also @ TechSpot: Android 4.0: Tracking Ice Cream Sandwich's Availability on Smartphones

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

Pop up`s/Spyware problems.

Discussion in 'Virus and Malware Removal' started by Erisl, May 20, 2006.

Thread Status:
Not open for further replies.

  1. Erisl Newcomer, in training

    Sorry for the non-descriptive title but i didn't know what else to say. Im new to these forums, i came upon them while looking for help.

    Anyways, lately im having a lot of problems with my computer. Every so often Norton internet security comes up and says that they found a virus but cannot delete it, then i press ok, and it just keeps coming back up. Also, if i try to end a process called svchost.exe (not the system one, a different one - there is usually like 5 svchost.exe's in the process list) then a little box comes up that says N Authority is going to shutdown my computer in 60 seconds, then it counts down from 60 and shuts it down when it reaches 0. One time norton said there was a trojan, and it couldnt delete it so, i rebooted in safe mode and tried to delete it but it still said accessed denied. If i leave my computer on for awhile, then i come back, there is usually like 15 ads all saying "your infected with spyware! go here now to get rid of it" and some other random ads. Any help would be appreciated, thanks.
    Erisl, May 20, 2006
    #1

  2. howard_hopkinso Newcomer, in training

    Hello and welcome to Techspot.

    Go HERE and follow the instructions.

    Post a fresh HJT log as an attachment, only after doing the above.

    Regards Howard :wave: :wave:
    howard_hopkinso, May 20, 2006
    #2

  3. Erisl Newcomer, in training

    New HJT log.

    Ok, my new HJT log, after completing all the steps.
    Erisl, May 20, 2006
    #3

  4. howard_hopkinso Newcomer, in training

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Click start/run and type regsvr32 /u C:\WINDOWS\SYSTEM32\winmbj32.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe (file missing)

    Fix all 016_DPF entries.

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: winmbj32 - C:\WINDOWS\SYSTEM32\winmbj32.dll

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    C:\WINDOWS\SYSTEM32\winmbj32.dll

    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT log.


    Regards Howard :)
    howard_hopkinso, May 20, 2006
    #4

  5. Erisl Newcomer, in training

    New HJT

    New HJT log
    Erisl, May 20, 2006
    #5

  6. howard_hopkinso Newcomer, in training

    Go HERE and follow the instructions.

    Then, go HERE and follow the instructions exactly.

    Please post a fresh HJT log after doing the above.

    Regards Howard :)
    howard_hopkinso, May 20, 2006
    #6

  7. Erisl Newcomer, in training

    New HJT log

    New HJT log.
    Erisl, May 20, 2006
    #7

  8. howard_hopkinso Newcomer, in training

    You are correct, that this is the only nasty left on your computer.

    Symantec/Norton has an alert and removal instructions.

    Look HERE for further info.

    Regards Howard :)
    howard_hopkinso, May 20, 2006
    #8

  9. howard_hopkinso Newcomer, in training

    You have not run the Ewido scan as instructed.

    This is why you can`t get rid of that 020 entry.

    You must run the Ewido scan and post a fresh HJT log and the Ewido scan log.

    Regards Howard :)
    howard_hopkinso, May 20, 2006
    #9

  10. Erisl Newcomer, in training

    Completed Ewido scan, and HJT log

    I completed the Ewido scan with all the steps you said. Here is the Ewido log and the HJT log.
    Erisl, May 21, 2006
    #10

  11. howard_hopkinso Newcomer, in training

    That`s fantastic. Your HJT log is now clean.

    Well done.

    Regards Howard :)
    howard_hopkinso, May 21, 2006
    #11

  12. howard_hopkinso Newcomer, in training

    Just as an update, so that others may possibly benefit.

    Erisl pm`d me to say, that after running Ewido, the nasty 020 entry was no longer in his HJT log, but his antivirus software was still finding it.

    With this in mind, I gave him the following instructions.

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Run HJT and click on the config button, then the Misc Tools button. Click on the Delete file on reboot button and browse to this file C:\WINDOWS\SYSTEM32\winmbj32.dll. Click open. You will be prompted to restart your computer. Click Yes.

    Once the computer has rebooted, turn system restore back on.

    He later pm`d me to say this had been successful and his system was now clean.

    Regards Howard :)
    howard_hopkinso, May 21, 2006
    #12
Thread Status:
Not open for further replies.