.
    You forgot to uninstall Viewpoint Manager in step 0 of the READ ME. Uninstall it now.
     
    chaslang, Aug 1, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Why didn't you run Windows Defender?

    Also why are you running with no antivirus and no antispyware program?
     
    chaslang, Aug 1, 2006
    #6
  7. Drakeskull

    Drakeskull Private E-2

    I had used avast for awhile but it was causing some things to not respond. The last time I wiped my HD I never reinstalled it and I didnt know of another free antivirus and since I didnt have any problems up until this point I didnt ever think anything about it. I downloaded Windows Defender and could have sworn I ran it, I tried to install it just now and it said I need windows installer 3.1 or greater should I update this?. I dont see viewpoint manager under the programs could it be the windows journal viewer? I will download avast, or is there another antivirus that would be a better option? Sorry to be so much trouble.
     

    Attached Files:

    Drakeskull, Aug 1, 2006
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No don't update anything yet! When we finish cleaning everything, we will do that.

    Make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {7ed376cd-960d-4adc-adba-cb2189216c0c} - C:\WINDOWS\system32\bootser.dll (file missing)
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O20 - Winlogon Notify: bootser - bootser.dll (file missing)

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete (if found):
    C:\Program Files\Viewpoint <--- the whole folder
    C:\WINDOWS\system32\bootser.dll

    Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
    Now run Ccleaner (installed while running the READ ME FIRST).

    Now reboot in normal mode and post a new HJT log.

    Make sure you tell me how things are working now.

    Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.
     
    chaslang, Aug 1, 2006
    #8
  9. Drakeskull

    Drakeskull Private E-2

    Ok its done, everything seems to be running fine. For some reason it started back up in my old selected mode after I came back from safe mode so I restarted in normal and it hung up while it was shutting down for about 3-4 min. Havent tried to restart again yet to see if it does it. Heres my new log.
     

    Attached Files:

    Drakeskull, Aug 2, 2006
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Everything looks pretty good except one item came back! Let's try again!

    Make sure viewing of hidden files is enabled (per the tutorial).

    >>>>>> It is critical that you make sure that NO BROWSERS are running when you use HijackThis to fix the items below. <<<<<<

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


    After clicking Fix, exit HJT.


    Now we need to Reset Web Settings:
    1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

    Now reboot in normal mode and post a new HJT log.
     
    chaslang, Aug 2, 2006
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds