spyware problem

Discussion in 'Malware Help (A Specialist Will Reply)' started by kiwanos, Jan 5, 2006.

  1. kiwanos

    kiwanos Private E-2

    I have already tried everything in your READ ME FIRST but I still have a balloon in the corner of my desktop saying I have malware. It looks like it is connected to Explorer updates and will not go away. I did manage to get rid of the pop-ups. I am sending two logs in the hopes that you can help


    Incident Status Location


    Edit by chaslang: Inline logs attached
     

    Attached Files:

    Last edited by a moderator: Jan 5, 2006
    kiwanos, Jan 5, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please read & follow steps 6 & 7 of the READ ME again.

    You must attach all logs not post them inline. Also you did not install HJT properly. In additon there should be 3 total attachments:
    - BitDefender log
    - PandaActiveScan log
    - HijackThis log

    Again all as attachments.

    Were the below in Add/Remove programs to uninstall:
    Security iGuard
    SpyAxe

    Did you install the below two items yourself:
    O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\The Weather Channel.exe
    O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe


    You should run the below since you have this infection:
    Smitfraud, SpySheriff, SpyAxe & PSGuard Removal
     
    Last edited: Jan 5, 2006
    chaslang, Jan 5, 2006
    #2
  3. kiwanos

    kiwanos Private E-2

    sorry about that. I did find and remove spy axe yet this morning I found it on my desktop again. The other two Items you asked about were put onthe computer by myself. I will try the other things and reinstall hijackthis properly.
     
    kiwanos, Jan 6, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay! When finished, attach the BitDefender log, the smitfiles.txt log, and a new HJT log.
     
    chaslang, Jan 6, 2006
    #4
  5. kiwanos

    kiwanos Private E-2

    I finished with the scans and the balloon in the corner saying I have malware is now gone. everythiseems to be fine. I am attaching the log files just in case I missed anything
    Thanks

    I hope I attached them properly
     

    Attached Files:

    Last edited by a moderator: Jan 7, 2006
    kiwanos, Jan 7, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please do not use the Paper Clip at the top of the message editor to put logs as inline links. We simply want the messages attached. Notice how I changed your previous links into attachments only.

    Are your Comcast and Yahoo Toolbars working OK? The below seems to indicate the files are missing. Are they really missing?
    O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

    You should have HijackThis fix the below lines (make sure browsers are closed before clicking Fix checked):
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=493
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    F3 - REG:win.ini: run=

    After clicking Fix, exit HJT.

    Now we need to Reset Web Settings:
    1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

    Now reboot into safe mode and use Windows Explorer to delete:
    C:\WINDOWS\SYSTEM32\Direct Sex Access-uninstall.exe
    C:\WINDOWS\SYSTEM32\tmp3.txt
    C:\WINDOWS\woinstall.exe

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    Last edited: Jan 7, 2006
    chaslang, Jan 7, 2006
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds