SpyQuake Help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

titanania

Thread Starter
Joined
Feb 10, 2005
Messages
1,398
Hey Tech Guys,

I am running an HP Pavilion (finally) (see http://forums.techguy.org/windows-nt-2000-xp/479309-xp-bootup-screwup-7.html) and as soon as thething started up SpyQuake took over. I've uninstalled and deleted the programs and its buddies to no avail. Shutting down the Windows Messenger didn't even stop it. I'm tearing my hair out at this point.

Logfile of HijackThis v1.99.1
Scan saved at 7:40:31 PM, on 7/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\atmclk.exe
C:\Documents and Settings\Ann\My Documents\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\System32\hp100.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ibfgx] C:\PROGRA~1\COMMON~1\ECURIT~1\IXPLOR~1.EXE
O20 - AppInit_DLLs: fast.dll
O20 - Winlogon Notify: ddcbxxv - C:\WINDOWS\SYSTEM32\ddcbxxv.dll
O20 - Winlogon Notify: wintzs32 - C:\WINDOWS\SYSTEM32\wintzs32.dll
O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - C:\WINDOWS\System32\zlara.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Thanks in advance!
 
Joined
Jan 17, 2003
Messages
10,254
Holy smokes . . no Service packs? ? ? . . no antivirus . . you are a glutton for punishment!
 
Joined
Apr 2, 2002
Messages
3,491
All the anti-spyware in the world wont save an unpatched OS, ultimately.

Start by installing Service Pack 1.
 

titanania

Thread Starter
Joined
Feb 10, 2005
Messages
1,398
Ok, I just installed XP yesterday I mean comm on

The Internet is too laggy and inetrnittent for me to DL anything.

Don't get onto just for not getting support. This stupid program didn't give me any time....read before jumping to conclusions.....

Does this site look like a legit fix to any1?
http://www.spywareremove.com/removeSpyQuake.html
 
Joined
Jan 17, 2003
Messages
10,254
Ewido is not an antivirus . . it's a antispyware . . You can download SP2 here to burn to a cd and install once you get the bug killed . . then load an antivirus and turn on the SP2 firewall before going onine

I'm not very good with chasing bugs , , someone will be along who is . .
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Hello :)

You should get AVG first: http://free.grisoft.com/doc/1
You do need an active AV program.
__________________________________________________________________________


Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

titanania

Thread Starter
Joined
Feb 10, 2005
Messages
1,398
Yay Cheeseball is here to save the day.... I'm beginning to folo ur instructions now
 

titanania

Thread Starter
Joined
Feb 10, 2005
Messages
1,398
Heres the report this looks bad

SmitFraudFix v2.69

Scan done at 20:24:29.67, Mon 07/10/2006
Run from C:\Documents and Settings\Ann\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld???.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\zlara.dll FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ann\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Ann\FAVORI~1

C:\DOCUME~1\Ann\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"furnariidae"="{89e4aaba-3b21-49b3-b922-8ca35193c68e}"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.
 
O

ODIN 0ERO

Ewido is not an antivirus . . it's a antispyware . . You can download SP2 here to burn to a cd and install once you get the bug killed . . then load an antivirus and turn on the SP2 firewall before going onine

I'm not very good with chasing bugs , , someone will be along who is . .


actualy EWIDO is an ANTI SPYWARE AND ANTI TROJAN REMOVER...
 

titanania

Thread Starter
Joined
Feb 10, 2005
Messages
1,398
Well, I've run the fix and the copmp. is now running smoothly. I have actually logged in from this comp instead of using a flash drive to transfer the text files this time so let me know if I have a keylogger still and need to reset my password.

Heres the log results:
SmitFraudFix v2.69

Scan done at 16:55:53.55, Tue 07/11/2006
Run from C:\Documents and Settings\Ann\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"furnariidae"="{89e4aaba-3b21-49b3-b922-8ca35193c68e}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\System32\zlara.dll -> Missing File


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp???.tmp Deleted
C:\WINDOWS\system32\ld???.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\Ann\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
 
Joined
Jan 17, 2003
Messages
10,254
Once you are clean, be sure to upgrade to SP2 and install an antivirus so this does not continue to happen to you
 
O

ODIN 0ERO

install one of the two best antimalware[anti virus,anti trojan,anti spyware,anti worm] programs....


AVAST OR NOD32...


they are the two best antimalware tools..
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top