TechSpot

Spyware threat has been detected on your PC found, but not sure if removed

By zooner43
Apr 14, 2008
  1. I had the same problem as some of the other people in this forum where my desktop background was blue with the words "Warning:Spyware threat has been detected on your PC" written.
    I looked at your Viruses/Spyware/Malware, preliminary removal instructions guide and I did everything in order (hopefully). The background spyware images are gone but I just wanted to make sure that there arent any other problems lingering so I attached my LOGS that you asked for.
    There was nothing found on the Panda Antirootkit programme.
    Thanks in advance
     
  2. jimjams

    jimjams TS Rookie Posts: 39

    Why was the three things in Report-Scan 'no action taken'?
     
  3. kritius

    kritius TS Guru Posts: 2,084

    Doesnt matter, theyre in system restore.
     
  4. jimjams

    jimjams TS Rookie Posts: 39

    I think they do

    cause thats why when you are dis-infecting a system they ask you to de-activate system restore...
     
  5. kritius

    kritius TS Guru Posts: 2,084

    You shouldnt do that, at the minute those things cant hurt you until you use that restore point, the only time you disable system restore when doing a fix is when the computer is clean and you want to give it a clean restore point.

    Fix entries using HiJackThis
    • Launch HiJackThis
    • Click the Do a system scan only button
    • Put a check next to the entries listed below
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
    O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll (file missing)
    O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)

    • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
    • Click the Fix checked button and close HiJackThis
    • Reboot HijackThis if necessary

    Reboot into safe mode.

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this file (if present):

    C:\WINDOWS\system32\wmsdkns.exe,

    After that, Reboot, and post a new HijackThis log here in a reply as well as describing how your computer is running at the minute.
     
  6. zooner43

    zooner43 TS Rookie Topic Starter

    newest log

    Hey guys,
    I appreciate the replies, Here is the newest Hijackthis log. I couldnt find the C:\WINDOWS\system32\wmsdkns.exe file by the way. My computer seems to be running fine so far.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...