Spyware problem

Discussion in 'Malware Help (A Specialist Will Reply)' started by zygmore, Feb 3, 2005.

  1. zygmore

    zygmore Private E-2

    Last night i scanned a friends computer for spyware, but there is still something lingering around. I'm having trouble locating the problem, and i have followed the steps in the threads. My HijackThis log is posted along with this post. If someone could help me locate the problem and fix it. THe computer is a mobile pentium 4 IBM. THat's all the info i have as of right now. I appreciate the help.

    I know i'm not supposed to attach the log untill asked, but frankly i don't have the time to wait to be asked... And I am the spyware guy at my work so I do have some experience working with this stuff.
     

    Attached Files:

    zygmore, Feb 3, 2005
    #1
  2. TheOldThug

    TheOldThug First Sergeant

    This is bad
    C:\WINDOWS\mmups.exe
    http://www.processlibrary.com/directory/files/mmups/index.php

    If you want to get started on this you can do the following:

    Please look in Add or Remove Programs for the following and Uninstall them if found:

    Might have a name with this in it
    Roimoi/Media-Motor

    Please print out these instructions so you may operate with All Browser Windows CLOSED.
    Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

    Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them if possible:

    mmups.exe

    Now scan with HijackThis and Check the Boxes for the following:

    O4 - HKLM\..\Run: [mediamotor.exe] C:\WINDOWS\mmups.exe


    Again, make sure All Browser Windows are Closed when you Click FIX.

    NOW:
    Please boot into Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE the following if they should remain:

    C:\WINDOWS\mmups.exe

    NEXT:
    Run CCleaner and Spybot S&D and have Spybot fix what it finds.

    Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
    Temporary Files
    Temporary Internet Files
    Recycle Bin

    And Click OK.

    Reboot to Normal Windows and Scan with HijackThis and attach that log.
    Let me know how your computer is running now and if you had trouble with the above instructions.

    Good luck
     
    TheOldThug, Feb 3, 2005
    #2
  3. PhilliePhan

    PhilliePhan Guest

    Hi zygmore,

    Agree with TheOldThug that the only real baddie left in the log is mmups.exe

    You should also clean these with HJT:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
    Are these two the desired setting?
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm

    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

    Those are just minor cleanup. Reset your Web Settings afterward and tell us how things are looking.

    PP :)
     
    PhilliePhan, Feb 3, 2005
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds