TechSpot

spyware infection has detected!

By ghetto_star24
Jun 14, 2007
  1. i have this annoying logo on my toolbar, it wont go away no matter if i use AVG, symnatic or windows defender.

    it tells me that "spyware infection is detected"

    does anyone have any ideas on how to get rid of this really annoying thing.

    ohh it looks like a red sheid with a white cross, but i can tell its not windows files.

    thanks marc.
     
  2. momok

    momok TS Rookie Posts: 2,265

    Hi ghetto_star24 and welcome to techspot. =)

    Important: Please read this thread HERE before you decide whether to clean or reformat your system.

    Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.

    Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

    Also, please let me know the results of the AVG Antirootkit scan


    Regards,
    Your friendly momok =)

    This thread is for the use of ghetto_star24 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. raybay

    raybay TS Evangelist Posts: 7,241   +9

    Registry Editor
    Spyware and Adware scanners.
    We use RegClean, Adaware 2007, SpyBot14, AVG Spyware, AVG Root Kit, and AVG Antivirus... all excelent, all free, and we don't have these problems.
    You might also want to look at the excellent posts by Howard_Hopkinso and others in these Techspot forums for details on HiJack and removal of evil infestations.
     
  4. ghetto_star24

    ghetto_star24 TS Rookie Topic Starter

    my reports back from scan

    hi thier

    i recently asked for help on a probable spyware problem, about a add on called "spyware infection detected" with a red sheild and white cross, which was clearly not windows.

    i am pleased to say that it has disapeard due to help from you guys, especially howard hopkins. brilliant guidlines.

    here are my reports from tests.

    thanks for all your help, and could you please contact me if thier is still any problems that you can see in my log files.

    cheers
     
  5. momok

    momok TS Rookie Posts: 2,265

    Hi,

    I noticed that your AVG log displays 'No Action Taken' for all the files detected.
    I suggest you run AVG again and quarantine the files. Pictorial instructions HERE.

    Also, you have not posted your ComboFix log and the results from the AVG Antiroot kit scan. Please do so in your next reply.

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    Go to start > run and type services.msc. Press the enter key.
    Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    ipmon

    Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:

    ipmon.exe

    After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {B10A6F3D-A8FA-860D-D908-FAADDBE77491} - (no file)
    O4 - HKLM\..\Run: [ipmon] ipmon.exe

    Close HJT.


    Navigate in Windows Explorer and delete the following files and folders in bold.

    C:\WINDOWS\system32\ipmon.exe

    Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of ghetto_star24 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. ghetto_star24

    ghetto_star24 TS Rookie Topic Starter

    final reports

    i did all the things you said to do in that last post,

    a few things that i encounterd whilst i was doing the last checks, the avg rootkit did not find anything. and when going into safemode to disable and remove the ipmon.exe file, it did not appear.

    here are a copy of my reports, i wasnt sure which were needed so i added various new ones, sorry for the confusion.

    thanks for your help.
     
  7. momok

    momok TS Rookie Posts: 2,265

    Hi,

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Download the attached "Combofix-Do.txt" (from my attachment) and save it to the same folder as Combofix.

    Boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    Go to start > run and type services.msc. Press the enter key.
    Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    gtuncnqj.exe
    ipmon


    After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {B10A6F3D-A8FA-860D-D908-FAADDBE77491} - (no file)
    O4 - HKLM\..\Run: [gtuncnqj.exe] C:\Documents and Settings\All Users.WINDOWS\Application Data\gtuncnqj.exe
    O4 - HKLM\..\Run: [ipmon] ipmon.exe

    Close HJT.

    Drag the Combofix-Do.txt that you downloaded earlier over on to Combofix.exe and release.

    This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job.

    Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post fresh HJT and ComboFix logs from normal mode as well as the resultant Combofix log from the safe mode scan as attachments into this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of ghetto_star24 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. ghetto_star24

    ghetto_star24 TS Rookie Topic Starter

    hi thier,

    thanks for your help so far, i ran services.msc, and found none of them programs running.

    i then did the highjack this, and i found nothing that you suggested i tick in a box.

    i have attached the report as suggested. my system does seem to run fine, and that annoying symbol has gone.

    thanks again.
     
  9. momok

    momok TS Rookie Posts: 2,265

    Hi,

    I'm sorry, but I can't seem to find your logs. Could you post fresh ones (ComboFix, HijackThis and AVG AS) in your reply? Thanks.


    Regards,
    Your friendly momok =)

    This thread is for the use of ghetto_star24 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...