TechSpot

"System alert pop-up"

By katzmark06
May 15, 2007
  1. There is this file/program thing on my computer and it is 16,000MB, i think its called "system alert pop-up"... Anyways i went into add or remove files and it is there but when i press the delete/change button i get a

    Loading error C:/ blah blah blah
    The specific module could not be found..

    Now i have SS&d and i am running that and I also have Norton( i read i need to reinstall this, really??? Why?? and how.)
    I have been reading other peoples trials with virus and such and i dont know how to post LOGS...Or even what they are or where to find...

    Sorry
     
  2. 02408806

    02408806 TS Rookie

    I'm a noob and i cant help you but to post logs you have to download hijackthis.exe :D
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of katzmark06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  4. katzmark06

    katzmark06 TS Rookie Topic Starter

    where do i find that?


    Also i see there are alot of things i need to download.. I have no room on my computer..NONE this "thing" keeps getting bigger every stinkin day.. And with my computer shutting down every 30 minutes im not sure how i am gonna finish all this...

    If i take it in somewhere will they be able to fix it?

    Sooo if i reformat will i loose everything? I have tons of pictures and important files...Is there a way to protect them?
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    If you have no room on your hard drive, go to add remove programmes in your control panel and uninstall anything you don`t want or use. That should help to free up some space.

    I suggest you backup your important data, just in case you need to reformat. Reformatting would completely wipe your hard drive and all your files.

    Once you`ve done that, follow the instructions and post the requested logfiles.

    If you still have problems following the instructions, go and read this thread HERE and post a HJT log as an attachment into this thread.

    Regards Howard :)

    This thread is for the use of katzmark06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. katzmark06

    katzmark06 TS Rookie Topic Starter

    OK how do i backup data.. Like burn it on a disc.... What if i cant do that? I also have a few programs like Photoshop that i no longer have the disc for, thanks for my 2 yr old, that was fairly expensive...
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, backing up your data to DVD/CD or another hard drive is the way to do it. I`ll try my best to help you to avoid a reformat, but I really need to see your logfiles. At the very least, I need to see a HJT log as per the instructions I gave you.

    The system alert popup thing, isn`t something you should be overly alarmed about and is fairly easy to get rid of.

    Regards Howard :)

    This thread is for the use of katzmark06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. katzmark06

    katzmark06 TS Rookie Topic Starter

    Ok soo would reformat or just clean, which do you think would be easier... My CD burner is kinda crappy too, it works when it wants to.. I really just need to get a new computer i have a CRAPPY inspiron 1000 (dont laugh)..

    Sorry for so many questions, i hope im not a bother..
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Only you can decide if you want to reformat or not. If you use your computer for online banking/credit card use etc, then a reformat maybe the preferred option. If you only use your computer for photo`s/music/gaming etc, then cleaning is possibly the better option.

    All this is fairly academic at the moment, because apart from the system alert popup, which isn`t particularly nasty, I don`t know what else may be lurking on your system.

    I need to see at least a HJT log, otherwise I can`t help you.

    Regards Howard :)

    This thread is for the use of katzmark06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. katzmark06

    katzmark06 TS Rookie Topic Starter

    Ok here is my HJT.. I am fairly sure i have done everthing right so far.. However my COMODO firewall is crazy.. I had to disable it to even get online again.. Is there a way to lessen its power?


    Thank you..
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

    2. Download the attached avengerscript.txt and save it to your desktop

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Viewpoint
    Viewpoint Manager
    Video Access ActiveX Object
    SpyDawn
    SystemDoctor 2006 Free

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ViewMgr.exe
    SpyDawn.exe
    dcmon.exe
    regscan.exe
    isamntr.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimtoday.aol.com/today/aimtoday.adp

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: Shell Doc Object and Control Helper Class - {00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000} - C:\WINDOWS\system32\shdocvs.dll

    O2 - BHO: Shell Event Object Class - {00534B55-3155-CA4F-B41D-0E922121D03C} - C:\WINDOWS\system32\cscentfy.dll

    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

    O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll (file missing)

    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

    O2 - BHO: (no name) - {ea6386c4-dd77-423b-b04d-09d213ad1c28} - C:\WINDOWS\system32\DSAUEST.dll

    O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll (file missing)

    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

    O4 - HKLM\..\Run: [SpyDawn] C:\Program Files\SpyDawn\SpyDawn.exe /h

    O4 - HKLM\..\Run: [dc6_check] C:\Program Files\SystemDoctor 2006 Free\dcmon.exe

    O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe

    O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video Access ActiveX Object\isamntr.exe

    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

    O20 - AppInit_DLLs:

    O20 - Winlogon Notify: DSAUEST - C:\WINDOWS\SYSTEM32\DSAUEST.dll

    O22 - SharedTaskScheduler: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} - C:\WINDOWS\system32\geplxss.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    3. Now, start The Avenger program by double clicking on its icon on your desktop.

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the file you have just downloaded, click on it and press open
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT log.

    Regards Howard :)

    This thread is for the use of katzmark06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. katzmark06

    katzmark06 TS Rookie Topic Starter

    OK i went into the HJT and fixed what you told me to... But when i went into avenger it wouldnt/couldnt do what i wanted. It kept giving me a 1813 error... Im not sure if i was doing the right file though... i did the backup folder.? What wasi suspost todo with the avengerscript attachment?
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, try this from normal mode.

    1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

    2. Download the attached avengerscript.txt and save it to your desktop

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by double clicking on its icon on your desktop.

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the file you have just downloaded, click on it and press open
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT log.

    Regards Howard :)

    This thread is for the use of katzmark06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. katzmark06

    katzmark06 TS Rookie Topic Starter

    ok i think i did it right this time...

    Do i now need to continue on the step (7 i think) i was on?
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is now clean.

    Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {ea6386c4-dd77-423b-b04d-09d213ad1c28} - C:\WINDOWS\system32\DSAUEST.dll (file missing)

    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)

    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (file missing)

    O20 - Winlogon Notify: DSAUEST - DSAUEST.dll (file missing)

    Click on the fix checked button.

    Close HJT and reboot your system.

    Now, go and follow the rest of the steps and post the requested logfiles.

    Regards Howard :)

    This thread is for the use of katzmark06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  16. katzmark06

    katzmark06 TS Rookie Topic Starter

    Smitfraudfix is not working for me.. Any ideas, all i get i s a black window with a blinking underslash..?
     
  17. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, forget SmitFraudfix for now and continue with the rest of the instructions.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :)

    This thread is for the use of katzmark06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...