TechSpot

Pop up`s/Spyware problems.

By Erisl
May 20, 2006
  1. Sorry for the non-descriptive title but i didn't know what else to say. Im new to these forums, i came upon them while looking for help.

    Anyways, lately im having a lot of problems with my computer. Every so often Norton internet security comes up and says that they found a virus but cannot delete it, then i press ok, and it just keeps coming back up. Also, if i try to end a process called svchost.exe (not the system one, a different one - there is usually like 5 svchost.exe's in the process list) then a little box comes up that says N Authority is going to shutdown my computer in 60 seconds, then it counts down from 60 and shuts it down when it reaches 0. One time norton said there was a trojan, and it couldnt delete it so, i rebooted in safe mode and tried to delete it but it still said accessed denied. If i leave my computer on for awhile, then i come back, there is usually like 15 ads all saying "your infected with spyware! go here now to get rid of it" and some other random ads. Any help would be appreciated, thanks.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Go HERE and follow the instructions.

    Post a fresh HJT log as an attachment, only after doing the above.

    Regards Howard :wave: :wave:
     
  3. Erisl

    Erisl TS Rookie Topic Starter

    New HJT log.

    Ok, my new HJT log, after completing all the steps.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Click start/run and type regsvr32 /u C:\WINDOWS\SYSTEM32\winmbj32.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe (file missing)

    Fix all 016_DPF entries.

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: winmbj32 - C:\WINDOWS\SYSTEM32\winmbj32.dll

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    C:\WINDOWS\SYSTEM32\winmbj32.dll

    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT log.


    Regards Howard :)
     
  5. Erisl

    Erisl TS Rookie Topic Starter

    New HJT

    New HJT log
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Go HERE and follow the instructions.

    Then, go HERE and follow the instructions exactly.

    Please post a fresh HJT log after doing the above.

    Regards Howard :)
     
  7. Erisl

    Erisl TS Rookie Topic Starter

    New HJT log

    New HJT log.
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    You are correct, that this is the only nasty left on your computer.

    Symantec/Norton has an alert and removal instructions.

    Look HERE for further info.

    Regards Howard :)
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    You have not run the Ewido scan as instructed.

    This is why you can`t get rid of that 020 entry.

    You must run the Ewido scan and post a fresh HJT log and the Ewido scan log.

    Regards Howard :)
     
  10. Erisl

    Erisl TS Rookie Topic Starter

    Completed Ewido scan, and HJT log

    I completed the Ewido scan with all the steps you said. Here is the Ewido log and the HJT log.
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    That`s fantastic. Your HJT log is now clean.

    Well done.

    Regards Howard :)
     
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Just as an update, so that others may possibly benefit.

    Erisl pm`d me to say, that after running Ewido, the nasty 020 entry was no longer in his HJT log, but his antivirus software was still finding it.

    With this in mind, I gave him the following instructions.

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Run HJT and click on the config button, then the Misc Tools button. Click on the Delete file on reboot button and browse to this file C:\WINDOWS\SYSTEM32\winmbj32.dll. Click open. You will be prompted to restart your computer. Click Yes.

    Once the computer has rebooted, turn system restore back on.

    He later pm`d me to say this had been successful and his system was now clean.

    Regards Howard :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.