1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please Help.

Discussion in 'Virus & Other Malware Removal' started by Curor, Sep 1, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Curor

    Curor Thread Starter

    Joined:
    Sep 1, 2004
    Messages:
    7
    Hello, I have run both Ad-ware 6.0 and Spywareblaster, yet i have these remainging on my system. I am computer illeterate, so what can i do?

    Thanks in advance.

    Please Note: I keep getting these ?pop-ups? xads :confused:
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,860
    Hi and welcome to TSG,

    Please download and run the following programs:

    CWSHREDDER

    http://www.majorgeeks.com/download4086.html

    Close all browser windows, open cwshredder.exe then click "Fix" and let it run.

    Then restart your computer.

    IMPORTANT! To help prevent this from happening again, you should install all the Microsoft security patches and critical updates.

    AD-AWARE

    Go here: http://www.lavasoftusa.com/support/download/
    and download Ad-Aware SE Personal

    Install the program and launch it.

    First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.

    Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.

    Then, deselect Search for negligible risk entries.

    To start the scan, click the Next button.

    When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next)

    Restart your computer.

    SPYBOT SEARCH & DESTROY

    http://majorgeeks.com/download2471.html

    Open Spybot Search & Destroy (Click Start, Programs, Spybot S&D (Advanced Mode). Click online, Search for updates, Download all available updates. Close all Browser windows, Click ''Check for Problems''. Anything that needs to be fixed it will show in red and have a green check in the box to the left. Click ''Fix Selected Problems'', Then restart your computer.

    Then, after rebooting, please post another log and we’ll see what’s left to get rid of.
     
  3. Curor

    Curor Thread Starter

    Joined:
    Sep 1, 2004
    Messages:
    7
    Ok, I finished the procedure you recommended.

    Thanks is advance
     
  4. Curor

    Curor Thread Starter

    Joined:
    Sep 1, 2004
    Messages:
    7
    *bump* :)
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,860
    Download and run the RapidBlaster Killer tool:

    http://www.wilderssecurity.net/downloads/rbkiller.exe

    You will need to uninstall MessengerPlus as it comes bundled with lop.com.

    Also, I suggest you get rid of WildTangent unless you absolutely need it for games.

    Before you proceed with those instructions, please move Hijack This into its own folder in program files or my documents but not in the temporary files or on the desktop, so it can create proper back-ups and restore them if necessary.

    Turn off system restore. On the desktop, right-click on My Computer, click properties, click system restore tab, check turn off system restore, click apply and then OK. Restart your computer. Once your system is clean you will turn it back on and create a new restore point.

    Rescan with Hijack This, close all browser windows except Hijack This, put a check mark beside these entries and click “fix checked”.

    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll

    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll

    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll

    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

    O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"

    O4 - HKLM\..\Run: [EmailMesh] C:\Documents and Settings\Rithwik\Desktop\client.exe

    O4 - HKLM\..\Run: [yijketts] C:\WINDOWS\njzavikq.exe

    O4 - HKLM\..\Run: [rb32 ml710e] "C:\Program Files\RapidBlaster\rb32.exe"

    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

    O4 - HKLM\..\Run: [kyshrxykxp] C:\WINDOWS\system32\igvyhtdw.exe

    O4 - HKCU\..\Run: [Cuckoo Clock] "C:\PROGRA~1\WARCRA~1\Cuckoo.exe"

    O4 - Global Startup: Digital Line Detect.lnk = ?

    O8 - Extra context menu item: >>> FREE PORN GALLERIES <<< - javascript:{document.location='http://sexmaxx.com/freegalleries.htm';}

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll


    Then boot to safe mode (see how below), locate and delete these files and/or folders:

    C:\Program Files\Messenger Plus! 2 - folder
    C:\Documents and Settings\Rithwik\Desktop\client.exe - file
    C:\WINDOWS\njzavikq.exe - file
    C:\Program Files\RapidBlaster - folder
    C:\Program Files\WildTangent - folder
    C:\WINDOWS\system32\igvyhtdw.exe - file
    C:\PROGRA~1\WARCRA~1\Cuckoo.exe" - folder (The name will start with WARCRA and it will contain the file Cuckoo.exe)

    How to restart to safe mode:
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam

    Because XP will not always show you hidden files and folders by default, Go to Start - Search and under "More advanced search options". Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

    Next click on My Computer. Go to Tools - Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types". Now click "Apply to all folders"
    Click "Apply" then "OK"

    Then reboot and post another log.
     
  6. Curor

    Curor Thread Starter

    Joined:
    Sep 1, 2004
    Messages:
    7
    Ok done. I tried to connect to the internet in "safe mode" but could not (my modem light was not working). However, I ran highjack this in safe mode:

    Could not find:

    C:\Program Files\Messenger Plus! 2 - folder (i have MSN 6.2, I uninstalled this long ago...but perhaps not properly?)

    C:\Program Files\RapidBlaster - folder (not found - searched as instructed - no result)

    C:\Program Files\WildTangent - folder(not found - searched as instructed - no result)

    C:\PROGRA~1\WARCRA~1\Cuckoo.exe" - folder (might be part of warcraft wallpaper - file not found - searched as instructed - no result)


    Also, I got this thing called "selective start up" after switching from safe mode. What is this?
     
  7. Curor

    Curor Thread Starter

    Joined:
    Sep 1, 2004
    Messages:
    7
    Non-Safe Mode Hijack Log:

     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,860
    Selective start-up means you have some things unchecked in msconfig so they don't start-up when you reboot.

    It would be best to go into msconfig and put a check beside everything and then post another log so that nothing is hidden. You can go back and uncheck the ones you don't want on start-up afterwards.
     
  9. Curor

    Curor Thread Starter

    Joined:
    Sep 1, 2004
    Messages:
    7
    P.S Can I turn on System Restore now?
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,860
    Everything looks good now but you still have some things unchecked in msconfig. If you want to yuo can check everything in msconfig and post another log for review.

    Based on this log, yes you can go ahead and turn system restore back on and create a new restore point.

    http://www.pchell.com/virus/systemrestore.shtml

    I also recommend downloading SPYWAREBLASTER & SPYWAREGUARD, for added protection.

    http://www.javacoolsoftware.com/spywareblaster.html

    Read here to see how to tighten your security:

    http://forums.techguy.org/t208517.html
     
  11. Curor

    Curor Thread Starter

    Joined:
    Sep 1, 2004
    Messages:
    7
    Ok thank you very much, you have been very helpful.
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,860
    You're welcome. (y)

    I’m closing this thread now as it has been solved. If you have more problems related to this thread and need it reopened, please PM a Moderator.

    ANYONE ONE ELSE WITH A SIMILAR PROBLEM PLEASE START A NEW THREAD.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/269179

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice