TechSpot

Lots of Spyware, etc.

By zoaxanthellae
Jul 17, 2008
  1. I have very noticeable spyware on my computer [pop-ups, etc.] and need to get rid of it.

    I downloaded and ran Malwarebytes, and the good news is my desktop and task manager are no longer locked, and the pop-ups seem to have stopped - awesome. But MBAM said it could not remove some threats...enclosed is the log.

    Thanks in advance! :D
     
  2. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Hey I Welcome to TechSpot my Name is xxdanielxx I will be helping you in getting your computer clean. First open MBAM and click on the Quarantined tab and delete everything there if you have not done so yet.

    * Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Doubleclick on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. zoaxanthellae

    zoaxanthellae TS Rookie Topic Starter

    Thanks for your help :)

    I followed all your instructions and came up with this.

    [I can't copy and paste it, because it recognizes certain parts of it as links, apparently, and I don't have enough posts for that].
     
  4. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Right click Here and select Save As to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop. To run the inf file, right click on it and select Install.

    Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

    Please re-open HiJackThis and scan.**Check the boxes next to all the entries listed below.

    O4 - HKLM\..\Run: [xloadnet] "C:\Program Files\xloadnet\xloadnet.exe"
    O4 - HKCU\..\Run: [xloadnet] "C:\Program Files\xloadnet\xloadnet.exe"
    O15 - Trusted Zone: *.sxload.net (HKLM)
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dmp0\command.exe

    Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis.**Reboot into safe mode.

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

    xloadnet

    Please note any other programs that you don't recognize in that list in your next response.

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

    C:\Program Files\xloadnet


    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

    C:\WINDOWS\dmp0\command.exe

    After that, Reboot, and post a new HijackThis log here in a reply
     
  5. zoaxanthellae

    zoaxanthellae TS Rookie Topic Starter

    All right, I followed all the steps [once again, thanks]:
     
  6. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    we need to delete this item in hijakcthis

    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dmp0\command.exe
     
  7. zoaxanthellae

    zoaxanthellae TS Rookie Topic Starter

    For some reason, HijackThis can't delete that. I tried a couple of times, and each time it asked if I wanted to delete this file, and I selected yes, but a second scan revealed it was still there.
     
  8. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    yea hijackthis won't remove 023 entries they are running services - daniel you can remove with a batch file or through msconfig - I prefer batch, as no offense, but it removes the opportunity for the user to stop and delete the wrong service
     
  9. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,491   +183

    i can recommend a 3rd (i think safe) approach to deal with users removing services
    • Start command prompt. Enter services.msc. (i think this interface makes it easier to recognize the correct service)
    • Right click on the service in question and select Properties
    • Change startup type to Disabled
    • Restart your computer
    One can safely keep the service around when testing (When a service is Disabled it's impossible to Start it by accident or by anything else cuz it won't even get loaded when XP startups nor can it be loaded while XP is running. But note you must restart your computer first before Disabled takes affect). One can then test that all boots up and runs smoothly, if they choose, before physically deleting the service from their computer
     
  10. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

  11. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    We need to get rid of one of the services running on your machine. To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

    Code:
    @echo off
    sc stop command.exe
    sc delete command.exe
    del service.cmd and exit
    
    Save it to your desktop as File name: service.cmd
    Save as type: All Files

    Once done, double click service.cmd to run it. A command window will open briefly, then close. This is quite normal.
     
  12. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Very good try. this will not delete the file itself :grinthumb . So you still have to find a way to delete this folder c:\windows\<randomcharacters>

    We need to get rid of one of the services running on your machine. To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

    Code:
    @echo off
    sc stop cmdService
    sc delete cmdService
    del service.cmd and exit
    
    Save it to your desktop as File name: service.cmd
    Save as type: All Files

    Once done, double click service.cmd to run it. A command window will open briefly, then close. This is quite normal.

    Afterwards please run a fresh scan with hijackthis and attach here
     
  13. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    lol Ok I see I need the name of the service not the file right
     
  14. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    you got it, and if there is a name in (shortname of service) that is what you use, if not then you use the full service name - then after just removed the random folder like normal
     
  15. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Now in this case would we delete this folder

    C:\WINDOWS\dmp0
     
  16. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    correct - after the services are stopped and deleted you should be able to delete the folder no problem - as the files will no longer be in use
     
  17. zoaxanthellae

    zoaxanthellae TS Rookie Topic Starter

    Followed the instructions regarding c/p-ing the code into notepad, and here's what HijackThis now reads:
     
  18. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    looks good your log looks clean.

    Update your Java Runtime Environment

    First try going to Start -> Control Panel -> double click Java
    Select the Update Tab at the top of the Java console
    Click the Check for Updates button at the bottom
    If it finds the newer version (Java 6 Update 7) Follow the on screen instructions (uncheck the yahoo toolbar option)
    After it installs the newest version Go back to Control Panel -> Add/remove programs (programs and features in vista)
    Uninstall any older versions of Java

    If for some reason you couldn't update through the above instructions.
    Update your Java Runtime Environment
    Click the following link
    Java Runtime Environment 6 Update 7
    The 5th option down is the one you want (click Download)
    Check the box to agree to terms of service
    Check the box for your operating system and click 'Download selected'at the bottom
    After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
    Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_07 folder

    ---------------------------------------------

    Uninstall ComboFix

    • Click Start then Run
    • Now Type Combofix /u in the runbox
    • Make sure there's a space between Combofix & /u
    • Then hit Enter

    The above procedure will Delete the following:
    • ComboFix & it's associated files & folders.
    • Reset the clock settings.
    • Hide file extensions, if required.
    • Hide system/hidden files, if required.
    • Set a new, clean Restore Point.

    ------------------------------------------------------------------

    OTCleanit! by Oldtimer

    • Download OTCleanIt
    • Click the CleanUp! button.
      (It will go thorugh the list & remove all of the tools it finds and then delete itself) Requiring a reboot

    -------------------------------------

    The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
    1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
    2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
    3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
    4. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
    5. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
    6. ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
    7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
    8. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
    9. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
    xxdanielxx
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...