TechSpot

Spyware PLZ HELP!

By Jejd
Jul 19, 2006
  1. Attached Files:

  2. N3051M

    N3051M TS Evangelist Posts: 2,115

    What symptoms are you currently experiencing? -browser stuck on a homepage, slow response etc.. Have you gone through this instructions yet?

    Follow these instructions BEFORE posting your HJT log. - TechSpot OpenBoards

    Nothing major in the log. Just fix these:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:

    Also, i've noticed you haven't updated Internet Explorer. The most recent version is IE6. Update that, and you should be all set. Alternate and more secure web browser (after you've updated IE) is Firefox.

    You should maybe consider getting a firewall as well, something like Zonealarm or Sunbelt Keiro (unless you have other firewall options apart from windows)
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.


    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html


    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Spyware Nuker

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    swnxt.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:

    O1 - Hosts: 199.202.83.162 ZENWSIMPORT

    O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h

    O14 - IERESET.INF: START_PAGE_URL=http://www.intranet.muhc.mcgill.ca/<Only fix this entry, if it doesn`t belong to your pc manufacturer or your ISP.

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = muhc.mcgill.ca
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = muhc.mcgill.ca
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = muhc.mcgill.ca

    Only fix the above 017 entries, if they don`t belong to your ISP.

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\Spyware Nuker

    Reboot into normal mode and turn system restore back on.


    Regards Howard :wave: :wave:
     
  4. N3051M

    N3051M TS Evangelist Posts: 2,115

    hey howard, you got some info about spyware nuker? i assumed it was his spyware scanner since there was somewhat mixed results from my bit of googleing...
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I`m not surprised you found mixed results for Spyware Nuker.

    Spyware Nuker is of dubious repute and shouldn`t be trusted. Hence that`s why I advised getting rid of it.

    People would be far better off sticking to the tried and trusted antispyware apps.

    Regards Howard :)
     
  6. Jejd

    Jejd TS Rookie Topic Starter

    No Dice!

    Thanks for taking the time to reply to my post and with such speed!
    Unfortunately your suggestions have not prevented my browser from opening to the same http://www.sysprotectionpage.net/ page.
    Before that page loads though, the address bar reads "res://C:\WINNT\system32\shdoclc.dll/navcancl.htm"
    Does that have anything to do with it?

    Thanks again for your help,
    J
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I have just rechecked your HJT log and can find nothing other than the entries I advised you to fix.

    Maybe it`s time you went and followed the instructions HERE.

    Please let us know how you get on.

    Regards Howard :)
     
  8. Jejd

    Jejd TS Rookie Topic Starter

    Instructions Followed

    Right,
    thanks again for your help. I've followed the instructions here http://www.techspot.com/vb/topic19133.html. My webpage is no longer stuck but i believe there may be remnants of the adware still on my computer. I've redone the HJT scan and attached the log. Let me know what you think.

    Thanks so much,
    J
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    If these entries don`t belong to your ISP, they should be fixed. Otherwise your HJT log is clean.

    O14 - IERESET.INF: START_PAGE_URL=http://www.intranet.muhc.mcgill.ca/

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = muhc.mcgill.ca
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = muhc.mcgill.ca
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = muhc.mcgill.ca

    Regards Howard :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...