Darksma spyware removal

[kimsland]

Clear system restore points

• 
  Clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
  This will remove all restore points except the new one you just created.

 

[xxdanielxx]

Update your java then try to tun the scan again

Update your Java Runtime Environment

First try going to Start -> Control Panel -> double click Java
Select the Update Tab at the top of the Java console
Click the Check for Updates button at the bottom
If it finds the newer version (Java 6 Update 7) Follow the on screen instructions (uncheck the yahoo toolbar option)
After it installs the newest version Go back to Control Panel -> Add/remove programs (programs and features in vista)
Uninstall any older versions of Java

If for some reason you couldn't update through the above instructions.
Update your Java Runtime Environment
Click the following link
Java Runtime Environment 6 Update 7
The 5th option down is the one you want (click Download)
Check the box to agree to terms of service
Check the box for your operating system and click 'Download selected'at the bottom
After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_07 folder

 

[kimsland]

If for some reason you couldn't update through the above instructions.
Update your Java Runtime Environment
Click the following link

What link?

 

[dlee337]

I have updated my java and set my security stting to medium. I also disabled my firewall. figured that was stopping it but it wasn't. the Trend Micro still wan't load for some reason.

 

[xxdanielxx]

ok then try this one

Please go HERE to run Panda's TotalScan

• Select the bubble for Full scan
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• Then the scan will begin
• When the scan completes, click the Save button on the right of Scan details
• Save it to a convenient location. Post the contents of the TotalScan report

 

[dlee337]

The link for panda totalscan you posted says
An error occurred while processing your request.
Reference #97.a6fc8d5.1217780545.349a935

 

[Blind Dragon]

Panda Online Scan

• Please visit Panda Online Scanner
• Click on "Scan your PC".
• A new browser window will open with Panda ActiveScan.
• Click the big "Check Now" button
• Enter your Country, State/Province, e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it

Note: If this is the first time you scanned your PC, you´ll have to download the ActiveX controls (8 MB). The time it takes to download these can vary depending on your connection

• Click on "Local Disks" to start the scan
• Save the log file to your desktop

 

[dlee337]

here is the log for panda

 

[Blind Dragon]

I would run this - then daniel can help you remove any leftovers that it misses

SuperAntiSpyware Home Edition Free Version

• Please download SuperAntiSpyware from HERE
• Launch SuperAntiSpyware and click on 'Check for updates'.
• Wait for the updates to be installed
• On the main screen click on 'Scan your computer'.
• Check: 'Perform Complete Scan then Click 'Next' to start the scan.
• Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
• Make sure everything found has a checkmark next to it,then press 'Next'.
• Click on 'Finish' when you've done.
  
  It's possible that the program will ask you to reboot in order to delete some files.
  
  Obtain the SuperAntiSpyware log as follows:
  Click on 'Preferences'.
  Click on the 'Statistics/Logs' tab.
  Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
  It will then open in your default text editor,such as Notepad.
  Attach the notepad file here on your reply

 

[dlee337]

here is the SuperAntiSpyware log.

 

[dlee337]

On IE the windows are freezing and takes along time for them to close out.

 

[kimsland]

This will not hurt the support being offered

How to use Reset Internet Explorer Settings (RIES

To use RIES in Internet Explorer 7, follow these steps:

1. Click the Tools menu, and then click Internet Options.
2. On the Advanced tab, click Reset.
3. In the Reset Internet Explorer Settings dialog box, click Reset.
4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.

Note for users who cannot start Internet Explorer 7 for some reason, use RIES from Internet Options in Control Panel.

Please let me know if it helped.

 

[xxdanielxx]

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• 
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Then post a fresh hijackthis log

 

[dlee337]

Ok ran the ATF Cleaner. Here is the HJ Log. Thanks

 

[kimsland]

I'd remove zeropop program
Also RIES not run
But xxdanielxx is more knowledgable on this, I just like IE all clean

 

[dlee337]

also the last couple of days when My Ca Spyware runs it picks up
Client Man and Banbot. It says Banbot is a trojan. I delete them but they come back.

 

[kimsland]

Have a look at:

New Preliminary Removal Instructions

It will remove all these nasties

 

[xxdanielxx]

Hey sorry I have been very busy

• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
  
  • C:\Program Files\zeropop.exe
• Click on the Upload button
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

 

[dlee337]

Virusscan.org will not get past step 2. It just sits there.says analyzing file.
I did the RIES. when I did that I downloaded the add on zero pop. do I need to delete it? My PC seems to be working good. The last couple days the trojan spyware has not showed up in my spyware scanner. I do appreciate all the help.
Thanks

 

[xxdanielxx]

try this one

http://www.kaspersky.com/scanforvirus

 

[kimsland]

I downloaded the add on zero pop. do I need to delete it?

IE 7 has Popup Blocker anyway
I say remove it

 

[xxdanielxx]

Ok I found info on it

http://www.siteadvisor.com/sites/0pop.com/downloads/14313983/

It is a legit app can you post a fresh hijackthis log to make sure you are good to go

 

[dlee337]

Here is my HJ log

 

[kimsland]

Found all this, that can be ticked and removed:

C:\DOCUME~1\DANNYL~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\zeropop.exe
C:\WINDOWS\system32\0pop.dll
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} -
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - Startup: 0pop.lnk = C:\Program Files\zeropop.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -
C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/

I thought you were removing zeropop ?

Also that Main Start page (RR) was How to use Reset Internet Explorer Settings (RIES) run fully?

There may be other issues too!

You have fully run MalwareBytes, and then selecting remove all found issues, once completed?

 

[xxdanielxx]

there is nothing wrong anymore the log looks clean why are you removing items like

BitDefender
roadrunner homepage

and others that are not infected all we have to do is a clean up which I will post as soon as I can