TechSpot

spyware on the system

By es84
Aug 3, 2006
  1. HI .
    i had some 150 or so infections on the system, ran antivirus and then cleand most of them , windows need to be repaired once as cant open regristry or cmd without using , cmd.exe
    the issue is that evertything is back to normal , but i am still getting popups , ran norton and spy sweeper and lava soft ,ad ware removal , they dont detect nay thing,
    I am pastin my hjt log, please some one look at it and let me know if they see any thing wrong in it , i think it is clean , but not really an expert with hjt
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    It looks like you have the loo2me infection.

    Go HERE and follow the instructions for using the Look2me destroyer tool.

    Then, go and read this thread HERE. Post a fresh HJT log as a .txt attachment, only after doing the above.

    I have moved your thread to the correct forum.

    Regards Howard :)

    This thread is for the use of es84 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. es84

    es84 TS Rookie Topic Starter Posts: 48

    :D

    hello Mr hopkins
    the popups are gone , task manger shows cpu usage down , finally
    only 1 question , how did u determine what spyware was on the system , i was having trouble deleting hrp8057ue.dll . but the other 4 files that l2me removal deleted , i did nt know what they were ,
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The reason I knew you had the look2me infection was quite simply because I`ve seen it many times before.

    Your HJT log is clean.

    Have HJT fix this entry Only if it doesn`t belong to your ISP. If you fix this and it does belong to your ISP, your internet won`t work.

    Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O17 - HKLM\System\CCS\Services\Tcpip\..\{635F6916-003F-49D7-9201-5216BBFC5978}: NameServer = 218.248.255.145 61.1.96.69

    Click on the fix checked button and close HJT.

    You are not running any antivirus or firewall software. This is a hugh security risk.

    You should install the free AVG antivirus programme and either the free Zonealarm or free Kerio firewall programmes. You can get them HERE, HERE and HERE.

    Install the firewall first, followed by AVG. Reboot your system and run the AVG updates.

    Boot into safe mode, under your normal user name. See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Run a full system sacn with AVG and delete whatever it finds.

    Reboot into normal mode and turn system restore back on.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...