TechSpot

Spyware Guard/winscenter.exe/gadcom.exe/sbnt.exe

By olekingcole001
Dec 11, 2008
  1. so, the story goes like this:

    i get home from college, and my family is freaking out because neither of the home computers are working. neither had any sort of antivirus or scanning programs installed (!!!) so i immediately installed both spybot and avast. after taking a closer look at the two, i'm getting frustrated. one is too bogged down with so many programs and such, and freezes every couple of minutes. this one, i've given up on, and needs to be wiped.

    the second, i have hope for -though i'm not sure why. it has the Spyware Guard/ fake Windows Security Center combo, and after a more careful look, i've also found some other little bugs, like gadcom.exe and sbnt.exe, and whatever is hijacking firefox (every time i click a link in google, it redirects me to a popup-very annoying while trying to fix this). i've sifted through several fixes other people have worked through in other forums, such as using OTScanIT (just didn't do anything when i used the fix they used) and ComboFix (windows won't even open the program).

    so i've finally decided to ask for help, as i realize i'm getting nowhere. i saw some helpful replies and decided to post here, but as i went to go through the 8-step process, i could only complete half. i put an antivirus on and let it do its thing. i used ccleaner. updated java. i can disable my protection, but after that, i'm stuck. i can't open the install files for Malwarebytes' Anti-Malware, HijackThis, or SuperAntiSpyware, so i can't attach those files. tried opening up windows in safe mode to see if it would help, but came up with the black screen with the words safe mode in the corners, but nothing else loaded.

    Help?
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  3. mflynn

    mflynn TS Rookie Posts: 2,655

    Hi okc

    D/L Xclean_Micro http://www.xblock.com/download/xclean_micro.exe
    No install, just run it delete all it finds decline to reboot on each item found.

    Xclean will run minimized and will pop up a window if it finds anything. If it finds nothing it will exit.

    Please make a note of what it found if any as it has no log.
    ----------------------------------------------------------------------------------------------------------------------------------------------------
    Don't reboot from above continue here

    Special case where after installing MBAM and SAS they will not update or run.
    http://www.techspot.com/vb/post684649-3.html

    Now try UPDATING mbam and sas. If they will not update but will run then run them without updates.

    If they run and show removed deleted malware then try updating again and run again until clean logs.

    Attach all logs for each run as they are run.

    Mike

    Opps Kim I didn't see your post.
     
  4. olekingcole001

    olekingcole001 TS Rookie Topic Starter

    SWEET! so i followed the instructions regarding TDSSserv.sys, and i can now use google! and even better than that, MBAM is installed and running. HijackThis has already run, i'll attach the logfile for that, as well as MBAM and SAS in another post when they're done

    on another note, i'm not sure how relevant it is, but when i started up the computer today, and i keep getting messages telling me different .exe files are corrupt (things like firefox) and it references me to the index.dat file every time (C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat)...took me 3 tries to get the computer past the microsoft load screen, and after that, it took another 3 to make it fully load without freezing after getting past to the logon screen. after fixing the TDSSserv.sys issue and restarting, computer ran diskcheck, and it seems to be all better.

    also ran xclean_micro, but the only thing it really pulled up the couple of times that i ran it was W32.MSNmaker

    thought i'd send a quick update, i'll post more later...thank you so much for your help guys!

    and here's the other two
     

    Attached Files:

  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    -> No action taken on MBAM scan, for found issues
    Please re-run Malwarebytes
    Confirm updated (third tab)
    Then do the above quoted message, but this time "Remove all found issues"
     
  6. mflynn

    mflynn TS Rookie Posts: 2,655

    You best rerun both MBAM and SAS after updating and begin removing them.

    You are eat up with infestation.

    Run them post logs and run them again to see if the first removals uncovered more that were hidden.

    If so attach those logs and run again. Goal is a clean log.

    Mike
     
  7. olekingcole001

    olekingcole001 TS Rookie Topic Starter

    sorry it's been so long since my post, things have been crazy and i haven't found the time to work on all of this...but i went back and looked at that mbam log, and realized i saved the log BEFORE removing the items, but i did...anyways, i ran SAS again, then MBAM again (and saved the log after i removed the items), and then hijackthis...so here are the logs
     
  8. mflynn

    mflynn TS Rookie Posts: 2,655

    OK good job.

    Both MBAM and SAS have deletions/removals.

    But these are only what they saw the first run thu. They both need to be ran again to see what they missed on the first run.

    But run ComboFix below first, post its log then UPDATE and run both MBAM ans SAS again.

    ComboFix

    NOTE: If you have had ComboFix more than a few days old delete and re-download.

    Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Or here: http://subs.geekstogo.com/ComboFix.exe

    Double click combofix.exe follow the prompts.

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.

    Mike
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...