Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer

Spyware Help!


vman

Recommended Posts

If your infected with malware, and need help cleaning it, proceed with the following steps:

 

Hijack this:

http://dw.com.com/redir?edId=3&siteId=4&oId=3000-8022_4-10227353&ontId=8022_4&spi=e3cba69fdc32b4649a3d11b576fb9945&lop=link&tag=tdw_dltext&ltype=dl_dlnow&pid=10781312&mfgId=6283336&merId=6283336&pguid=8dN3XgoPjAIAADksgz0AAAAL&destUrl=http%3A%2F%2Fwww.download.com%2F3001-8022_4-10227353.html%3Fspi%3De3cba69fdc32b4649a3d11b576fb9945

 

 

Upon installation, scan and save log file, and post it up on this forum.

 

Wait for further instructions.

 

 

 

 

 

 

 

*By accepting help form the users on this forum, you accept full responsibility for damages*

Link to comment
Share on other sites

  • Replies 57
  • Created
  • Last Reply

Hi garybear,

If you can't get the Hijack this to work you can post the log by running a Security analyzer scan in ASC, if it comes up with "suggestions" you can click on "suggestions", then click "save report" (text file) and save it to your documents. When you reply to the thread on the forum, scroll down to "Additional Options", under "attach files" click "manage attachments", then under "upload file from your computer" click "browse", locate the "Hijack this" text file, then click "upload".

Hope this helps.

samr.

Link to comment
Share on other sites

Malware Help

 

Sorry for being stupid, but how do I post the log on the forum? I don't think I have any problems ;except for being stupid. The only way I know to post any thing ,is with [manage attachments] It wont except this log. I saved the log to my documents,did browse, found log, did upload, and got this message[invalid file]. I need help;a brain would help, but I don't have one. SORRY FOR BEING A PROBLEM. [garybear]

Link to comment
Share on other sites

I don't get any errors or suggestions when I do scan with Security Analyzer with asc3,so guess I don't have any problems. I was trying to send log generated by Trend, but it wouldn't let me. I thought this was what was wanted from me. I'm still learning all this stuff,and I'm a little thick between the ears, but I will learn, and you can take that to the bank. I have said this before, but I'll say it again, you guys are special and I love everyone of you. This forum has gave me a new meaning in life. Thank you so very very much. for your fellow ship and caring. I will get better!!!![garybear]

Link to comment
Share on other sites

Hi garybear,

 

If the log you mention is from HijackThis, change the extention ".log" to".txt" without quotes, and upload it in your post.

In other words change hijackthis.log file to hijackthis.txt file and upload hijackthis.txt.

 

I hope this helps.

 

Cheers.

Link to comment
Share on other sites

You guys are so smart. Is there any thing you don't know?lol I wouldn't know private material if if bit me, besides that if I can't trust you guys, who can I trust. The stock market cleaned me out of my cash, and I don't have a credit card. I'm 70 years old, and if I don't learn some thing every day , then its a lost day. I probably won't retain it at my age lol, but I'll keep learning. Use it or lose it,[garybear]

hijackthis.txt

Link to comment
Share on other sites

Hey enoskype, i dont think much info is revealed through hijack this, its considered a diagnostics tool. But, yes, it should be double checked just in case.

 

As for Krissy, Remove the following.

 

BHO: QQToolbar - {29CF293A-1E7D-4069-9E11-E39698D0AF95} ]

 

BHO: (no name) - {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\PROGRA~1\TENCENT\SSPlus\SSup.dll

 

HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\SSPlus\Stup.exe

 

Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}

 

Extra button: ???¡¥WEB??¨¤¡Á - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)

 

Extra 'Tools' menuitem: ???¡¥WEB??¨¤¡Á - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)

 

Gopher Prefix

 

 

I'm assuming your from a different country, i suggest downloading and installing MalwareBytes antimalware, since i dont exactly know the stuff there.

 

Update, and perform a full scan. Repost your log file when you are done.

 

http://dw.com.com/redir?edId=3&siteId=4&oId=3000-8022_4-10804572&ontId=8022_4&spi=cbc2bf677a4261ce3e1ac968770cfc1f&lop=link&tag=tdw_dltext&ltype=dl_dlnow&pid=10984636&mfgId=6290020&merId=6290020&pguid=zWFGiAoPjAQAAE1qEhIAAAAu&destUrl=http%3A%2F%2Fwww.download.com%2F3001-8022_4-10804572.html%3Fspi%3Dcbc2bf677a4261ce3e1ac968770cfc1f

Link to comment
Share on other sites

As for garybear, yours is pretty clean, except one toolbar.

 

Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E}

 

 

Remove it, and your done.

 

 

 

 

Sorry for the late response guys, im sorta still on vacation, and the wifi here, SUCKS. Ill get back to you guys as soon as i can.

 

 

Keep it clean...

Link to comment
Share on other sites

Hey enoskype, i dont think much info is revealed through hijack this, its considered a diagnostics tool. But, yes, it should be double checked just in case.

 

As for Krissy, Remove the following.

 

BHO: QQToolbar - {29CF293A-1E7D-4069-9E11-E39698D0AF95} ]

 

BHO: (no name) - {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\PROGRA~1\TENCENT\SSPlus\SSup.dll

 

HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\SSPlus\Stup.exe

 

Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}

 

Extra button: ???¡¥WEB??¨¤¡Á - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)

 

Extra 'Tools' menuitem: ???¡¥WEB??¨¤¡Á - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)

 

Gopher Prefix

 

 

I'm assuming your from a different country, i suggest downloading and installing MalwareBytes antimalware, since i dont exactly know the stuff there.

 

Update, and perform a full scan. Repost your log file when you are done.

 

http://dw.com.com/redir?edId=3&siteId=4&oId=3000-8022_4-10804572&ontId=8022_4&spi=cbc2bf677a4261ce3e1ac968770cfc1f&lop=link&tag=tdw_dltext&ltype=dl_dlnow&pid=10984636&mfgId=6290020&merId=6290020&pguid=zWFGiAoPjAQAAE1qEhIAAAAu&destUrl=http%3A%2F%2Fwww.download.com%2F3001-8022_4-10804572.html%3Fspi%3Dcbc2bf677a4261ce3e1ac968770cfc1f

 

The first three is in fact legitimate. its listed as "spyware" because many companies use it to distribute it(chat program). without tem she might not be able to use her chat program as many in China use QQ.

Link to comment
Share on other sites

As i said before, im not well aware of the apps in china. I did a bit of research from previous logs, and came to that conclusion. If they are part of your chatting application, leave it be, but the scan with malwarebytes is definitely suggested

Link to comment
Share on other sites

Malware Thread

 

Ok I will switch. Should I use Avira? When I switch, should I uninstall AVG first, or do they work together. AVG has always been good to me, but if there is some thing better, then that's what I want. I use Windows Defender, is that ok or is there some thing better? Also, since I have a clean pc after removing that one item, should I do another scan with Trend and then put all that in ignore list. That way in the future, when I do a scan, I will know if some thing new has showed up, and it might be easier to evaluate any problems. This is just a thought; what do you think? I really appreciate your advise and will take it to the bank. THANKS [garybear]

Link to comment
Share on other sites

2 more cents

 

Hi Gary-Uninstall AVG-it was a decent app. in version 7,but has gone backwards in my opinion.It's slower and more of a drain on resources than ever before.You can keep Windows Defender as it's fairly light,but it's not the sharpest tool in the shed.If you want an extra defense tool,Spyware Blaster is pretty good(won't slow things down),and the same goes for Threat-Fire 3.5(I think that's the latest)As mentioned in Vmans thread,I use MalwareBytes,and SuperAntiSpyware as detection scanners-they have no real-time defense,so you just break them out once a week for scans-update them weekly as well because they are freeware and there's no auto updating feature.You probably don't need another scan from Trend unless you know where you caught the bug and have been back there.I never assign anything to an ignore list when it comes to infections.Run scans with the two apps. I mentioned,and you'll be almost guaranteed clean.You got my mail if you need me.

Link to comment
Share on other sites

Spyware Terminator

 

IFP-Agreed-I tried it for a couple of weeks and was not impressed.It couldn't seem to "learn" which processes were ok to let run or ignore.Also,Avira flagged it as a virus every time the Clam V Sheild was launched.Way to overbearing and "stupid" as far as I was concerned.There's better protection available out there without all the aggravation.How's the PC Tools Internet Security Suite working out?Any problems with the second PC taking the license code?And where do you go for the download for the second PC?Do you just repeat the procedure for the second one?

Link to comment
Share on other sites

please note that I'm not complaining

 

Mr. VMAN, please do not think I'm complaining about the service you are providing on this issue. I thank you for all you do for this forum. I'm just curious why Trend shows the tool bar no name, and asc gives it a name. I'm attaching asc hijack to show what I'm talking about. I cleared it out but had to do restore while messing with AVG and Avira. Was messing around with asc hijack after restore and found this log, which compares to Trend, but gave the tool bar a name. Being curious as I am, I had to ask what you thought about this. Thank you for all you do for us dummies . I know I'm a pain in the rear some times , make that all times.[garybear] A057A204-BACC-4D26-9990-79A187E-2698E

Hijack Analysis Report.txt

Link to comment
Share on other sites

Sorry to interfere, but you have got an interesting point garybear.:!:

 

To make it a bit clearer, the lines below is from hijackthis.txt of Trend Micro from garybear's PC (Jan 02 2009):

O2 -(Doesn't exist. This is my note-enoskype)

O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

 

and the lines below are from ASC 3's Hijack Analysis Report.txt from garybear's PC (Jan 04 2009):

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

 

Now the question is, why are they different?

 

Some of the other lines are completely different, as probably HijackThis and ASC 3 use different methods or assumptions, but why are the same items presented differently?

09 - Extra button: @xpsp3res.dll,-20001 is related to Microsoft's Network Diagnostics Tool. The timestamp corresponds to Windows XP Hotfix KB914440 being installed.

 

Now, my interpretation about 02-03 above is that, AVG is the competitor of Micro Trend, and Micro Trend is trying to convince the user and the analyzer that it should be cleared as a no name bar or/and it doesn't exist.

AVG is the patner of IObit, and they are seen as normal lines, so it will not be noticed by HijackThis analyzers as an item to be deleted.

 

This could be a conspiracy theory :-P, but I think it certainly needs an explanation!!! :!:

Registry residues???

 

Great catch garybear!!! :-D

 

Cheers.

Link to comment
Share on other sites

A total accident on my part

 

I was just bored, and stumbled on to the difference by accident, but thanks for great catch part. The old saying is that even a blind hog finds a acorn every now and then,lol. I'm sure every one is tired of me saying, I really enjoy this forum, but I'm going to say it again any way. This is my first forum, and I'm loving every minute of it. Some times your the windshield ,and some times your the bug. I hope that every one on the forum is always the windshield, and never the bug.lol[garybear]

Link to comment
Share on other sites

Hum...just an assumption but the difference can come from HJT being extremely outdated. Its been stuck on the current version for quite some time. ASC, on the other hand, is constantly updated...Just a thought.

Link to comment
Share on other sites

Hey guys, this time i need help. A friend dropped off her computer, a corrupt system 32 config thingie. I recovered those files, fixed them, and the computer is up and running. I had also discovered a bunch of malware so i cleaned them out. But what i dont get, is the fonts are in Arabic. I tried changing the language pack and all, but no go. Any ideas?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...