Solved: cannot remove SPYWARESTRIKE....help :)

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

desperado206

Thread Starter
Joined
Dec 4, 2005
Messages
21
hello, im back again. some1 helped me out with a problem before, and thanx again, this is a GREAT site to get help. so my brother has this problem with his WIN XP PRO. spywarestrike somehow got installed on his system. i have tried bout a dozen spyware programs with no luck! i went as far as uninstalling spywarestrike, then boot into safemode, remove installation files, and locate a few registry entries. and it still installs itself after rebooting. ARRRRRG!! help and somehow its triggering windows, cause at bottom right corner of screen, the windows update globe blinks on and off with a RED X on it?? and it says ""SYSTEM INTRUSION DETECTED: infection was detected, your system will now download and install the most efficient antimalware program to prevent data loss, click here to protect your computer against the biggest malware threats"" when i click the bubble message (which will NOT go away!!!!) , IE comes up and opens SPYWARESTRIKER homepage to buy thier product. what do i do first...........thanx
 
Joined
Jul 26, 2002
Messages
46,353
Please do this:

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

desperado206

Thread Starter
Joined
Dec 4, 2005
Messages
21
Logfile of HijackThis v1.99.1
Scan saved at 6:13:11 PM, on 1/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
C:\program files\steam\steam.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: HomepageBHO - {27150f81-0877-42e9-af13-55e5a3439a26} - blank (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135718525255
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135721716248
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
 
Joined
Jul 26, 2002
Messages
46,353
* Click here to download smitRem.exe.
  • Save the file to your desktop.
  • It is a self extracting file.
  • Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
  • Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.
  • If the link to SmitRem above is not working try this one.

* Click here to download fix.zip. Download it and save it to your desktop. Unzip it to extract the fix.reg file it contains and have it ready to run later in safe mode.


* Click Here and download Killbox and save it to your desktop.


* Download the trial version of Ewido Security Suite here.
  • Install ewido.
  • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido
  • It will prompt you to update click the OK button and it will go to the main screen
  • On the left side of the main screen click update
  • Click on Start and let it update.
  • DO NOT run a scan yet. You will do that later in safe mode.
* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Open the C:\Program Files\SpywareStrike folder and doubleclick on the uninst.exe file to run the uninstallations. Let it complete then proceed with the rest of these instructions while still in safe mode.


* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.


* Doubleclick on the fix.reg file to add it to the registry. Answer Yes to confirm the merge.


* Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste the following line:

    c:\windows\system32\netwrap.dll


  • Click on the button that has the red circle with the X in the middle .
  • It will ask for confimation to delete the file.
  • Click Yes.
  • Killbox may tell you that the file does not exist.
  • If that happens, just continue on with the rest of these instructions.
  • Next in Killbox go to Tools > Delete Temp Files
  • In the window that pops up, put a check by ALL the options there except these three:
    • XP Prefetch
    • Recent
    • History
  • Now click the Delete Selected Temp Files button.
  • Exit the Killbox.
* Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.


* Restart back into Windows normally now.


* Go to Windows update and install all "High Priority Updates".


* Run ActiveScan online virus scan here

When the scan is finished, save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan
 

desperado206

Thread Starter
Joined
Dec 4, 2005
Messages
21
ok heres the activescan and hijackthis results, PS:the blinking windows update seems to be gone but that frikin nasty SPYWARESTRIKER is still installedagain!

Incident Status Location

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem.exe[Process.exe]
Spyware:Spyware/Smitfraud Not disinfected C:\Documents and Settings\blair wawryk\Local Settings\Temp\SSLanguage.ini

________________________________

Logfile of HijackThis v1.99.1
Scan saved at 6:13:11 PM, on 1/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
C:\program files\steam\steam.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: HomepageBHO - {27150f81-0877-42e9-af13-55e5a3439a26} - blank (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135718525255
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135721716248
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
 
Joined
Jul 26, 2002
Messages
46,353
* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O2 - BHO: HomepageBHO - {27150f81-0877-42e9-af13-55e5a3439a26} - blank (file missing)

O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h



* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    C:\Program Files\SpywareStrike

    c:\windows\system32\netwrap.dll



  • Click on the button that has the red circle with the X in the middle after you enter each file.
  • It will ask for confimation to delete the file.
  • Click Yes.
  • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
  • Killbox may tell you that one or more files do not exist.
  • If that happens, just continue on with all the files. Be sure you don't miss any.
  • Next in Killbox go to Tools > Delete Temp Files
  • In the window that pops up, put a check by ALL the options there except these three:
    • XP Prefetch
    • Recent
    • History
  • Now click the Delete Selected Temp Files button.
  • Exit the Killbox.


* Restart back into Windows normally now.



* Run Kaspersky online virus scan here.

When given the option, choose the "Extended database" for the scan.

When the scan is finished, Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan
 

desperado206

Thread Starter
Joined
Dec 4, 2005
Messages
21
k, for killbox it didnt find C:\Program Files\SpywareStrike & c:\windows\system32\netwrap.dll
___________________________________
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, January 06, 2006 22:20:18
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 7/01/2006
Kaspersky Anti-Virus database records: 169576
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 23028
Number of viruses found: 9
Number of infected objects: 44
Number of suspicious objects: 0
Duration of the scan process: 1438 sec

Infected Object Name - Virus Name
C:\!KillBox\netwrap.dll Infected: not-virus:Hoax.Win32.Renos.am
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP28\A0004778.dll Infected: not-virus:Hoax.Win32.Renos.ak
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP28\A0004782.tlb Infected: Trojan-Downloader.Win32.Zlob.dx
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP28\A0004843.exe Infected: Trojan-Downloader.Win32.Zlob.du
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP28\A0004844.exe Infected: Trojan-Downloader.Win32.Zlob.dx
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP28\A0004845.exe Infected: Trojan-Downloader.Win32.Zlob.dv
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP29\A0005029.tlb Infected: Trojan-Downloader.Win32.Zlob.dx
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP30\A0005041.tlb Infected: Trojan-Downloader.Win32.Zlob.dx
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP30\A0005046.exe Infected: Trojan-Downloader.Win32.Zlob.dw
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP30\A0005059.dll Infected: not-virus:Hoax.Win32.Renos.ak
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP30\A0005116.exe Infected: Trojan-Downloader.Win32.Zlob.dx
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP30\A0005118.exe Infected: Trojan-Downloader.Win32.Zlob.dy
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP30\A0005125.tlb Infected: Trojan-Downloader.Win32.Zlob.dx
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP30\A0005140.exe Infected: Trojan-Downloader.Win32.Zlob.du
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP30\A0005148.tlb Infected: Trojan-Downloader.Win32.Zlob.dx
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP30\A0005161.tlb Infected: Trojan-Downloader.Win32.Zlob.dx
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP30\A0005165.exe Infected: Trojan-Downloader.Win32.Zlob.dx
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP30\A0005166.exe Infected: Trojan-Downloader.Win32.Zlob.dw
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP30\A0005188.tlb Infected: Trojan-Downloader.Win32.Zlob.dz
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP31\A0005210.tlb Infected: Trojan-Downloader.Win32.Zlob.dz
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP31\A0005222.dll Infected: not-virus:Hoax.Win32.Renos.ak
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP31\A0005279.exe Infected: Trojan-Downloader.Win32.Zlob.ea
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP31\A0005280.exe Infected: Trojan-Downloader.Win32.Zlob.dz
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP31\A0005283.exe Infected: Trojan-Downloader.Win32.Zlob.dw
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP31\A0005285.exe Infected: Trojan-Downloader.Win32.Zlob.dy
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP31\A0005286.exe Infected: Trojan-Downloader.Win32.Zlob.du
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP31\A0005288.exe Infected: Trojan-Downloader.Win32.Zlob.dw
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP31\A0005289.exe Infected: Trojan-Downloader.Win32.Zlob.dx
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP31\A0005291.exe Infected: Trojan-Downloader.Win32.Zlob.dv
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP31\A0005292.exe Infected: Trojan-Downloader.Win32.Zlob.du
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP31\A0005293.exe Infected: Trojan-Downloader.Win32.Zlob.dx
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP31\A0005295.exe Infected: Trojan-Downloader.Win32.Zlob.dv
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP33\A0005455.tlb Infected: Trojan-Downloader.Win32.Zlob.dz
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP33\A0005456.dll Infected: not-virus:Hoax.Win32.Renos.am
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP33\A0005457.exe Infected: Trojan-Downloader.Win32.Zlob.dz
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP33\A0005544.exe Infected: Trojan-Downloader.Win32.Zlob.dx
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP33\A0005545.exe Infected: Trojan-Downloader.Win32.Zlob.dx
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP33\A0005548.exe Infected: Trojan-Downloader.Win32.Zlob.dx
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP33\A0005611.exe Infected: Trojan-Downloader.Win32.Zlob.dz
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP33\A0005612.tlb Infected: Trojan-Downloader.Win32.Zlob.dz
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP34\A0005856.exe Infected: Trojan-Downloader.Win32.Zlob.ea
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP34\A0005858.exe Infected: Trojan-Downloader.Win32.Zlob.dy
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP34\A0008172.dll Infected: not-virus:Hoax.Win32.Renos.am
C:\System Volume Information\_restore{131685E2-D111-4A86-9652-957BE47EDD8E}\RP34\A0008179.exe Infected: Trojan-Downloader.Win32.Zlob.dx

Scan process completed.
__________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 10:21:27 PM, on 1/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
C:\program files\steam\steam.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135718525255
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135721716248
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
_________________________________
 
Joined
Jan 7, 2006
Messages
1
I just thought I'd post up a quick thank you as this helped me get rid of the same annoying problem. When spyware strike was installed, it would also prevent search engines from finding any info out about it. It took me a while of surfing boards to find this topic.


It's gone and I give my thanks for the many times these forums have helped my self learning butt.
 

desperado206

Thread Starter
Joined
Dec 4, 2005
Messages
21
so far this has gotten rid of the blinking windows update message, but the spywarestrike program is still there.
 

desperado206

Thread Starter
Joined
Dec 4, 2005
Messages
21
its as if its installed as a regular program, in c:\program files\spywarestrike the usual shortcut on the desktop. tried once to uninstall it, but upon rebooting, it was back again!
 

desperado206

Thread Starter
Joined
Dec 4, 2005
Messages
21
also as u see that that kaspersky virus scan showed like 9 viruses??? whats with that. i just put on that new panda virus prog and didnt find anything??
 
Joined
Jul 26, 2002
Messages
46,353
The one file it found that you can actually delete is in the c:\!killbox folder and all it is is a backup created by Killbox. You can delete the c:\!killbox folder now.

The rest are in System Restore. We will clear those by turning off System Restore when I'm sure everything else is clean.

If it is nothing more than a shortcut on your desktop, just delete it. Simple as that. You said Killbox told you that the C:\Program Files\SpwareStrike doesn't exist so I assume, since everything else comes up clean, that all you need to do is delete the shortcut from your desktop.
 

desperado206

Thread Starter
Joined
Dec 4, 2005
Messages
21
i apologize, after all that, it was only the shortcut that was there. i went to uninstall spywarestrike, and it couldnt finthe the uninstaller link. i just deleted the spywarestrike shortcut, restarted and its gone. directory is gone and everything. everything seems good and normal again. thanks a million flrman1, i will look to donate some $$ soon, for what u guys do. hats off to your time and effort for helping thaousands of puter problems! thanks and take care
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top