TechSpot

Spyware infection has detected!

By Frank Jamison
Jun 9, 2007
  1. That is the message that pops up when I hover over a red shield with an X in it in my system tray.

    Left or right clicking it produces a box that says: "Would you like to update your security software and download System Live Protect?"

    I went to the live protect web site and installed their software...I get the same results as the person in this post: http://www.techspot.com/vb/topic79058.html.

    I have attached my HijackThis log file...I have no clue how to remove this annoying malware.

    Please help!

    Thanks.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your system is infected with malware.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of Frank Jamison only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Frank Jamison

    Frank Jamison TS Rookie Topic Starter

    I'm still following the instructions, but so far this thing is like herpes...it simply refuses to die.

    I have one more scan to complete...but my malware is still here.

    Here is the current hjt log.

    The root scan was clean and some other threats were removed by the SS&D and Ad-Aware scans.

    Combofix is incompatible with Vista, as are a few of the other programs mentioned.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ipmon.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [ipmon] ipmon.exe

    O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://www.cramster.com/DRM/Client/FileOpen.CAB

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Windows\System32\ipmon.exe

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log as well as an AVG Antispyware log and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of Frank Jamison only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...