Spyware - Can´t remove it all

[duw]

Hi,

my girlfriend´s comp was infected with several spywares, viruses and stuff.

I was able to remove a plenty of them, but there are still something there; it keeps opening new web page browser (IE) pages once in a while.

Attached is the log of hijackthis.

Could somebody find something there? Since i got nothing more on Spybot-S&D, Microsoft antispyware, and other tools...


Thanks,
Eduardo

 

[Tedster]

first of all, turn off all messanger programs - they're an invitation for viruses.
Second, turn off system restore.
run ewido and see what happens.

 

[duw]

Below is the ewido report (Sorry i made in on Portuguese). It can´t remove the "Spyware.Look2Me" - Error during cleaning.

Any idea on how i can get rid of it?


Thanks,
Eduardo
---------------------------------------------------------
ewido security suite - Relatório de verificação
---------------------------------------------------------

+ Criado em: 10:27:34, 14/12/2005
+ Relatório-Checksum: 1C695F

+ Resultado da verificação:

HKU\S-1-5-21-606747145-789336058-839522115-1003\Software\SerG -> Spyware.EZ-Finder : Limpo com backup
[1864] C:\WINDOWS\system32\mjw3prt.dll -> Spyware.Look2Me : Erro durante a limpeza
[572] C:\WINDOWS\system32\mjw3prt.dll -> Spyware.Look2Me : Erro durante a limpeza
C:\Arquivos de programas\Uninstall My Web Search.dll -> Spyware.MyWebSearch : Limpo com backup
C:\Documents and Settings\ORLANDO\Configurações locais\Temp\Cookies\orlando@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Limpo com backup
C:\Documents and Settings\ORLANDO\Cookies\orlando@ad.adocean[1].txt -> Spyware.Cookie.Adocean : Limpo com backup
C:\Documents and Settings\ORLANDO\Cookies\orlando@cnetasiapacific.122.2o7[1].txt -> Spyware.Cookie.2o7 : Limpo com backup
C:\Documents and Settings\ORLANDO\Cookies\orlando@e-2dj6wjl4amazaap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Limpo com backup
C:\Documents and Settings\ORLANDO\Cookies\orlando@gde.adocean[2].txt -> Spyware.Cookie.Adocean : Limpo com backup
C:\Documents and Settings\ORLANDO\Cookies\orlando@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Limpo com backup
C:\Documents and Settings\ORLANDO\Cookies\orlando@paypopup[2].txt -> Spyware.Cookie.Paypopup : Limpo com backup
C:\Documents and Settings\ORLANDO\Cookies\orlando@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Limpo com backup
C:\install.exe -> Dropper.Agent.aed : Limpo com backup
C:\WINDOWS\adtech2006a.exe -> Hijacker.VB.kc : Limpo com backup
C:\WINDOWS\kl.exe -> Logger.Small.dg : Limpo com backup
C:\WINDOWS\system32\docent0.dll -> Logger.Goldun.ev : Limpo com backup
C:\WINDOWS\system32\docentd.sys -> Logger.Goldun.ev : Limpo com backup
C:\WINDOWS\Temp\Cookies\orlando@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Limpo com backup
C:\WINDOWS\tool1.exe -> Dropper.Agent.adi : Limpo com backup
C:\WINDOWS\tool3.exe -> Downloader.Small.bwr : Limpo com backup

 

[Tedster]

Download and use this tool to remove it. Turn off system restore beforehand

http://securityresponse.symantec.com/avcenter/venc/data/spyware.look2me.html