TechSpot

Hard to beat webweb123 critter

By pablosubo
Oct 27, 2009
  1. Hi. Im gettin crazy!!!! jejejejej

    My machine was workin OK till sundenly, it got filled of virus, trojans & spyware.

    I didi de 8 steps, and got my machine totally clean, but some minutes later, the threats appeared agan and again.

    Aparently there is something resident which neither program is seeng, and infects my machine with different theats.

    I ran many times Cclear, SuperAntispyware, Spyhunter @ Malwarebytes.

    The latest thing is "somebody" trying to change my IE homepage to www.webweb123.com (superAntispyreware is avoiding this to happnes, it pops me this window every minute or so...)

    I google it up, and very little information appears of this threat.

    As I write this, Ive just finished running Mcaffe, SuperAnti & MAlawarebytes ant none one shows any threat on the memory, but someones is still trying to change my home page....

    Hope you can help me.

    Thanks a lot!!!!

    Pablo


    View attachment 53040

    View attachment 53041

    View attachment 53042

    View attachment 53043
     
  2. pablosubo

    pablosubo TS Rookie Topic Starter

    Je, just finished writting this and Adaware did not last to appear......




    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 10/27/2009 at 03:35 AM

    Application Version : 4.29.1004

    Core Rules Database Version : 4191
    Trace Rules Database Version: 2103

    Scan type : Custom Scan
    Total Scan Time : 00:07:12

    Memory items scanned : 675
    Memory threats detected : 0
    Registry items scanned : 7050
    Registry threats detected : 0
    File items scanned : 0
    File threats detected : 11

    Adware.Tracking Cookie
    C:\Documents and Settings\psubotobsky\Cookies\psubotovsky@collective-media[1].txt
    C:\Documents and Settings\psubotobsky\Cookies\psubotovsky@apmebf[1].txt
    C:\Documents and Settings\psubotobsky\Cookies\psubotovsky@questionmarket[2].txt
    C:\Documents and Settings\psubotobsky\Cookies\psubotovsky@doubleclick[2].txt
    C:\Documents and Settings\psubotobsky\Cookies\psubotovsky@ads.us.e-planning[1].txt
    C:\Documents and Settings\psubotobsky\Cookies\psubotovsky@ad.yieldmanager[1].txt
    C:\Documents and Settings\psubotobsky\Cookies\psubotovsky@mediaplex[1].txt
    C:\Documents and Settings\psubotobsky\Cookies\psubotovsky@content.yieldmanager[1].txt
    C:\Documents and Settings\psubotobsky\Cookies\psubotovsky@kontera[1].txt
    C:\Documents and Settings\psubotobsky\Cookies\psubotovsky@atdmt[2].txt
    C:\Documents and Settings\psubotobsky\Cookies\psubotovsky@overture[2].txt
     
  3. fatherof4

    fatherof4 TS Rookie

    An attempt to help

    I found out the hard way that you must:

    1--download all the programs first
    2--disconnect from the Internet to prevent intrusion
    3--disable System Restore to prevent your machine from returning to an old, bad state,
    4--disable all AV-Malware programs before running any AV-Malware programs--In some programs (like Norton Internet Security) this requires multiple settings or services.

    So, at each step, you need to make absolutely sure that the previous program is completely shut down before proceeding with the next step.

    Several weeks ago, I lost 2 days of work before getting a hold of that.

    Hope all turns out well.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Steve, I'm, checking your logs on your thread now, but was looking for original post and saw this:

    Needs some corrections:

    -
    When the system is clean, then we have you drop the old restore points and set new clean one. We don't advise doing it at the beginning because there is the possibility that a restore point may need to be used to get in to the system. The malware programs we have you run first will show if the restore points have malware. If they do, I just advise the user not to use that function at that time. The only way a restore point will reinfect a system is if it has malware and you restore to that point

    Some security programs have what are called 'resident programs' They run in Real Time and can interfere with the scans. Examples would be TeaTimer in Spybot, AdWatch in AdAware. We have you temporarily disable the residents. It IS required for Combofix and some specific programs, but these should not be run unless the helper instructs you to.

    While it may look like everyone is getting the same instructions, they are based on what we see and what symptoms are present and what the infection is. The only 'general' instruction is the steps in the preliminary removal.

    Now back to your thread.
     
  5. pablosubo

    pablosubo TS Rookie Topic Starter

    so, right now there Is something resident which neither AV is seeing (the one who is aptening to change my homepage....

    Any idea?

    Regards

    Pablo
     
  6. fatherof4

    fatherof4 TS Rookie

    Bobbye

    Mea culpa--I was general when you are, indeed, looking at specifics. I shouldn' t have poked in there. Lesson taken.
    On the other that I asked for help on, TMagic650 picked me up on a repost and got it solved. Thanks for your time.

    Pablo, sorry for the interruption.
    Fatherof4
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I knew you meant well, Steve. Tmagic isn't a malware helper. Please let me know if you need more help.
     
  8. fatherof4

    fatherof4 TS Rookie

    Oops--accidental double post.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...