Spyware/Malware problems

Discussion in 'Malware Help (A Specialist Will Reply)' started by Jagged Fel, Jun 22, 2006.

  1. Jagged Fel

    Jagged Fel Private E-2

    Hey I have or had some problems with malware. I do know my internet explorer, has the about:blank problem. As well it ALWAYS loads www[dot]sysnetsecurity[dot]com that website. I was getting random pop up adds until i installed the free sygate firewall. And it kept wanting me to install programs to remove spyware. But dont worry i didnt.

    Ive done everything in the guides.. I ran bitdefender and Panda. Panda found 7 malware, and 3 hacking devices. My AVG anti virus finds nothing. Adaware found 4 things and supposedly removed them. Spybot found 6 and removed 5, and removed the last one on the scan during reboot. Ive ran windows defender, it found nothing. I installed spyware blaster, and ran ccleaner.

    Id like to make sure my computer is clean for sure. Here is my hijackthis log. Id appreciate any help! Thanks in advance!
     

    Attached Files:

    Last edited by a moderator: Jun 22, 2006
    Jagged Fel, Jun 22, 2006
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Would be wise to follow the guide in relation to installing and running HiJackThis as you have run HJT from the exact place we advise not to from C:\DOCUME~1\Michael\LOCALS~1\Temp\Rar$EX00.250\HijackThis.exe which is from the temp folder and from the ZIP/RAR file, without extracting it to its own folder as in C:\Program Files\HJT folder
    , you also have Firefox running, in which the guide says

    Downloading, Installing, and Running HijackThis


    please run run the HJT part of the guide and post a new log.... Cheers.
     
    DavidGP, Jun 22, 2006
    #2
  3. Jagged Fel

    Jagged Fel Private E-2

    Sorry, i didnt really read that part. Here is the new hijackthis log as requested. :)
     

    Attached Files:

    Jagged Fel, Jun 22, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Jun 23, 2006
    #4
  5. Jagged Fel

    Jagged Fel Private E-2

    All those files in the smitrem Guide. I found absolutley none of them. Is that normal? Well here is my panda scan, bitdefender scan, and smitrem log. Btw I did have SpywareQuake. But it was not in the add/remove programs. It was only visible in the hijackthislog, and I removed it way before i posted here. BUT my explorer is still going to the wrong website, and im pretty sure if i take down sygate firewall, ill get popups again.
     

    Attached Files:

    Jagged Fel, Jun 23, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That's because some of the other tools (including SmitRem) already found some of them and deleted them. However you have a newer form of SpywareQuake that I have not yet added to the removal procedure. We need to fix a few things and look for one other potential DLL file.


    Copy the text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now reboot into safe mode and run the SmitRem procedure again and save a new smitfiles.txt log.

    Then while still in safe mode look for the below file and either delete it or rename it as per the previous procedure and then delete it later after another reboot if still necessary.

    C:\windows\System32\viwpzla.dll

    If you do not find the file, that's okay, just continue.

    Then reboot to normal mode and attach the smitfiles.txt log and a new HJT log. Also tell me how things are working now.
     
    chaslang, Jun 24, 2006
    #6
  7. Jagged Fel

    Jagged Fel Private E-2

    Is there a reason why everything is done in safe mode? I ran smitfraud after doing everything else you said, I didnt find Viwpzla.dll either. Thanks for the help, i think my computer is clean now because Explorer went back to its original MSN.com webpage. Here is the the smitfraud.txt
     

    Attached Files:

    Jagged Fel, Jun 24, 2006
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Many procedures are performed in safe mode because fewer things load in safe mode and it makes it easier to remove various malware problems that way. Sometimes it is the only way to resolve problems.

    Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

    After that, you should work thru the below link:

    How to Protect yourself from malware!
     
    chaslang, Jun 24, 2006
    #8
  9. Jagged Fel

    Jagged Fel Private E-2

    Thank you very much chaslang. You always seem to be on top of things :) Ill do what you said, thanks again and have a great summer.
     
    Jagged Fel, Jun 24, 2006
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely and have a nice summer yourself!
     
    chaslang, Jun 24, 2006
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds