Battle w/ Adware/Spyware/Malware/Hijack/Virus

New Member
💻 Oldtimer
Joined
Sep 8, 2002
Messages
2,278
Best answers
0
Location
Earth
Alright, I always scan for adware/spyware and virus more then 5 times a week using Ad-Aware SE Personal v1.05, Spybot: Search & Destroy v1.3, & Norton Antivirus 2004 Professional which I keep updated EVERY time I run the programs.

A few days ago I came home from school and decided to check on my downloads. I turned my monitor on to find about 20 IE windows open and various "psuedo-alert" messages. I proceeded to close them all, however in haste I accidently clicked "No" to a "trick" message (One in which pressing YES means you dont want it and NO meaning you do) so something ended up getting installed on my comp, but I figured "No sweat".

After closing all the windows and message pop-ups I ran Ad-Aware and Spybot. Not surprisingly they detected a lot of crap and removed it...or so I thought. After rebooting my comp everything seemed normal, but after a few minutes a internet window popped up advertising registry cleaner. Anoyed, I ran Ad-Aware and Spybot again and they found a few things again, but not as many. I removed the crap and rebooted again...same thing happend.

Next, I ran Norton Antivirus 2004 Pro. It detected some viruses but couldn't delete 3/5 of them. So I rebooted in SAFE MODE and did it manually. However the problem was not eliminated. So I began to search the web for an answer. I found out about and downloaded AboutBuster, CWShredder, and Hijack This but none of them detected anything.

Also, I went into regedit and did a pretty thorough search for adware and spyware type entries and deleted all that I found but the problem still exists. I've also been through msconfig several times.

Now I'm very frustrated. The only thing I've managed to do is increase the time in which the pop-ups occur. Also, not long after rebooting, my CPU usage will shoot up to 100% >_<.

Here Is My LOGFILE From HIJACK THIS
Logfile of HijackThis v1.98.2
Scan saved at 4:49:30 PM, on 9/29/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
No matter how many times I end the "iexplore.exe" tasks, they slowly return | They seem to be the cause of the 100% CPU usage.
C:\Documents and Settings\Sean Kiles\Desktop\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093147655015
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
 
brainfeeder
💻 Oldtimer
Joined
May 29, 2002
Messages
5,179
Best answers
0
Location
Florida
Do you use AIM?

That program breeds this kind of stuff. :S
 
New Member
💻 Oldtimer
Joined
May 15, 2002
Messages
2,675
Best answers
0
u might have a peper trojan.. look it up on google, i had the peper trojan, very similiar.. i had to manually remove it through the registry and delete files.. my ad-aware, spybot, and norton didnt take care of the problem because everytime you end the file, the peper trojan will jus remake itself
 
New Member
💻 Oldtimer
Joined
Mar 6, 2003
Messages
3,999
Best answers
0
Location
New York
try looking in your program files for any folders that you dont recognize.
same thing with the "add/remove programs" list in the control panel.
i had a similar problem and had to get rid of a few folders in there from safe mode because the spyware stuff didnt get rid of them.
 
New Member
💻 Oldtimer
Joined
Sep 8, 2002
Messages
2,278
Best answers
0
Location
Earth
Pain said:
try looking in your program files for any folders that you dont recognize.
same thing with the "add/remove programs" list in the control panel.
i had a similar problem and had to get rid of a few folders in there from safe mode because the spyware stuff didnt get rid of them.

Did that already, just forgot to say it in my post.

 
brainfeeder
💻 Oldtimer
Joined
May 29, 2002
Messages
5,179
Best answers
0
Location
Florida
You know when you press CTRL+ATL+DELETE?

If you'd be so kind to show give us a screenshot of your running program list. We could probably get to the bottom of it, real quick.
 
New Member
💻 Oldtimer
Joined
Sep 8, 2002
Messages
2,278
Best answers
0
Location
Earth
Hwoarang said:
You know when you press CTRL+ATL+DELETE?

If you'd be so kind to show give us a screenshot of your running program list. We could probably get to the bottom of it, real quick.
Yeah, I know, TASK MANAGER. >_>

Just look @ the log I posted in my first post.

Anyways, I found removal instructions for the Peper Trojan so I will go try that in a few minutes.
 
brainfeeder
💻 Oldtimer
Joined
May 29, 2002
Messages
5,179
Best answers
0
Location
Florida
I see that, but an actual screenshot of it, would be appreciative.
 
New Member
💻 Oldtimer
Joined
Sep 8, 2002
Messages
2,278
Best answers
0
Location
Earth
Alright, here it is (after ending about 15 "iexplore.exe" process >_>)

 
New Member
💻 Oldtimer
Joined
Sep 8, 2002
Messages
2,278
Best answers
0
Location
Earth
No way will I format, I would lose so many things. To try and back it all up would use up a great deal of DVD discs. There has to be a fix.

Also, no way in hell I'd EVER use Mozilla or Firefox
 
Moving with Sonic Speed
Retired Forum Staff
✔️ HL Verified
💻 Oldtimer
Joined
Jan 9, 2003
Messages
4,534
Best answers
0
You should really use firefox, at least until it becomes as screwed up as IE is. You'll be safer from everything, and you can always open up IE when you need to view a non-firefox friendly page. I had a similar trojan once and I'm trying to remember what it was. Adaware located some of its files (you'd notice a couple of files with the same wierd trojan filename) but there was one that it couldn't locate and I had to remove manually. Ended my multiple explorer.exe problems.
 
New Member
Joined
May 30, 2003
Messages
842
Best answers
0
I had this problem once before as well, except I was using a 98 system. It wasn't mine either, so I never got a chance to track it down and fix it.
 
New Member
Joined
Feb 21, 2003
Messages
654
Best answers
0
I just had a recent problem, what i ended up doing was using a virus scan program that is straight from the web, http://housecall.trendmicro.com/housecall/start_corp.asp
it will bring up what virus you have and then it has a virus dictionary that will go through step by step what you have to do in the registry to clean it out. I also had some odd program running in my tasks that I didn't recognize, ended up I just had to delete it, it was causing an ass ton of popups for me, so maybe check out any processes you don't recognize.
 
Lost in space
Banned
💻 Oldtimer
Joined
Sep 20, 2003
Messages
3,211
Best answers
0
yeah www.trendmicro.com is good. locates things Norton Antivirus can't funny my friend in this ban just recently told me about it.

There, I edited the typo out so it is the good site not teh bad naughty one.
~Deman
 
New Member
Joined
Feb 21, 2003
Messages
654
Best answers
0
pop up ads? If you get pop up ads from that you need to run spyware, I even acessed it with IE and got no popups...

Edit NM you meant his link not mine
 
Super Moderator
💻 Oldtimer
Joined
Dec 1, 2001
Messages
3,125
Best answers
0
Fire Phoenix said:
yeah www.trendmirco.com is good. locates things Norton Antivirus can't funny my friend in this ban just recently told me about it.
"This domain is registered at DotRegistrar.com by a customer and parked temporarily. To contact the owner of the domain "trendmirco.com", please email: [email protected]."

I see?
 

Users who are viewing this thread

Top Bottom