TechSpot

looks like i still have mssearchnet, but i cant be shure

By slasher_65
May 10, 2006
  1. getting all the usual annoying "you have spyware! press this and we will fix all your problems". dont have time to say more, will elaberate later. thanks for your help!
     

    Attached Files:

  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your system is infected with possibly the new variant of smitFraud.

    Go HERE and follow the instructions.

    Post a fresh HJT log, only after doing the above.

    Regards Howard :)
     
  3. slasher_65

    slasher_65 TS Rookie Topic Starter Posts: 22

    just a quicky to say that i dont seem to be able to open CMD files. a tad strange. i can see them, but not open them. im workin on that! (unregognised file type not being able to open them)
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Once you`ve followed the instructions, post a fresh HJT log. it may well be that some malware is blocking your use of the cmd files.

    Untill I get a fresh HJT log from you, it`s hard to say.

    Regards Howard :)
     
  5. slasher_65

    slasher_65 TS Rookie Topic Starter Posts: 22

    i need the cmd files to run smitfraudfix.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Have you tried running the Smitfraudfix from safe mode?

    Try redownloading it. If that doesn`t help, skip that step for now and continue with the rest of the instructions.

    Regards Howard :)
     
  7. slasher_65

    slasher_65 TS Rookie Topic Starter Posts: 22

    not working in safe mode. im gonna continue with the rest.
     
  8. slasher_65

    slasher_65 TS Rookie Topic Starter Posts: 22

    looks like i have the following


    * trojan-downloader-zlob
    * trojan agent winlogonhook


    * cws-aboutblank
    * elitemediagroup-mediamotor
    * multidial
    * safeguard protect
    * security2k hijacker
    * popuper
    * spyfalcon fakealert
    * spyware quake fakealert
    * prosearch.com hijack
    * navexcel navhelper


    * desktop kazaa cookie
    * howstuffworks cookie
    * atwola cookie
    * touchclarity cookie
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The Windows malicious removal tool, should take care of the zlob problem. You can get it HERE.

    Run the tool in safemode with system restore turned off.

    Follow as many of the instructions as you can and post a fresh HJT log.

    Regards Howard :)
     
  10. slasher_65

    slasher_65 TS Rookie Topic Starter Posts: 22

    at first the windows tool aint finding anything. ill just finnish the rest then try.
    the cws thing is not being found by the cwsshredder. same for compleating the rest then trying.
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    A week has gone by since you started this thread and I have still not had a HJT log from you.

    Until I do, there is nothing I can do to help you.

    Follow as many of the instructions HERE as you can and post a fresh HJT log, after doing so.

    Regards Howard :)
     
  12. slasher_65

    slasher_65 TS Rookie Topic Starter Posts: 22

    here you go.
    after following all the instructions, i
    still have all the nasties listed above, and the windows tool still not finding anything.
    ewido finds 81 instances every time, although i tell it to fix them.
     
  13. Spike

    Spike TS Evangelist Posts: 2,168

    You need to follow Step 3 in the instructions Howard gave you in Safe Mode. Once you've done that successfully, post a new log. If Ewido is consistantly finding 81 entries when it's run and it's worrying you, you can post that log too when you post your next HJT log.
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Thanks Spike.

    I`ll let you deal with this one from here on in.

    I`m just fed up with people who can`t, won`t, or don`t want to follow instructions.

    I`ve better things to do with my time.

    Regards Howard :cool:
     
  15. Spike

    Spike TS Evangelist Posts: 2,168

    No problems Howard - I don't blame you. If the instructions aren't followed this time though, I won't be giving any second chances. lol
     
  16. slasher_65

    slasher_65 TS Rookie Topic Starter Posts: 22

    point of fact, the CMD file needed to use that is not recognised as a file type!
    and no, it wont work in safe mode.
    it is also hiddon. (i know this by the fact that it is slightly transparent, not that i dont have "show hiddon files" turned on)
     
  17. Spike

    Spike TS Evangelist Posts: 2,168

    Double click the attached (zipped) reg file to add the info to the registry. Change the .cmd extension to .bat, and try again.
     
  18. slasher_65

    slasher_65 TS Rookie Topic Starter Posts: 22

    soz about taking years to reply, my conenction died for 3 days.
    here is the new HJT file. i am now finding a trogin named winloginhook , plus all the usual adware.
    thanks. (it seems that the smurtfruad is gone for good though. hurrah!)
    the cws remover cant get the version of cws i have. something like cws about:blank
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...