1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Fooled by Spyware Nuker 2004 -- how do I remove this software?

Discussion in 'Virus & Other Malware Removal' started by Pina, Jan 29, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. Pina

    Pina Thread Starter

    Joined:
    Aug 12, 2004
    Messages:
    9
    Hi,

    I downloaded Spyware Nuker 2005 to get rid of adware. To my chagrin, I later found out that the program itself is adware :mad:

    To add insult to injury, it doesn't come with an uninstall feature, so I don't know how to get rid of it for good.

    Can anyone kindly help me?

    Thank you,

    PINA
     
  2. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,781
    First Name:
    Frank
    Go to the spyware tools section at http://www.majorgeeks.com and download and save the following:

    Ad-Aware SE Personal 1.05

    Spybot - Search & Destroy 1.3

    HijackThis 1.99.0


    Install Ad-Aware and Spybot. After you install them, run their update function and get the latest files installed. Once you've updated them, run a full system scan with Ad-Aware. Once the scan is finished, select and delete everything that it finds. Run a scan with Spybot. Once the scan is finished, select and delete everything in red that it finds.

    HijackThis does not install, so you have to unzip it into a folder that you create for it. Do not unzip it into a folder in the C:\WINDOWS\TEMP folder. Once it's unzipped, double-click the HijackThis .exe file. Click "Scan" and allow the scan to finish. Click "Save Log" and save the log in text format with Notepad. Copy-and-paste the entire log here so we can view it.

    ----------------------------------------------------------------

    If Spyware Nuker 2005 doesn't have an uninstall feature, you'll likely have to delete its files and registry entries manually.

    Read here.

    ----------------------------------------------------------------

    Before you openly download and install any program that claims to get rid of or fix something, do a little research on it first. If you post the program on this forum in the "All other software" or "Security" section, I'm sure that one or more persons will give you advice about using it.

    ----------------------------------------------------------------
     
  3. Pina

    Pina Thread Starter

    Joined:
    Aug 12, 2004
    Messages:
    9
    Ok, I ran adaware, spysweeper and spybot. Deleted all the junk and restarted the computer.

    Here's the hijackthis scan:

    Logfile of HijackThis v1.97.7
    Scan saved at 20.14.11, on 29/01/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\Programmi\Sygate\SPF\smc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\Programmi\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Programmi\Apoint\Apoint.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
    C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Programmi\Apoint\Apntex.exe
    C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
    C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmi\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [HPpromo psc 2175] "C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe" /N "psc 2175" -r
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - HKCU\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2277d088ab1134bc4f06/netzip/RdxIE601_it.cab


    Also, spybot couldn't get rid of these of a bunch of HKEY_USERS (registry keys?)


    What should I do next?

    Thanks,

    P.
     
  4. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,781
    First Name:
    Frank
    Where did you get HijackThis from? You're using version 1.97.7. The current version is 1.99.0. Get it here and replace the older HijackThis.exe file.

    ----------------------------------------------------------------

    There are programs running in the background that don't need to be.

    Click Start - Run, type in MSCONFIG, then click OK - Startup(tab). Uncheck the following:

    igfxtray.exe Read here.

    hkcmd.exe Read here.
    (THe above 2 should be disabled at the same time and just one of them)

    realsched.exe Read here.

    ypager.exe Read here.
    (You can start this program manually when you're ready to chat)

    click Apply - OK, then reboot.

    ----------------------------------------------------------------

    Post another log after you've updated HijackThis and done the above.

    -----------------------------------------------------------------
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Fooled Spyware Nuker
  1. dano_61
    Replies:
    11
    Views:
    164
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/324576

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice