Spyware threat has been detected on your PC found, but not sure if removed

By zooner43
Apr 14, 2008
Topic Status:
Not open for further replies.
  1. I had the same problem as some of the other people in this forum where my desktop background was blue with the words "Warning:Spyware threat has been detected on your PC" written.
    I looked at your Viruses/Spyware/Malware, preliminary removal instructions guide and I did everything in order (hopefully). The background spyware images are gone but I just wanted to make sure that there arent any other problems lingering so I attached my LOGS that you asked for.
    There was nothing found on the Panda Antirootkit programme.
    Thanks in advance
  2. jimjams

    jimjams Newcomer, in training Posts: 43

    Why was the three things in Report-Scan 'no action taken'?
  3. kritius

    kritius TechSpot Guru Posts: 2,087

    Doesnt matter, theyre in system restore.
  4. jimjams

    jimjams Newcomer, in training Posts: 43

    I think they do

    cause thats why when you are dis-infecting a system they ask you to de-activate system restore...
  5. kritius

    kritius TechSpot Guru Posts: 2,087

    You shouldnt do that, at the minute those things cant hurt you until you use that restore point, the only time you disable system restore when doing a fix is when the computer is clean and you want to give it a clean restore point.

    Fix entries using HiJackThis
    • Launch HiJackThis
    • Click the Do a system scan only button
    • Put a check next to the entries listed below
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
    O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll (file missing)
    O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)

    • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
    • Click the Fix checked button and close HiJackThis
    • Reboot HijackThis if necessary

    Reboot into safe mode.

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this file (if present):

    C:\WINDOWS\system32\wmsdkns.exe,

    After that, Reboot, and post a new HijackThis log here in a reply as well as describing how your computer is running at the minute.
  6. zooner43

    zooner43 Newcomer, in training Topic Starter

    newest log

    Hey guys,
    I appreciate the replies, Here is the newest Hijackthis log. I couldnt find the C:\WINDOWS\system32\wmsdkns.exe file by the way. My computer seems to be running fine so far.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.