TechSpot

Spyware infection has detected! - Help

By rob_illinois
Feb 24, 2007
Topic Status:
Not open for further replies.
  1. I get this error message in the bottom right hand corner of my computer. It is a yellow shield with a black ! mark on it.


    The message is: Spyware infection has detected! Windows has detected spyware infection which corrupted the registry.

    It is recommended to load update to prevent data loss. Windows will now download and install the most up to date software for you.

    Click here to protect your computer.

    Then when I am in IE I get large pop up all the time which is very annoying.

    Please help. Thanks
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Whatever you do, don`t click on the message.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of rob_illinois only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. rob_illinois

    rob_illinois TS Rookie Topic Starter

    Virus & Hijack Log

    Here are my Hijack Log file and Report scan from AGV.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Download Vundofix from HERE.

    Double click the Vundofix.exe to run it.

    Right click in the vundofix window and click add files.

    Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

    These are the filepaths you need to enter into Vundofix.

    C:\WINDOWS\system32\qommkhh.dll
    C:\WINDOWS\system32\vtuutss.dll

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    DAEMON Tools<your copy is infected with adware.
    Viewpoint
    Viewpoint Manager

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    SetupDTSB.exe
    UWA6P_0001_N91M1807NetInstaller.exe
    ViewMgr.exe
    tcpipmon.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;

    O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\djgwlgti.dll (file missing)

    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

    O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe

    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?

    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab

    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)

    O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)

    O20 - Winlogon Notify: winkvh32 - winkvh32.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\Viewpoint<Delete the entire folder.

    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YKMUEO8D\WinAntiVirusPro2006FreeInstall[1].cab<Delete the entire folder.

    C:\Program Files\DAEMON Tools<Delete the entire folder.

    C:\WINDOWS\system32\tcpipmon.exe

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log as well as another AVG Antispyware log.

    Regards Howard :)

    This thread is for the use of rob_illinois only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. rob_illinois

    rob_illinois TS Rookie Topic Starter

    Looks clean. I do not see the popup anymore.

    Thank you very much!

    :)
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    That`s as maybe, but I`d still like to see the log files I requested just to make sure.

    Regards Howard :)

    This thread is for the use of rob_illinois only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. rob_illinois

    rob_illinois TS Rookie Topic Starter

    Programs not loading now.??

    Everything was fine and good and now some of my programs will not load. Like Adobe PS and Cute ftp. How do I fix this issue?


    Thanks
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Have you tried reinstalling the programmes that don`t work?

    Post a HJT log as per these instructions.

    Regards Howard :)
     
  9. rob_illinois

    rob_illinois TS Rookie Topic Starter

    Not yet. Also it is very slow and locks up. And it was fine yesterday. I think it maybe a virus. I installed AVG Anti-Spyware 7.5 and when I try to do an update it says: Error sorry the server is not ready to server. Please try agin later. Yet on another pc on same network it works fine.

    Help
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    I have merged your new thread into this one.

    You may well be right about the virus.

    That`s why I asked you to post your log files the last time I was helping you.

    Post a fresh HJT log as per the instructions above.

    Regards Howard :)

    This thread is for the use of rob_illinois only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. rob_illinois

    rob_illinois TS Rookie Topic Starter

    Ok, this is a different pc, the lappie is now fine.

    Here is the log file from Hijackthis.
     
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    You were right about the infection. You`ve got at least a couple on there. It also appears you`re not running any antivirus or Firewall software. That`s a huge security risk.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :)

    This thread is for the use of rob_illinois only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. rob_illinois

    rob_illinois TS Rookie Topic Starter

    Ok I am going through the list and I am on step 11, AVG anti-rootkit tool. I did the scan and it gave me about 15 items. Do I check all of them and hit remove selected items? Or just check items in c:?

    I have one for c:\program files\internet explorer\IEXPLORE.EXE

    Is this right to hit remove for this?

    How can I see the file it is going to remove/delete?

    thanks
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    If AVG Antirootkit has found so many items, it`s because your system is probably infected with a rootkit.

    Run the scan and save the report. Attach the report here. Do not let AVG Antirootkit delete anything just yet.

    Regards Howard :)

    This thread is for the use of rob_illinois only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.