02-20-2005, 03:24 AM | #1 (permalink) |
Crazy
Location: Lookin for that above
|
spyware HELP please!!
oh Gurus please help me if you can..
Anyone know how to get rid of Virtual bouncer and Addestroyer? Don't know where i got them but they wont erase with ad-aware, spybot or trojan remover. I keep getting these annoying holiday and gambling ads all the time.. They pop-up over any prog. I also have norton but none of the progs above have removed the problem. It always installs and runs these popups even if the registry doesn't seem to load any weird stuff and "add/remove programs" looks ok... I have XP. I have a hijackthis-program, but can anyone of you guys interpret that and then maybe know what's up... thanks! |
02-20-2005, 03:30 AM | #2 (permalink) |
Go Cardinals
Location: St. Louis/Cincinnati
|
Try running the Ad-Aware or Spybot in Safe Mode.
Hi-Jack this will fix it though. Take out anything that looks suspicious (has the VirtualBouncer in the file name, or ads, or something similar) or any BHO's that have no name or file. Some of them are tricky, one of the spyware I saw on a kid's computer was "Quicktimee.exe" which normally you would passover but with the extra "e" you know it is fake and most likely a virus/spyware. I have seen Windows.exe before and other such.
__________________
Brian Griffin: Ah, if my memory serves me, this is the physics department. Chris Griffin: That would explain all the gravity. |
02-20-2005, 12:49 PM | #4 (permalink) |
Psycho
Location: Rotterdam
|
I use a programm called Hitman Pro, this is a combination of several ad-removers. Maybe this program can help to solve your problem.
http://www.hitmanpro.nl/ It's in dutch but quite straight forward. Goodluck
__________________
Thumbs up |
02-21-2005, 12:43 PM | #6 (permalink) | |
Crazy
Location: Lookin for that above
|
Quote:
ie programs.. would be nice to be able to just BLOCK those couple adresses where they come from, but that's not possible with explorer, right? |
|
02-21-2005, 12:54 PM | #7 (permalink) |
Registered User
|
ok..download spysweeper.. it's the best prog I've seen and I use it myself www.webroot.com/downloads.. load it.. get the updates and then go to safe mode and run it.. your computer will thank you
|
02-21-2005, 06:52 PM | #10 (permalink) |
Registered User
Location: Deep South Texas
|
maybe--just maybe, it is in one of your system files, and XP protects them with the restore faciclity...
turn off your restore... run every spy checker you have.. then turn restore back on and reboot.. a little prayer right here, helps.. |
02-21-2005, 07:11 PM | #11 (permalink) |
Not so great lurker
Location: NY
|
I believe that using the immunize feature from spybot should help you in the future in blocking the "known" sites from installing spyware.
As for the windows messenger service most people do NOT need to use this (some exceptions apply), and I think that running just about any firewall will block those popups. |
02-22-2005, 04:08 AM | #12 (permalink) | |
Crazy
Location: Lookin for that above
|
Nothing still works.... Safe modes and running all updated Ad-awares and spybots and trojan removers.
It really sucks.. Quote:
(could it be those HOST files "- O1 - Hosts: 69.20.16.183 ieautosearch"?) Can anyone see something weird? Logfile of HijackThis v1.99.0 Scan saved at 14:04:56, on 22.2.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\system32\LVComS.exe C:\WINDOWS\autoupdt.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\peter\Desktop\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 search.netscape.com O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 auto.search.msn.com O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: autoupdt - Unknown - C:\WINDOWS\autoupdt.exe O23 - Service: BrSplService - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Last edited by Raleighbum; 02-22-2005 at 11:17 PM.. |
|
02-22-2005, 05:51 AM | #13 (permalink) |
Upright
|
Use hijack this to pull these keys
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 search.netscape.com O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 auto.search.msn.com O23 - Service: autoupdt - Unknown - C:\WINDOWS\autoupdt.exe Download WinsocketFix to repair the lsp hijack the userinit one is the nasty bugger, if you can't get rid of that it will just reload EVERY time you log on |
02-22-2005, 06:32 AM | #14 (permalink) | |
Registered User
|
Quote:
you're kidding right?? You can run adaware and spybot 100 times with all the latest updates and go behind it with spysweeper and find stuff they left behind. IMO (no disrespect either) spybot is a piece of shit. I haven't had a chance to use microshits..err microsofts new anti-spyware stuff so I don't know what to think of it.. |
|
02-22-2005, 05:15 PM | #15 (permalink) |
Upright
|
I guess my only problem with spysweeper is that it has ALOT of false positives. Which would explain why you can always find extra stuff with it. Not saying it doesn't remove some things that the other two won't, every program out there currently misses something that another one will find.
|
02-22-2005, 05:50 PM | #16 (permalink) |
Insane
|
Talking about lots of false positives, try using PestPatrol. If you don't set it up right, it will remove a lot of your software. Even after you do set it up, you still get a bunch of false positives. I tried it once and decided not to use that evil thing again.
|
02-26-2005, 10:37 AM | #17 (permalink) | |
Insane
Location: bangor pa
|
microsoftantispyware beta search it on microsoft.com free download
__________________
Quote:
|
|
03-01-2005, 03:50 AM | #18 (permalink) | |
Crazy
Location: Lookin for that above
|
Quote:
WinsocketFix.. where can i get that? |
|
03-01-2005, 07:37 AM | #19 (permalink) |
Insane
|
LSPFix is available here. Not for the faint of heart:
http://www.cexx.org/lspfix.htm WinsockFix is available here: http://www.majorgeeks.com/download4372.html Post a screenshot or the information you find out of any of these programs, and we may be able to help you further.
__________________
"You looked at me as if I was eating runny eggs in slow motion." - Gord Downie of The Tragically Hip |
03-03-2005, 01:56 PM | #20 (permalink) | |
Crazy
Location: Lookin for that above
|
Quote:
the connection has become very unstable.. crashing all the time, every 10-15 mins... modem and provider work ok, checked that so - It could have to do with the "hosts" that keep opening those browser pages.. ads.. spotresults.com etc.. grr... But trying that now thanks a lot. Last edited by Raleighbum; 03-03-2005 at 01:59 PM.. |
|
03-07-2005, 01:42 PM | #23 (permalink) | |
Insane
|
Quote:
I had taken a look at a computer once that had one of these on it. It loaded itself into the HKEY_CLASSES_ROOT\something or other\exefile\open registry key to make sure that it got itself installed everytime a program was run. Make sure that you run most of these utilities (I'm not sure about LSPFix or Winsockfix) in safe mode. Before that, AVG or Norton etc because they scan registry keys too.
__________________
"You looked at me as if I was eating runny eggs in slow motion." - Gord Downie of The Tragically Hip |
|
03-19-2005, 01:37 AM | #24 (permalink) |
Crazy
Location: Lookin for that above
|
Thanks all ppl, but It was so damn bad that nothing worked and I decided to Format C:...
That really works! And changed to Mozilla. but now I only have to figure out a way to get my backups from my other HD that is formatted with a XP professional to use with this new XP Home version... Grrrr. That is the stupidest thing I've seen that Microsoft has put this block there that the HD's formatted with a different version are not compatible.. |
Tags |
spyware |
|
|