TechSpot

Possible Ad-Ware?

By Sabin07
Jul 6, 2007
  1. Lately my computer has been running slower especcially when on the internet and I have been getting frequent pop-ups which I never got before. I think this might be caused by Ad-Ware, I have run scans with Spybot S&D and Ad-Aware and deleted what the searches has come up with but the problem persists. Does anyone know what i can do to fix this?
     
  2. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    It is quite possible that you are infected with some kind of adware or spyware. Please do the following, which will enable us to see if your computer is infected.

    Go and read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, ComboFix, and AVG Antispyware logs as attachments into this thread, only after doing the above. Also post here the results of the AVG Antirootkit scan.

    Regards :)

    This thread is for the use of Sabin07 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  3. Sabin07

    Sabin07 TS Rookie Topic Starter Posts: 18

    Ok, I followed the instructions the best I could but I had a few problems the online virus scanner didnt load so as of the instructions I skipped that part. Also in step 10 tool1 the smitfraudfix didnt work, the program just loaded to all black instead of the blue with writing that was shown on the screenshots on the webpage. the AVG anti-rootkit scan didnt work I followed the instructions and the scan worked but when it got to 91% done it just stopped making anymore progress I let it go for approximately 40 minutes but it just stayed at 91%.
     

    Attached Files:

  4. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Your system is infected.

    Very Important: Malware infections can lead to identity theft, loss of funds from bank accounts, misuse of credit card information, etc since they can send sensitive information from your computer to their creators. Please read this thread before deciding what course of action to take regarding your infection.

    Please read the above thread and let me know what you decide.

    Regards :)

    This thread is for the use of Sabin07 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  5. Sabin07

    Sabin07 TS Rookie Topic Starter Posts: 18

    Ok, I am going to try and clean my system as it is just used for gaming/music and that kind of stuff. There's no personal information on it as I am well aware of the risks it poses. So if you can help me get my computer cleaned it wold be very much appreciated.
     
  6. Sabin07

    Sabin07 TS Rookie Topic Starter Posts: 18

    On, Second thought, how much of a risk would it be if I was to copy my games saved files onto a flash drive and then reformat my computer and put my files back onto my computer after the reformatting? Because thats the only thing on my computer im worried about losing if I reformat
     
  7. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Copying game files shouldn't matter; just be sure you can still use them after you reformat. You shouldn't back up Microsoft Word or Excel files, however, as some viruses infect them, and then opening them would just reinfect your computer.

    Cleaning your computer shouldn't be too hard either; please let me know once you decide what to do.

    Regards :)

    This thread is for the use of Sabin07 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  8. almcneil

    almcneil TS Guru Posts: 1,277

    If spyware symptoms persist after running multiple anti-spyware utilities, I perform a repair installation. Although the utilities can remove the spyware, there may still be corruption in the Windows system files. In most cases, a repair installation utility in the installation can fix this.

    First, I recommend you run at least 3 anti-spyware utilities. The ones I recommend to my customers are:

    • Ad-Aware 2007
    • Spybot Search & Destroy
    • AVG Anti-spyware

    All are free and can be downloaded over the Internet. Also, you may want to re-run them in Safe Mode as some spyware hide behind Windows security features. In Safe Mode, these security features are removed or relaxed and the spyware can then be detected and removed.

    Once you're sure that your system is free of spyware, then boot from the installation CD and select the repair feature (Note: the first repair feature is Recovery Console, skip that one, it's the second repair utility you want.)
     
  9. Sabin07

    Sabin07 TS Rookie Topic Starter Posts: 18

    All right after some thought i've decided that I will go with my original decision to try and clean my system.
     
  10. Sabin07

    Sabin07 TS Rookie Topic Starter Posts: 18

    Ok, anytime you want to tell me what to do next just go ahead and post it. I hate to come off as being rude but I really need help with this.
     
  11. momok

    momok TS Rookie Posts: 2,265

    Hi,

    You are running an outdated version of HijackThis.
    You can obtain the latest version from the link in my signature.

    Please run through our Viruses/Spyware/Malware, preliminary removal instructions again and complete steps 4,5, and 11-15 again.

    Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

    Also, please let me know the results of the AVG Antirootkit scan


    Regards,
    Your friendly momok =)

    This thread is for the use of Sabin07 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. Sabin07

    Sabin07 TS Rookie Topic Starter Posts: 18

    I followed the steps you said and here are the logs. The anti-Rootkit didnt find anything.
     
  13. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Download the attached "CFScript.txt" (from my attachment) and save it to the same folder as Combofix.

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE
    Next turn on "Show all files and folders, including hidden and system". See how HERE

    1. Please, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ichoice.ns.ca/
      O2 - BHO: (no name) - {8e96c9e5-2b93-4133-bf48-0c50a8a28081} - C:\WINDOWS\system32\dinECD.dll
      O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\tmpD1.tmp.dll (file missing)
      O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\dinECD.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\dinECD.dll

      O20 - AppInit_DLLs: c:\windows\system32\ddcywwx.dll
      O20 - Winlogon Notify: cnetenh - C:\WINDOWS\SYSTEM32\cnetenh.dll
      O20 - Winlogon Notify: dinECD - C:\WINDOWS\SYSTEM32\dinECD.dll

      Close HJT.
    2. Referring to the image below, drag the CFScript.txt that you downloaded earlier over on to Combofix.exe and release.

      [​IMG]

      This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.

    3. Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of Sabin07 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. Sabin07

    Sabin07 TS Rookie Topic Starter Posts: 18

    here are the reports of the scans.
     
  15. Sabin07

    Sabin07 TS Rookie Topic Starter Posts: 18

    any more help?
     
  16. almcneil

    almcneil TS Guru Posts: 1,277

    Sabin,

    Just got back online after a few days. I agree, always try to save your installation over a reformat & re-install!

    Did you try running Ad-Aware 2007 and Spybot Search & Destroy as I suggested? If not, they are free and can be downloaded over the Internet.

    If you have, then try an XP repair installation.
     
  17. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Run HijackThis and do a system scan. Place a check in the box next to the following entries (if there):

    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - [http]www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

    O20 - Winlogon Notify: dinECD - dinECD.dll (file missing)

    Then close all open programs except HJT. Click the Fix Checked button. Wait until it's done fixing; then close HJT.

    Other than that, your logs look clean.

    Delete all files in AVG Anti-Spyware Quarantine folder (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine).

    Turn off system restore. See how HERE.
    This will remove all your old system restore points and any nasties hiding in them.

    After that turn system restore back on.
    This will create a new, clean restore point for your system.

    An infection can often occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article. This can help to prevent future infections.

    Should you have further virus/spyware problems, please post in this thread.

    Regards :)

    This thread is for the use of Sabin07 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  18. Sabin07

    Sabin07 TS Rookie Topic Starter Posts: 18

    I have run Ad-Aware and Spybot S&D as almcneil suggested. I have also followed kitty500cat's instructions. All symptons of the infection have gone away. I am posting a fresh HJT log just to be sure that theres nothing else there.
     
  19. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Your log is clean. Should you have any further problems please feel free to post back in this thread.

    Regards,
    Your friendly momok =)

    This thread is for the use of Sabin07 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  20. Sabin07

    Sabin07 TS Rookie Topic Starter Posts: 18

    All right, thanks for all the help everyone has given me.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...