TechSpot

Popups

By frazer
Nov 19, 2007
  1. hi all
    i have scanned my pc with rootkit, avgas, smitfraud,vundofix and vbg, but still my IE is getting popunders asking to buy games consoles and phones etc. it also seems to slows up the operation of my pc too. i have installed FF but none appear there which is good so the problem is with msIE.
    attached is a log from hjt.

    i suspect that this may be the culprit O4 - HKLM\..\Run: [zmgjhijl] c:\windows\system32\zmgjhijl.exe zmgjhijl but i cant find any info on it.

    your help would be appreciated:grinthumb
     
  2. tomrca

    tomrca TS Rookie Posts: 1,000

    i searched for this file too and found nothing. probably howard or momok will know something on it
    it probably be best if you scan again with the programmes you already have used and post the logs from them too
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your system is infected with malware and you`re running an outdated version of HJT and from the wrong location.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

    Also, let me know the results of the Panda Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of frazer only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  4. uero12

    uero12 TS Rookie

    XoftSpy. Works well.
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    To be quite honest. I don`t think Xoftspy is very good. It seems to suffer from an inordinate amount of false positives and isn`t that good at killing malware.

    Taken from HERE.

    Even though Xoftspy has now been unlisted from the rogue programmes list, I still feel, there are far better programmes out there.

    Regards Howard :wave: :wave:

    This thread is for the use of frazer only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. uero12

    uero12 TS Rookie

    Xoftspy

    I guess it's time to move on. Xoftspy has worked in the past for me many of times. I have noticed in a few circumstances where new adware/spyware that is more aggressive Xoftspy has not always worked. Thansk for the heads up.

    On another note
    I know I know this question has been asked numerous of times and yes its the Dell Master Password question. Is anyone responding to this post? I only ask becasue I'm a technician for a school district in CA. We normally dont support Dell we're primarly HP systems. Well one of our students changed the bios password and I need help. I see this happening more often than wanted. Could you help or should I just wait to hear from someone else?

    Thanks
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    There`s only a couple of guys that can help with the Dell Password Issue. It really is a case of waiting for their help.

    Regards Howard :)

    This thread is for the use of frazer only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. frazer

    frazer TS Rookie Topic Starter

    hi howard, done all the scans including nanoscan. panda antirootkit=0 and nonoscan=0.
    attatched are the logs. thank you:grinthumb
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Spyware-Secure

    Close control panel.

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Code:


    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

    Regards Howard :)

    This thread is for the use of frazer only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...