Hard to beat webweb123 critter

[pablosubo]

Hi. Im gettin crazy!!!! jejejejej

My machine was workin OK till sundenly, it got filled of virus, trojans & spyware.

I didi de 8 steps, and got my machine totally clean, but some minutes later, the threats appeared agan and again.

Aparently there is something resident which neither program is seeng, and infects my machine with different theats.

I ran many times Cclear, SuperAntispyware, Spyhunter @ Malwarebytes.

The latest thing is "somebody" trying to change my IE homepage to www.webweb123.com (superAntispyreware is avoiding this to happnes, it pops me this window every minute or so...)

I google it up, and very little information appears of this threat.

As I write this, Ive just finished running Mcaffe, SuperAnti & MAlawarebytes ant none one shows any threat on the memory, but someones is still trying to change my home page....

Hope you can help me.

Thanks a lot!!!!

Pablo


View attachment 53040

View attachment 53041

View attachment 53042

View attachment 53043

 

[pablosubo]

Je, just finished writting this and Adaware did not last to appear......




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/27/2009 at 03:35 AM

Application Version : 4.29.1004

Core Rules Database Version : 4191
Trace Rules Database Version: 2103

Scan type : Custom Scan
Total Scan Time : 00:07:12

Memory items scanned : 675
Memory threats detected : 0
Registry items scanned : 7050
Registry threats detected : 0
File items scanned : 0
File threats detected : 11

Adware.Tracking Cookie
C:\Documents and Settings\psubotobsky\Cookies\psubotovsky@collective-media[1].txt
C:\Documents and Settings\psubotobsky\Cookies\psubotovsky@apmebf[1].txt
C:\Documents and Settings\psubotobsky\Cookies\psubotovsky@questionmarket[2].txt
C:\Documents and Settings\psubotobsky\Cookies\psubotovsky@doubleclick[2].txt
C:\Documents and Settings\psubotobsky\Cookies\psubotovsky@ads.us.e-planning[1].txt
C:\Documents and Settings\psubotobsky\Cookies\psubotovsky@ad.yieldmanager[1].txt
C:\Documents and Settings\psubotobsky\Cookies\psubotovsky@mediaplex[1].txt
C:\Documents and Settings\psubotobsky\Cookies\psubotovsky@content.yieldmanager[1].txt
C:\Documents and Settings\psubotobsky\Cookies\psubotovsky@kontera[1].txt
C:\Documents and Settings\psubotobsky\Cookies\psubotovsky@atdmt[2].txt
C:\Documents and Settings\psubotobsky\Cookies\psubotovsky@overture[2].txt

 

[fatherof4]

An attempt to help

I found out the hard way that you must:

1--download all the programs first
2--disconnect from the Internet to prevent intrusion
3--disable System Restore to prevent your machine from returning to an old, bad state,
4--disable all AV-Malware programs before running any AV-Malware programs--In some programs (like Norton Internet Security) this requires multiple settings or services.

So, at each step, you need to make absolutely sure that the previous program is completely shut down before proceeding with the next step.

Several weeks ago, I lost 2 days of work before getting a hold of that.

Hope all turns out well.

 

[Bobbye]

Steve, I'm, checking your logs on your thread now, but was looking for original post and saw this:

Needs some corrections:

I found out the hard way that you must:

1--download all the programs first. optional

-

2--disconnect from the Internet to prevent intrusion- not necessary usually

3--disable System Restore to prevent your machine from returning to an old, bad state,

When the system is clean, then we have you drop the old restore points and set new clean one. We don't advise doing it at the beginning because there is the possibility that a restore point may need to be used to get in to the system. The malware programs we have you run first will show if the restore points have malware. If they do, I just advise the user not to use that function at that time. The only way a restore point will reinfect a system is if it has malware and you restore to that point

4--disable all AV-Malware programs before running any AV-Malware programs--In some programs (like Norton Internet Security) this requires multiple settings or services.

Some security programs have what are called 'resident programs' They run in Real Time and can interfere with the scans. Examples would be TeaTimer in Spybot, AdWatch in AdAware. We have you temporarily disable the residents. It IS required for Combofix and some specific programs, but these should not be run unless the helper instructs you to.

So, at each step, you need to make absolutely sure that the previous program is completely shut down before proceeding with the next step. Yes, this is good.

While it may look like everyone is getting the same instructions, they are based on what we see and what symptoms are present and what the infection is. The only 'general' instruction is the steps in the preliminary removal.

Now back to your thread.

 

[pablosubo]

so, right now there Is something resident which neither AV is seeing (the one who is aptening to change my homepage....

Any idea?

Regards

Pablo

 

[fatherof4]

Bobbye

Mea culpa--I was general when you are, indeed, looking at specifics. I shouldn' t have poked in there. Lesson taken.
On the other that I asked for help on, TMagic650 picked me up on a repost and got it solved. Thanks for your time.

Pablo, sorry for the interruption.
Fatherof4

 

[Bobbye]

I knew you meant well, Steve. Tmagic isn't a malware helper. Please let me know if you need more help.

 

[fatherof4]

Oops--accidental double post.