Spyware/Trojan. I tried everything and can't get rid of this.

Discussion in 'Malware Help (A Specialist Will Reply)' started by metalmilitia, Nov 23, 2005.

  1. metalmilitia

    metalmilitia Private E-2

    I tried following your guides to removing spyware/trojans and it cleared a lot but it seems like it keeps coming back. I get a lot of stupid spyware popups still even though most spyware scanners say i'm clean.
    I used trendmicro online virus/spyware scanner. The online Trojan Scanner.
    Adaware, spyware search &destroy, microsoft antispyware,Ewido, a-squared, and CC cleaner.

    Here's my HJT this log, the only real thing that stands out to me is the
    O20 Winlogon Notify thing, no matter what I do I can't get rid of it and I think it's my problem.
    Hope you can help me before Saturday, I'm in the military and i'm going to Pakistan for a few weeks.
     

    Attached Files:

    metalmilitia, Nov 23, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That's a Look2Me infection. You first need to follow the instructions in step 7 of the READ & RUN ME. You did not install HJT properly and logs must always be posted from normal boot mode. Do not post a new one yet. First run the steps in the below link and make sure you save and attach the log from SpySweeper:

    Running Spy Sweeper...

    Then attach a new HJT log from normal boot mode and the SpySweeper log to your next message.
     
    chaslang, Nov 23, 2005
    #2
  3. metalmilitia

    metalmilitia Private E-2

    I had already run Spy Sweeper last night, here is the log from it. You are right I did have the Look2Me but Spy Sweeper had it listed as the second most critical infection.
     

    Attached Files:

    metalmilitia, Nov 23, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay! So now post the new HJT log I requested from normal boot mode so we can make sure you are clean.
     
    chaslang, Nov 23, 2005
    #4
  5. metalmilitia

    metalmilitia Private E-2

    OK here is the new HJT log, i moved it to it's own folder and shut down all running programs and ran it in normal mode like you said.
     

    Attached Files:

    metalmilitia, Nov 23, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay you are pretty clean now, but the below two line should be fixed using HijackThis:

    O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

    And as a personal opinion, I do not like or trust any of the below type of sites! I think people are picking up malware from these kind of sites. But it is your decision what to do with them. They will just keep coming back if you are going to use those sites again.
    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - G:\Program Files\Poker.com\poker.exe
    O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - G:\Program Files\EmpirePoker\EmpirePoker.exe
    O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - G:\Program Files\EmpirePoker\EmpirePoker.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - G:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - G:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
    O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - G:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

    However your biggest issue is that your OS and IE versions are way out of date and represent a major security risk. You should complete all the steps in the below link. The first step in that link is a visit to Microsoft Update.

    How to Protect yourself from malware!
     
    chaslang, Nov 23, 2005
    #6
  7. metalmilitia

    metalmilitia Private E-2

    OK i fixed those 2 lines and i'm not noticing anymore popups, thanks for the help. I'll read up on that link to protect against malware better when i get home from work.
     
    metalmilitia, Nov 24, 2005
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Nov 24, 2005
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds