Trouble getting rid of Spyware

Discussion in 'Malware Help (A Specialist Will Reply)' started by luandreoni, Feb 21, 2007.

  1. luandreoni

    luandreoni Private E-2

    Hey Guys,

    AVG has identified and quarantined the following file in a recent scan:

    c:\\windows\system32\ipsecs.exe

    I seem to get this over and over again and everytime I run another scan I get a bunch of Trojans.

    I have followed all the steps on READ & RUN ME FIRST. Please note that I ran these in Normal mode as I didn't manage to start my computer in safe mode (in case you were wondering, yes I'm blonde!) Here's what I have found:

    Spybot - Myway.Mysearch - seems like it was fixed

    CounterSpy
    eBates.Moe.MoneyMaker Adware
    KaZaA P2P Program - I have unistalled this ages ago!!!
    Kazoom Adware
    Altnet P2P Networking
    TwainTech Adware
    + a bunch of cookies which I ignored. All files were quarantined

    Bitdefender
    Trojan Downloader.BKK - disinfection failed
    Trojan Qhost.R - disinfection failed
    Generic.Botget.E73E29B3 - deleted
    Trojan.Bat.Ircflood.G - disinfection failed

    Panda ActiveScan - found 3 cookies which were not disinfected. They looked harmless though.

    I am diligently attaching all the logs as requested, including Hijack This.

    I would appreciate if you could help me in sorting this out - please note that I have never used Hijack This before, so step by step instructions would be gratefully received!!!

    Thanks a million for your help with this!

    Luciana
     

    Attached Files:

    luandreoni, Feb 21, 2007
    #1
  2. luandreoni

    luandreoni Private E-2

    And now the Hijack This log...
     

    Attached Files:

    luandreoni, Feb 21, 2007
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please attach the GetRun and ShowNew logs.
     
    TimW, Feb 21, 2007
    #3
  4. luandreoni

    luandreoni Private E-2

    So sorry - I forgot! Here you go...
     

    Attached Files:

    luandreoni, Feb 22, 2007
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please use add/remove programs to uninstall these:
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 5
    Java 2 Runtime Environment, SE v1.4.2_03
    C:\Program Files\Tweak-XP Pro 4\

    Reboot and install:
    Java Runtime 6

    Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O3 - Toolbar: (no name) - {F9BD413A-DF27-4EBC-84DF-FD800D741F75} - (no file)
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O20 - Winlogon Notify: inetdos - C:\WINDOWS\assembly\inetdos.dll (file missing)

    After clicking Fix, exit HJT.

    Now attach new logs for:

    * GetRunKey
    * ShowNew
    * HJT

    Be sure to tell us how things are running.
     
    TimW, Feb 22, 2007
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds