Spyware Issues

Discussion in 'Malware Help (A Specialist Will Reply)' started by sgplastics, Jan 29, 2008.

  1. sgplastics

    sgplastics Private E-2

    I have been having major spyware issues on a workstation. I was getting a message on the desktop saying that my computer was infected with spyware and a popup internet explorer window trying to sell spyware removal software. I went throught the MALWARE REMOVAL GUIDE on this site and it seems to have fixed the problems although I'm not completely sure. I'm no longer geting any popups but the Internet Explorer is locking up when I try to start it. Firefox is working OK. The computer also seems to be running slow than it was before this all started. I have attached to combofix log and the MGlogs logs. Thanks for your help.
     

    Attached Files:

    sgplastics, Jan 29, 2008
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It looks like COmboFix took care of most all of the problems ..but you need to uninstall:
    My Way Search Assistant

    YOu also need to clean up your printer (s):
    Look at your Runkeys log and you will see about 6 instances of the epson printer in the

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]

    What issues are you still having?
     
    TimW, Jan 30, 2008
    #2
  3. sgplastics

    sgplastics Private E-2

    Internel Explorer 7 is getting stuck when I try to start it. It just hangs before it has started to load anything. If I disable the autoprotect features in Symantec AV it seems to work better but is still slow to load and does not work all the time. I tried deleting IE7 and going back to IE6, but when I clicked on the 'E' the program would not open. It would show an instance of iexplorer in the task manager processes for everytime I clicked the icon but never actually open the browser. I reinstalled IE7 and i'm still having the same problems. Other programs seem to open slower. None of this was happening before the malware attack and cleanup.
     
    sgplastics, Jan 30, 2008
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    RE-run both ComboFix and MGTools\GetLogs.bat file and attach them ...
     
    TimW, Jan 31, 2008
    #4
  5. sgplastics

    sgplastics Private E-2

    Here are the logs.
     

    Attached Files:

    sgplastics, Jan 31, 2008
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    What ever it is, it's not malware ....though you may want to do something with your printer ...this shows in both the HJT log and the RunKeys log:

    O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O16 "IP_192.168.1.137" /M "Stylus C64"
    O4 - HKLM\..\Run: [Auto EPSON Stylus C64 Series on ALAN-B076C610E0] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P47 "Auto EPSON Stylus C64 Series on ALAN-B076C610E0" /O26 "\\ALAN-B076C610E0\Printer3" /M "Stylus C64" G
    O4 - HKLM\..\Run: [Auto EPSON Stylus C64 Series lowerMFGT on ALAN-B076C610E0] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P57 "Auto EPSON Stylus C64 Series lowerMFGT on ALAN-B076C610E0" /O26 "\\ALAN-B076C610E0\Printer2" /M "Stylus C64"
    O4 - HKLM\..\Run: [Auto EPSON Stylus C64 Series on DBREWER] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P39 "Auto EPSON Stylus C64 Series on DBREWER" /O20 "\\DBREWER\EPSONSty64" /M "Stylus C64"
    O4 - HKLM\..\Run: [EPSON Stylus C64 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P32 "EPSON Stylus C64 Series (Copy 1)" /O6 "USB001" /M "Stylus C64"
    O4 - HKLM\..\Run: [Auto EPSON Stylus C64 Series on ALAN] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P36 "Auto EPSON Stylus C64 Series on ALAN" /O32 "\\ALAN\EPSON Stylus C64 on ALAN " /M "Stylus C64"
    O4 - HKLM\..\Run: [Auto EPSON Stylus C64 Series on ALAN (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P45 "Auto EPSON Stylus C64 Series on ALAN (Copy 1)" /O11 "\\ALAN\ALAN" /M "Stylus C64"
    O4 - HKLM\..\Run: [\\WS-ALAN\EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P33 "\\WS-ALAN\EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"

    The slowness may be addressed with a startup manager ....but it would be best to address this in the software section. :)
     
    TimW, Feb 1, 2008
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds