TechSpot

System Alert! Spyware problem

By neph
Nov 26, 2007
  1. Hi.. i'm new here i think my computer is infected, there's a balloon type pop-up that shows in the system tray. and i get pop-ups every 2-3 mins. it says "system alert! System has detected a number of spyware..." i nid help on this i can't remove it form my computer..

    i have attached a HighjackThis Log
     
  2. Daveskater

    Daveskater Banned Posts: 1,687

    Please read this thread If your system is infected, read this before deciding whether to Clean or Format.

    If you decide to clean your system, follow these instructions Virus/Spyware/Malware, preliminary removal instructions and post fresh logs as well as the result of the Panda Antirootkit scan.

    I can see some pretty nasty malware in your HJT log, namely "My Web Search" in all its nasty forms.

    Before following the Virus/Spyware/Malware, preliminary removal instructions (should you choose to), follow these instructions:

    Have HJT fix the following entries:

    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

    O1 - Hosts: 87.117.202.117 nprotect.roseonlinegame.com

    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

    O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCYYYYYYYYPH

    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)

    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab

    O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab

    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe


    Now go to Control Panel > Add/Remove Programs and uninstall any programs related to this, if any are there:

    My Web Search


    Then go to My Computer > C:\ > Program Files and delete this folder if it is there:

    MyWebSearch


    Then go to C:\WINDOWS\system32\ and delete this file if it is there:

    npkcsvc.exe
     
  3. neph

    neph TS Rookie Topic Starter

    the thread to the instructions is gone..
     
  4. Daveskater

    Daveskater Banned Posts: 1,687

    oh yeah, this is certainly a bad thing :dead:

    i'll look around and see if it's moved or got a new thread number
     
  5. neph

    neph TS Rookie Topic Starter

    hello sir, panda antirootkit didn't find any rootkits.. here are the log files you need.
     
  6. evilfantasy

    evilfantasy Banned Posts: 428

    Do you have Avast installed on the computer?


    EDIT: The logs actually look fine, are you still having any problems?
     
  7. neph

    neph TS Rookie Topic Starter

    i had Avast installed recently, but i removed it and installed AntiVir instead.. ^^ i don't have any problems anymore, thanks for all the help sir Daveskater and evilfantasy.. this forum really helped me a lot, thank you all very much! =)
     
  8. evilfantasy

    evilfantasy Banned Posts: 428

    Thanks for letting us know.

    You will want to perform this step to uninstall combofix and let it clean up behind itself.

    Go to Start > Run and copy and paste next command in the field:

    ComboFix /u

    [​IMG]

    Make sure there's a space between Combofix and /
    Then hit Enter.

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again

    Safe surfing........
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...