[nrussellmn]

This has been a nasty one (sexandpoker.com, fake Windows Security Center dialogs, etc...). Think I've got it nailed, but want to verify.

It is spyware/malware that none of the popular and not so popular anti-spyware products I've tried have removed. Latest HJT log was no real help.

Symptoms: Causes a lot of casino and adult popups, plus unwanted IE Favorites keep getting added (even after deletion) such as "Kill Annoying Popups", "(bleep) REAL GIRLS", "AdultGambling", "Free Online Dating", "Online Sex Poker Rooms", "Remove Toolbars", "Spyware Uninstall", "SPYWARE", "XXX Personal Photos", "Play Adult-Poker" etc... Popups can launch with no browser open. "Fake" Windows Security Center popups also occur. Some may have noticed in trying to install Windows service packs to fix problem reveals files such as wbemtest.exe, or pingtest.exe, or tcptest.exe cannot be found... turns out that any files ending in "test.exe" seem to be "invisible" (even in safe mode or safe mode with command prompt).

After pounding on this one for a while and examining numerous posts to no evail, I think I've beat it, but wanted to verify as this thing seems to have a nasty habit of coming back when you think you've got it beat.

I had to boot to NTFS from DOS (i.e. "NTFS for DOS" {freeware} or NFTSPRO for DOS) and delete the following files from c:\windows\system32:
csixi.exe
cisvvc.exe
rdsndin (was either .exe or .dll)

Also seems I had to take cisvvc*.pf file out of c:\windows\prefetch folder as well.

I also used HJT to take out some registry references to hosts beginning with .69

Seems to be gone now. I work on computers for a living and this is the nastiest bug I've ever battled. Has anyone any experience with this one to share as I'm not totally sure I've completely nailed it.

Nate

[Flrman1]

HI nrussellmn

Welcome to TSG!

I have split your post off into your own thread. In the future if you have a Question/Problem please start a "New Thread". It get's too confusing trying to address two different people's problem in the same thread and you may get overlooked.

Please continue in this thread.

[Flrman1]

Please do this:

First create a permanent folder somewhere like in My Documents and name it Hijack This.

Now Click here to download Hijack This. Download it and click "Save". Save it to the Hijack This folder you just created.

Click on Hijackthis.exe to launch the program. Click on the Do a system scan and save a logfile button. It will scan and then ask you to save the log. Click "Save" to save the log file and then the log will open in notepad.

Click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.