World Antispy

Upon startup, my desktop page defaults to black background and the following message: "Warning: Your computer may be infected with spyware or adware!!! Click here for More".

I have read and run the online scanners and followed all instructions on "read me first" but cannot get the above problem to resolve. I also ran highjackthis and am attaching the log below:

• Edit by bjgarrick: Unrequested, Inline HJT log removed!

Please help me resolve this extremely annoying problem. Thanks very much

cmac32

 

Do not copy and paste logs into your post; always include logs as attachments.

Now scan and have HJT Fix the following:

Download
- Pocket Killbox

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click OK.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.
Please download Spy Sweeper

• Click the link above to download the program.
• Install it. Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed, click Options on the left side.
• Click the Sweep Options tab.
• Under What to Sweep please put a check next to the following:
  • Sweep Memory
  • Sweep Registry
  • Sweep Cookies
  • Sweep All User Accounts
  • Enable Direct Disk Sweeping
  • Sweep Contents of Compressed Files
  • Sweep for Rootkits
  • Please UNCHECK Do not Sweep System Restore Folder.
• Click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into notepad and save it as spysweeper.txt and attach it to your next post along with a fresh HJT log.

 

Thanks for your reply. I attached the spysweeper results and the most recent HJT log below.

 

Scan with HijackThis and fix the following:

Post a fresh HijackThis log after you have completed the above.

 

Thanks. Here is the latest log. Also, the background on my desktop is now white, with the previous message re: World Antispy no longer appearing.

 

Your HijackThis log is clean.

Please follow the instructions in the following thread:
Running Ewido Security Suite

Post the Ewido log when done with the above.

 

Thanks. Attached is the Ewido log.

 

Ewido found and removed several cookies.

Run CCleaner before doing the below.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

 

Thanks. Attached is the WinPFind log.

 

Your system appears to be clean.

Download and run Wallpaper Hijack Remover.

 

Thanks. When I boot up, my deskstop starts with the appropriate background but then turns to solid white. Any suggestions?

 

Please run Panda Online Scan. After the scan attach the log to your next post. Also please follow the below:

1 - Please EXTRACT all files from Qoologic Tool to its own folder - C:\Program Files\QoologicFinder . Then, DoubleClick Find-Qoologic.bat to run the tool. It should produce a log - Please attach that with your next post!

2 - Please EXTRACT all the files form RKFiles Tool to its own folder named C:\Program Files\RKTOOL. Then, Please boot to SAFE MODE and DoubleClick rkfiles.bat to run the tool. Let it run and then, when it finishes, look for a log at C:\Log.txt and please attach that log.

Now come back here and post all three logs as attachments

 

I ran Panda, but it did not produce a log. The scan showed clean. The other 2 logs are attached. Thank you.

 

It has to be something left over from World Antispy that isn't showing in your logs.

Just incase anything strange is lurking in the run keys, run this batch script.

Download to your Desktop
- getrunkey.zip

Extract getrunkey.bat from the zip file and run getrunkey.bat by double clicking on it. This will create a file named c:\runkeys.txt.

Post runkeys.txt as an attachment.

 

Here you go.

 

Nothing to be concerned in your run keys.

Do you have Active Desktop enabled, if so disable it. What happens.

 

That did it. Thanks alot.

 

You are welcome.