Still having problems

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ziniker, Sep 13, 2004.

  1. ziniker

    ziniker Private E-2

    I recently went through all the steps outlined to remove spyware that was recommended by the forum. I am still having the same pop up problem though. It is from a website called metarewards and I have searched the internet to find any kind of help. I was hoping someone could recommend some more things to try or possibly look at my log file from hijack this. Any help would be much appreciated. Thanks, Sean
     
    ziniker, Sep 13, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Have you look in Add/Remove programs to see if there is an uninstall?
    What had you installed on you system just prior to having this problem?

    If still having a problem (and you are sure you ran ALL steps in the READ ME FIRST), read the Sticky thread < Hijack This Tutorial And How To Post Your Log File > and following the instructions for using HijackThis and post your HJT log as a .txt file attachment.
     
    chaslang, Sep 13, 2004
    #2
  3. ziniker

    ziniker Private E-2

    I already checked my add/remove programs and there is nothing that shouldnt be there. And I did go through every step in the READ ME FIRST. There wasn't any program that I was installing besides windows xp sp2. I attached my log and from what I read about the log files it looks ok. I dont know much about it though. Thanks for the quick reply. Sean
     

    Attached Files:

    ziniker, Sep 13, 2004
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Are you sure you did what the read me said????
    You do not have the correct version of HijackThis.
    Did you check to make sure ALL the other programs requested to be run were the correct version.

    After getting the correct version into its own directory, shut down ALL other applications especially browsers and run HJT and have it fix:

    O2 - BHO: (no name) - {66FC6171-B96B-0EEB-D650-66550BDF274F} - C:\WINDOWS\system32\pubpbior.dll
    O4 - HKCU\..\Run: [Microsoft Update] mupdate.exe
    O4 - HKCU\..\Run: [Rhp] C:\WINDOWS\system32\w?nlogon.exe

    Then boot in safe mode and delete:
    C:\WINDOWS\system32\mupdate.exe (you may have to search for this file, it could be somewhere else).
    C:\WINDOWS\system32\pubpbior.dll
    C:\WINDOWS\system32\w?nlogon.exe


    Now reboot normal and post a new log attachment.
     
    Last edited: Sep 13, 2004
    chaslang, Sep 13, 2004
    #4
  5. ziniker

    ziniker Private E-2

    Seems to be better

    I ran all the test once again and then fixed those files in HijackThis. When i was in Safe Mode I wasn't able to fine the files though. I searched manually and with windows search but came up with nothing. So maybe that is good. Anyway I will post my new HijackThis log just to make sure. Thanks for all the help.

    Sean
     

    Attached Files:

    ziniker, Sep 15, 2004
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Seems to be better

    You need to use Windows Explorer (that is why we enable viewing of hidden files in the READ ME). Search requires other options to find hidden files. Run Windows Explorer and locate the files manually but navigating to the directories.
     
    chaslang, Sep 15, 2004
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Seems to be better

    Fix these lines too (see more stuff shows with the correct HJT version):

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
     
    chaslang, Sep 15, 2004
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Seems to be better

    If you are interested here is how to do a proper search for files:

    How to use windows XP search mechanism to look for hidden files:
    If you use Search, you need to do the following:
    Click Search and the Select "All files and folders"
    Enter the filename in the "All or part of the file name:" box
    Now select "More advanced options"
    Make sure the following check boxes are checked:
    - Search system folders
    - Search hidden files and folders
    - Search subfolders
    Then click the Search button.
     
    chaslang, Sep 15, 2004
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds