TechSpot

raze spyware

By joshcupp
Nov 8, 2005
  1. post-raze spyware

    I had raze spyware flashing on my desktop demanding moolah, so I scanned Spybot, Trojanhunter, Ewido, Panda Active scan and got rid of some baddies, but now instead of the raze adware I have this flashing grey then white html screen on my desktop. So here's my new hjt log if any can help. puke:
     

    Attached Files:

  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe
    Put HijackThis in e.g. C:\Program Files\HJT and NOT in Temp or on the Desktop!.

    First Read: Only use these HJT-instructions when asked!
    /P/ Process needs to be stopped
    Transfer the text from between these dotted lines underneath to between the dotted lines of that post.
    Make sure to follow ALL instructions in SEQUENCE, and in HiJackThis tick/fix ALL lines indicated here!
    ...................................................................................................
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    /P/ O4 - HKLM\..\Run: [dmcvc.exe] C:\WINNT\System32\dmcvc.exe
    Fix ALL your O16 - DPF: entries
    Unless these IP-numbers are from your ISP, fix this O17
    O17 - HKLM\System\CCS\Services\Tcpip\..\{81B1B5CB-08AD-49C7-A5FA-2EFE9D923DCA}: NameServer = 85.255.114.91,85.255.112.108
    ...................................................................................................

    STOP using that crappy IE (other than for Windows-updates) and install Firefox from www.getfirefox.com

    And it's also HIGH TIME you install SP2!
     
  3. joshcupp

    joshcupp TS Rookie Topic Starter

    Okay did that, but my desktop is still flashing grey and white here's a new hjt.
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    I told you to fix all your O16 entries! They are ActiveX crap!
     
  5. joshcupp

    joshcupp TS Rookie Topic Starter

    Crap fixed. My screen is still flashing grey and white. New hjt.
     
  6. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Come back when you have a decent antivirus program like AVG (not Norton/Symantec) and XP-SP2 installed.
     
  7. joshcupp

    joshcupp TS Rookie Topic Starter

    Okay AVG & SP2. Ran AVG in safemode found 1 ad ware deleted it. Rebooted screen still has grey and white html on desktop. Here's my new HJT.
     

    Attached Files:

  8. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Rightclick anywhere on the desktop, select Properties.
    If you have a Web tab, go in there and UNtick everything in there. Click on Apply/OK.
    Do you use any 'funny' screensavers or background?
    Your HJT-log is clean, by the way.
     
  9. joshcupp

    joshcupp TS Rookie Topic Starter

    All I have is the general tab. Screen saver is black and a pic are both from windows.
     
  10. dardack

    dardack TS Rookie

    Web Tab and Thanks

    Ok i had this same problem and this thread helped me. Thanks RealBlackStuff. Didn't even know that existed in XP. joshcupp, I noticed you said you couldn't find the web tab, this is how you find it.

    Either go to control panel -> Display or right click on available desktop -> properties. From there: It is under Desktop Tab -> Click Customize Desktop -> Then click web tab.

    I just deleted the thing that was listed there and nice flashy raze thingy is now gone. I had cleaned everything, but this thing was still there. Stupid IE, never use it but firefox was acting funny and needed to do something, and boom get some stupid crap. Glad i at least had teatimer running, blocked a bunch of stuff from being inserted in the registry.
     
  11. Niatona

    Niatona TS Rookie

    That did the trick, Thankyou very much, that thing was just bastardly
     
  12. alex47

    alex47 TS Rookie

    Same problem with desktop spyware!!

    Hey guys,
    I have the exact same problem as joshcupp was describing... i've scanned everything several times using various spyware removers whihc removed a few spyware items, but my desktop is still flashing white/grey... i've gone into the control panel/display/desktop/customize desktop/web and deleted a web page in there called 'Security'... but as soon as I exit the contorl panel and go in again it's reappeared???

    I've attacehd a hijackthis logfile.... please if anyone can help out that would be HUGELY appreciated this is driving me insane....

    peace out!
     
  13. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    C:\Documents and Settings\Alexander\Desktop\HijackThis.exe
    Put HijackThis in e.g. C:\Program Files\HJT and NOT in Temp or on the Desktop!.

    First Read: Only use these HJT-instructions when asked!
    /P/ Process needs to be stopped
    /U/ UNinstall anything to do with this
    /R/ unRegister the xxx.DLL in that line
    Transfer the text from between these dotted lines underneath to between the dotted lines of the above post.
    Make sure to follow ALL instructions in SEQUENCE, and in HiJackThis tick/fix ALL lines indicated here!
    ...................................................................................................
    O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - C:\WINDOWS\pxwma.dll (file missing)
    /P/U/ O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
    /P/U/ O4 - HKLM\..\Run: [Information Update] C:\Program Files\Information Update\iu.exe
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    /R/ O20 - AppInit_DLLs: interceptor.dll
    ...................................................................................................
     
  14. miricleboy

    miricleboy TS Rookie

    ok ppl i have figured this bugger out

    its so simple its not even funny

    ok here it us

    start>control pannel>display

    then go to desktop tab

    after ur there click the button customize desktop

    there click the web tab

    there delete the enrty called security (or what ever else u have there) this gets rid of the annoying desktop

    i will test for further problems
     
  15. Callander Girl

    Callander Girl TS Rookie

    Thank You!!!!

    Thank you! That did the trick!
     
  16. zeitek

    zeitek TS Rookie

    Thanks. It really helps.
    By the way, what is this spyware and why does it affect my desktop? Why couldn't any spyware program remove this spy?
     
  17. alex47

    alex47 TS Rookie


    thats great, unless of course the virus/spyware has disabled your access to that tab, or the 'security' entry simply reappears once you exit as it did in my case.
     
  18. DeepSafer

    DeepSafer TS Rookie

    Read about this "razespyware" here - shootspyware.com
    Interesting article about razespyware... :[
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...