TechSpot

spyware infection - but cant detect it!

By aaron1979
Nov 20, 2005
  1. Hey

    I have a problem which seems to be common in that I get the little red circle with a white x down the corner of my screen that "Your computer is infected! .... blah blah" yet when i click on the bubble (cos it says to) nothing happens and it just keeps coming up evry 2 min. I have run AVG 7 , ad-aware se personal edition, windows anti-spyware and spybot S+D all in safe mode. They came up with some things which i cleaned out such as "surf Accuracy" and "Powerscan" and some other things I cant remember the names of. But i still get the little red circle with the x. I ran Hijack this in safe mode too and the attachment should come with this post.

    appreciate any help

    cheers
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    First Read: Only use these HJT-instructions when asked!
    /P/ Process needs to be stopped
    /R/ unRegister the xxx.DLL in that line
    Transfer the text from between these dotted lines underneath to between the dotted lines of the above post.
    Make sure to follow ALL instructions in SEQUENCE, and in HiJackThis tick/fix ALL lines indicated here!
    ...................................................................................................
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=Q304&bd=pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=Q304&bd=pavilion&pf=desktop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    /R/ O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    /P/ O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120705300502
    ...................................................................................................
     
  3. aaron1979

    aaron1979 TS Rookie Topic Starter

    thanks for the quick response. will do it.

    am a bit embarrassed by this as should have known but for anyone alse with a similar prob make sure you re-select "perform full system scan" in ad-aware SE when scanning in safe mode because this option was de-selected again when i did it. after doing that i ran the scan again and found more powerscan crap and have not been getting that annoying msg since.

    cheers
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...