GIDForums  

Go Back   GIDForums > Computer Forums > Computer Software Forum - Windows
Reload this Page Spyware has affected my PC. PLEASE HELP.
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread Rate Thread
  #1  
Old 25-Sep-2004, 16:46
infamousfern infamousfern is offline
Awaiting Email Confirmation
  
Join Date: Jul 2004
Location: Miami
Posts: 2
infamousfern is on a distinguished road
Exclamation

Spyware has affected my PC.

Recently every time i boot up my PC i get a message saying "this system just recovered from a severe error", i always click ignore. Windows Media Player always shows up as well for no reason. every time i open IE my homepage has changed to a porn site and i get a porn tool bar as well. lol. i then run Adware6 and SpyBot Search & Destroy. it helps but i still can't get an MSN or Goolgle toolbar to work on my PC. every time i download one it doesn't show up. i understand that the can be selected from the "view" --> "toolbars" menu but it doesn't show up there either. the homepage changing is a very common problem and im forced to use system restore a lot. The toolbar not showing up is causing a big problem because i usually use one of the two to block ad's but since disappeared and i can't see them any more im screwed. i just downloaded hijack but need help on deleting harmful stuff on my computer, i really don't know how to use it. PLEASSE if anyone could help, i would really appreciate it. thanks. here's my log:

Code:
Logfile of HijackThis v1.97.7
Scan saved at 5:41:49 PM, on 9/25/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\xmorfzbi.exe
C:\WINDOWS\System32\svchosts.exe
C:\WINDOWS\System32\svchostc.exe
C:\windows\180ax.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gilma\Local Settings\Temporary Internet Files\Content.IE5\UNYJMXUJ\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = channels.aimtoday.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F1 - win.ini: run=C:\WINDOWS\System32\services\wmplayer.exe
O1 - Hosts: 213.159.117.235 auto.search.msn.com
O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - C:\ELITEB~1.DLL
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [EasyMessage] C:\Program Files\Easy Message\em2.exe
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\av.exe
O4 - HKLM\..\Run: [xitami] C:\Xitami\xiwin32.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\System32\services\wmplayer.exe
O4 - HKLM\..\Run: [SysA] C:\windows\system32\winuhk32.exe
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winvaj32.exe
O4 - HKLM\..\Run: [llcewnf] C:\WINDOWS\xmorfzbi.exe
O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [ulopyx] C:\WINDOWS\ulopyx.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\System32\services\wmplayer.exe
O4 - HKCU\..\Run: [Upaa] C:\Documents and Settings\Gilma\Application Data\rnoe.exe
O4 - HKCU\..\Run: [Zpqbyyra] C:\WINDOWS\System32\riyibul.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - download.yahoo.com
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - download.microsoft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - v5.windowsupdate.microsoft.com
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - www.mt-download.com
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - v4.windowsupdate.microsoft.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - download.macromedia.com
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - cabs.media-motor.net
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - chat.msn.com
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)
  #2  
Old 25-Sep-2004, 17:44
crystalattice's Avatar
crystalattice crystalattice is offline
Aspiring author
  
Join Date: Apr 2004
Location: Japan (again)
Posts: 1,628
crystalattice is just really nicecrystalattice is just really nicecrystalattice is just really nicecrystalattice is just really nicecrystalattice is just really nice
About the only thing I can offer is how to keep it from happening. For the problems you already have, the only thing to really do is run all the anti-malware programs you can (Adware, Spybot, etc.). If that doesn't work, then there's always format and reinstall. I can't offer much advice about how to fix the problem because I've never been compromised (yet :-)).

If you don't have a reason to use IE all the time, then I recommend trying a different browser, like Firefox or Opera. Because these browsers aren't tied into the OS, they are less likely to be affected w/ problems.

If you don't have one now, get a firewall. I recommend ZoneAlarm from Zonelabs; it's free for personal use, but the paid version may help you out w/ additional spyware features.

Go to PCWorld, PC Magazine, or another computer user-type site. They will have many articles about spyware/spam and may have specific help on how to get rid of it w/o reformatting your drive.

Wish I could help you more. Just make sure that you lock down your system after you get it cleaned out.
__________________
Start Programming with Python-A beginner's guide to programming and the Python language.
-------------
Common Sense v2.0-Striving to make the world a little bit smarter.
  #3  
Old 26-Sep-2004, 18:54
Garth Farley Garth Farley is offline
Awaiting Email Confirmation
  
Join Date: May 2002
Location: Ireland
Posts: 638
Garth Farley is a jewel in the roughGarth Farley is a jewel in the roughGarth Farley is a jewel in the rough
Sweet jebus! You've got a few things wrong there! It's really hard to diagnose all of these & offer you removal advise for all of these, but I'll try.

Right then, this is one I see as immediately suspicious:
C:\windows\180ax.exe
You'll have to restart into Safe Mode, set explorer to show all Hidden & System Files, then remove the following from C:\WINDOWS: cfeerzx.exe, yfus.exe, 180ax.exe and qlajgl.exe if they're all there.

Go into the registry & do a search for each of the above files & delete the key associated with each one.

Also navigate here:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
and make sure they've gone from here.

Now go to here:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
and change any dodgy URL to something like www.gidforums.com

Now reboot & use HijackThis to fix anything else unusual (being careful). Do an update of AdAware & do a full scan of all drives for everything. Don't open IE if you can help it!

Hopefully this will get rid of the worst. I point you towards www.neuber.com for a handy list of processes that should & shouldn't be running on your system, good for diagnostics!

Good luck!
GF
  #4  
Old 27-Sep-2004, 23:04
JUNK KED JUNK KED is offline
Awaiting Email Confirmation
  
Join Date: Oct 2003
Location: uk&ireland
Posts: 85
JUNK KED will become famous soon enough

Try this free checkup

Hi I use this free check from

www.pandasoftware.com

Look for the free ACTIVE SCAN on the left menu.

The first time you use it , it takes a long time to start because it downloads a plugin to your browser.

The next time you use it, it will only download new fixes.

Once it starts , you can turn off your connection but if you want a report at the end you will have to log on again.

The first time I used this it found spyware and a trojan that SPYBOT had missed.

junk ked
 
 
« Previous Thread | Next Thread »

Recent GIDBlogToyota - 2009 May Promotion by Nihal

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Which adware / spyware program do you use? jrobbio Computer Software Forum - Windows 1 17-Mar-2003 14:49

Network Sites: GIDNetwork · GIDWebHosts · GIDSearch · Learning Journal by J de Silva, The

All times are GMT -6. The time now is 08:27.

Contact Us - GIDForums™ - Archive - Top

vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.