Solved: Anti Malware

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

jdaries

Thread Starter
Joined
May 19, 2005
Messages
115
Hello everyone,

Thanks for taking time to read this thread. I'm getting lots of pop ups, I've ran Microsoft Anti Spyware and Ad-aware but they keep coming. Can anyone suggest a good anti malware freeware? Thanks in advance.

-jdaries-
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,263
Assuming that you're using Windows XP SP2, make sure that the built-in pop-up blocker is enabled.

-------------------------------------------------------------------------------------

Click Tools - Internet Options - Privacy - Advanced. Select

Override automatic cookie handling
First party cookies - Accept
Third party cookies - Block
Always allow session cookies


-------------------------------------------------------------------------------------

Make use of both

Ad-Aware SE Personal 1.06
Spybot - Search & Destroy 1.4


and make sure to run their update function at least once a week and install all updates that are available for them.

-------------------------------------------------------------------------------------
 

jdaries

Thread Starter
Joined
May 19, 2005
Messages
115
Hi Flavallee,

Sorry for leaving out that information; yes I am using XP. Thank you for your reply, I will check those settings and keep you up to date.
 

jdaries

Thread Starter
Joined
May 19, 2005
Messages
115
Now my homepage is stuck on a spyware website. I've changed the homepage in Internet Options, but the homepage still remains on the same website-Securitycaution.com. I've ran Search and Destroy, Adaware, and Microsoft Antispyware. I don't know what else to do. Please advise. Thank you
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,263
We're going to need to see a HijackThis log so we can see what's running in the background and what "nasties" are present.

Go here and click the "HijackThis Self Installer" link so you can download and install HijackThis 1.99.1. Make sure to direct it to install inside the C:\PROGRAM FILES folder. Run a scan with it, then save the resulting log and copy-and-paste its entire contents here.

-------------------------------------------------------------------------------------
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Sounds like another Smitfraud infection. We will know more after seeing the Hijack log.
 

jdaries

Thread Starter
Joined
May 19, 2005
Messages
115
Hi Flavallee and Cheeseball81,

Here is HiJack Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:16:11 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp6726.tmp
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChatENU/TLIEFlash.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{119F14A7-0C08-4487-8559-3423BBB165FB}: NameServer = 151.164.11.201,151.164.160.201
O17 - HKLM\System\CS1\Services\Tcpip\..\{119F14A7-0C08-4487-8559-3423BBB165FB}: NameServer = 151.164.11.201,151.164.160.201
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
* Click here to download smitRem.exe.
  • Save the file to your desktop.
  • It is a self extracting file.
  • Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
  • Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.

* Download the trial version of Ewido Security Suite here.
  • Install ewido.
  • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido
  • It will prompt you to update click the OK button and it will go to the main screen
  • On the left side of the main screen click update
  • Click on Start and let it update.
  • DO NOT run a scan yet. You will do that later in safe mode.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.


* Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop


* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.


* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Post a new HiJack This log along with the results from ActiveScan and the Ewido scan and post the contents of the smitfiles.txt.
 

jdaries

Thread Starter
Joined
May 19, 2005
Messages
115
Hi Cheesball81,

I've printed out your instructions and will get back to you with results. Thanks alot.
 

jdaries

Thread Starter
Joined
May 19, 2005
Messages
115
Hi Cheeseball81,

Do you know of any other links that for the Smitrem? the link above doesn't work for me. I've googled it also and those links don't work. Thanks.
 
Joined
Nov 2, 2002
Messages
22,468
I'm afraid you seem to have more than that particular virus. Very similar indications are in that hijack this log as I just had to work on a customer today.

It required Spybot, Microsoft's Anti-Spam, Ewido, Ad-Aware, Spyware Sweeper, Hijack This (which never got rid or even noticed the last 40 or so), Kazaabegone and Pest Patrol. This last one turned out to catch the most, even after the others showed the computer as being clean.
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Let's focus on one thing at a time. I really don't want to overload them by having them download tons of programs.
 
Joined
Nov 2, 2002
Messages
22,468
The unfortunate reality is that seldom can just one or two get rid of all the spyware that would be on a computer. At least I have seldom run into such a simple solution.

But might was well start with one removal program until it doesn't pick up any more and then start adding all the rest. I was really surprised today when Ewido said the system was clean could have left it at that. Then Pest Patrol caught so many more.
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,263
I'm going to sit on the sidelines until you two get jdaries's log fixed, then I'll jump back in and get that startup list trimmed down of its unnecessary running programs.;)

-------------------------------------------------------------------------------------
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top