Wild Tangent

Recently, Spybot picked up Wild Tangent on my computer. It got rid of it, but now Spyware Doctor found it, and of course, wants me to buy registered version to get rid of it.

I did a search on here, read what has been written and seems there are mixed feelings about Wild Tangent.
Do I need to get rid of it? Is it harmless?
Help please.

Gal

 

Welcome

Most of the PROs on here will recommend that you get rid of it. We can help you do that. Many times if you have one piece of malware you may have more. That is why we suggest the following.
This site has alot of good tools for cleaning up your computer. It's very important that the first thing you do is the following:

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal.
If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

Try this... you may find it's all you need. If not post your results and I am sure someone wll help you. Everyone is quite busy, as you can see by the number of posts, so hang in there. Good Luck!!

After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, INCLUDING YOUR WEB BROWSER, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder for example C:\Program Files\HJT

Let us know what you decide to do.

 

Wild Tangent is Game Publishing software. Its not really that bad, but personally I wouldnt have it on my machine.

You should be able to go into Add/Remove Programs, and it should be listed in there to remove. Just to be sure you have no other infections procede with Thugs instructions.

 

Thanks for the advice. I checked Add/Remove and it is not there. I will follow the other steps, but will take me quite a while. I haven't been on IE for some time, but need to for the online scans. I only connect at 28.8 so the scans take a long long time. I already run adaware, spybot every day but will also run the others.

I will post results when I get them done.
Gal

 

This is how far I am right now. Have the downloads ready.
Cannot run housetrend. Screen pops up and says done and stays white as soon as I tell it to check computer.
Symantec ran and found no viruses.
Now, I boot into safe mode. I cannot connect to the internet. I click on what I usually do and nothing happens. Any ideas?

Gal
PS. I am heading to bed. Have to get up at 3:30. Will try doing some more in the morning before work.

 

1: Virus And Trojan Scanning
a) Win9x (Windows 95, 98, 98SE) users boot normal mode.

b) And Windows XP, 2000, NT, ME, users boot in "safe mode with networking support" (and remain in there). See how to boot in safe mode below.

How to boot in safe mode: To boot into safe mode, restart your computer and tap the f8 key (after first black and white screen, but before the Windows splash screen) until you get to a black and white screen asking you what to do. With Windows XP, 2000, NT, ME: Use your arrow keys and select "safe mode with networking support".

Do as much as you can. If it is supposed to be run in Safe Mode and you are having problems doing it - then do it in normal mode. Let us know what you could or couldn't do and then submit a HJT as per the instructions.

Good Luck

 

I did boot into safe mode with networking support. I am just clicking on my connection on the desktop. Should I be trying it from somewhere else?
But, I am off to bed. Was just reading an email from my mom when I saw you posted.
Thanks again.
Gal

 

You are on dial up I see.

 

I am not sure but you may not be able to "safe mode with networking support" with dial up. That's OK. Do what you can from THE READ ME FIRST and send a HJT log.

 

I could not do scans in safe mode, but did the rest.

I went down the list and nothing was found.
Am attatching a hijackthis log. sure hope I did it right.

Thanks for any and all help.
Gal

 

Please allow me a moment to post you a fix.

 

Thanks bj. I sure appreciate it

Gal

 

Do another scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavili on&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavi lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavi lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavi lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://miva.sctimes.com/miva/cgi-bin/miva?CMN/Local/index.mv
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavili on&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavi lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavi lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavi lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavili on&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

Are you familiar with this entry? If so, leave it as is.



Again, make sure All Browser Windows are Closed when you Click FIX.


NEXT:
Run CCleaner


Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


FINAL STEP

Reset Web Settings & Default Security Settings:


To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK


To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.


Your log isnt that bad, what problems are you currently experiencing?

 

Thanks bj for the help. I did all you said except for the 017 line. I am thinking that is my ISP?

I wasn't really having trouble. Just Spyware Doctor picking up Wild Tangent. In fact, it still does, so I am thinking is might be a false positive? Spybot had found it earlier this week and got rid of it.

Thanks again all for the help.
Gal

 

Did you complete the other steps I mentioned?

 

Yes, I did all of them, then, rebooted computer and that's when spydoctor still found it.

Gal

 

Does it give you a location as to where the infection(s) are located?

 

Spyware Doctor Activity Report

Generated on 3/11/2005 4:49:24 PM

Spyware Doctor Homepage PCTools Homepage Technical Support

Scans (basic information only):

Scan Results:

scan start: 3/11/2005 4:49:48 PM

scan stop: 3/11/2005 4:56:07 PM

scanned items: 68635

found items: 1

found and ignored: 0

tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, Browser Scanner, Disk Scanner



Infection Name Location Risk

WildTangent C:\PROGRAM FILES\Java\jre1.5.0_01\bin\jDRM0302.dll Medium



Other Sections:

 

Download the following tool:

Pocket KillBox

Run this program!

Copy & paste the below line into killbox.

C:\PROGRAM FILES\Java\jre1.5.0_01\bin\jDRM0302.dll

Select Delete on Reboot

Now, reboot your machine and let me know if you still get it!

 

I downloaded Pocket Killbox, copy and pasted, clicked on delete on reboot, then exited and rebooted.
Still there.

Gal

 

Do you have System Restore disabled? If you dont, please disabled it!

Reboot, into Safe Mode

Navigate to and manually delete this file. Make sure you have "view hidden files & folders" enabled per the tutorial.

C:\PROGRAM FILES\Java\jre1.5.0_01\bin\jDRM0302.dll

 

Yes, I still have System Restore disabled and view hidden files is set.

I am dumb when it comes to safe mode. How do I navigate to that file?

Thanks
Gal

 

Reboot, tap F8 when you see the BIOS screen load. When the options appear choose "Safe Mode"

Once windows has loaded, go into the folder:

C:\Program Files

Once in this directory, open the folder Java\jre1.5.0_01\bin
Note: You should now be in: C:\Program Files\Java\jre1.5.0_01\bin

Now, look for the file: jDRM0302.dll

Delete if found!

After this reboot and see if its still there.

 

Thank you so much, bj, for all the time you put into helping me. It is gone now. I did a quick scan and full scan with spydoctor.

I appreciate it so much.
Thanks again
Gal

 

Your Welcome! Glad you got it off

You should see this article on How to Protect yourself from malware!