Spyware Still Buggin'

1st of all props to every1 on this website helping people out and for all the info posted.

ive read the 'DO NOT POST UNTIL YOU HAVE READ THIS: How to: Spyware, Trojan And Virus Removal' thread and followed everything said (only i didnt run the 'Symantec Security Check' as im using firefox), and ive stil got spyware problems :

*the (mainly porn) icons are still on my desktop and dont go away if i delete them

*i get random popups even if my browser is closed and has been for a while, it reopens with a pop up

* i keep getting those warning signs like 'warning your pc is affected with spyware, click here to take care of this problem'

any help would be appreciated thnx

 

http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

all done the way u said

 

The first thing I notice is that your Operating System is out dated. After we get your system clean you need to surf in to Windows Updates and install Service Pack 2.

Also, I notice that your running Norton AntiVirus and AVG AntiVirus. This is NOT recommend and will cause conflicts on your computer. Pick ONE and uninstall the other.

Please look in Add or Remove Programs for the following and Uninstall them if found:

SpyWare Vanisher
This is on the list of Rogue Anti-Spyware programs!

Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.


Now, look in Task Manager (Ctrl-Alt-Del) for the following running process and, if you see it, try to END it:

FreeScanner.exe

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0278/

O1 - Hosts: 64.91.255.87 www.dcsresearch.com

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan

O9 - Extra button: Microsoft AntiSpyware helper - {4900E6D2-4E0D-4591-9859-26C867279EC3} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4900E6D2-4E0D-4591-9859-26C867279EC3} - (no file) (HKCU)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Navigate to and DELETE the following if they should remain:

C:\spywarevanisher-free

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot your computer!

Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

did everything you said, uninstalled norton. my laptop is running quicker but the browser still takes a while to load, and i still have those icons on my desktop that dont go away, and i still get those popups and warnings.

i ran hijackthis and fixed, along with the other files you told me to,
''R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.newgenlook.info/ad/ad0278/'', but it doesnt seem to go away as the next time i run a scan it is still there

here is my updated hijackthis log

 

Download and install Microsoft® Windows AntiSpyware during the install make sure you get any updates.

Please make sure ALL Browser Windows are Closed! Now reboot into SAFE MODE!

Now allow the Microsoft Antispyware program to run a full scan. After it completes, scan with HJT and have it fix the below entry if it still remains.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0278/


After you complete ALL of the above post a fresh HJT log.

 

did exactly as you said...closed all browser windows then booted in safe mode. the microsoft windows antispyware did a full system scan and found nothing, i then ran HJT and 'R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.newgenlook.info/ad/ad0278/'' is still there, if i select and fix it, it just reappears on my next scan. all this was done in safe mode with no browser windows open. i saved the log in safe mode as well here it is.

 

Before we try anything else, lets do a scan with SpySweeper.

Please download, install, and update: Spy Sweeper
Then run a full scan with Spy Sweeper and fix what it finds. Post the log from Spy Sweeper as an attachment. Now boot into safe mode and run Spy Sweeper again. Save the log again. Reboot in normal mode and post both SpySweeper logs.

 

thanks for the quick response appreciate it, downloaded and ran spysweeper like you said, first in 'normal windows' and secondly in safe mode. in normal windows it found some adware and fixed it, the log for it is the first log attatched.

on the second, safe mode scan it came up with nothing, and it added the log info to the previous log. as you wanted the two logs separate i cut and paste the safe mode scan log only. this is the second log i have attatched.

i will attatch the third attatched log, which is both the first and second scan, the way spysweeper saved them after i clicked save log after the second scan.

still popups and icons...starting to get really fustrating...thanks your all your help so far at least the speed isnt as slow

 

here is the third log, a log of both scans together, the way spysweeper saved them after i clicked save at the end of the second scan (in safe mode)

 

You will have to manually remove the icons, select the icons you want to remove. Press the SHIFT key and then hit the DELETE key while holding the SHIFT key. Doing this removes the files without sending them to the recycle bin.

Are you still having problems?

 

yes i am still having problems, the icons still reappaear within a few minutes, and i still keep getting popups and my current website changes randomly to some porn or ad...further help would really be appreciated...thnx agen

 

Download the Generic Detection Tool - NT/2000/XP

NOW:

Unzip the Generic Detection Tool to a safe folder of your choice and run "find.bat" - Allow it as much time as it needs to run. You may get an error message of "File Not Found," but just let it go.

The tool should generate a long text file. Attach this log as an attachment to your post.

 

all done

 

That log is clean as well. Lets try running Ad-Aware and removing what it finds.

Download Ad-Aware SE Personal 1.05

Note: Be sure you update your reference file!

Then run a FULL SYSTEM SCAN removing all found infections.

 

downloaded, updated and ran the program, and it found zero 'suspicious files', HOWEVER twice during the scan i got a popup from Ad Aware saying 'virus found', but in each case when i clicked heal, delete or move to vault i got an error message saying 'cannot perform action for this file'

the files are:

C:\DOCUME~1\DOCTAK~1\LOCALS~1\Temp\AAWTMP\C14003055\38823D\Counter.class

C:\DOCUME~1\DOCTAK~1\LOCALS~1\Temp\AAWTMP\C14003055\38823D\Parser.class

virus identified Java/ByteVerify

 

Boot into Safe Mode and navigate to the below folder. Delete everything in this folder!

C:\Documents and Settings\DOCTAK~1\Local Settings\Temp

 

hi sorry for the slow response, moved house so jus got my net connection set up. i did what you said in your last post but am still having all sorts of spyware problems, would really appreciate if you could continue to help me out. here is my latest hijackthis log

 

The only problem I see in your HJT log is the one below, if you know the site its not even bad.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0278/

One thing I do notice if that your OS is out dated. You need to surf in to windows updates and get updated. You need to install Service Pack 2 so you wont have any problems.

What malware problems are you currently having?