"Windows Has Detected Spyware Infection."

By Rizz
Aug 15, 2007
Topic Status:
Not open for further replies.
  1. My computer keeps displaying this popup from a red circle with a cross in the middle at the bottom of my screen. I know this is malware as there has been a previous thread about this, however, all the links that have been posted as replies are either expired or no longer exist and so i have no means of getting rid of this. If someone could please post me a solution?? Also, can you be sure to explain clearly and simply what i must do as i am not very familiar with "computer language" and i am relatively new to computers. Once again, thank you.
  2. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Hello and welcome to Techspot.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of Rizz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. Rizz

    Rizz Newcomer, in training Topic Starter Posts: 32

    I haven't fully completed the steps above. I'm perhaps halfway through but now the popup has dissapeared.Would you advise me to continue the whole process? Also, zonealarm is informing me that a "DDC" is trying to acces the internet. I have never heard nor seen this program before so i denied access, was i wreong in doing this? Also, i have always been asked that "mim" is trying to acces the internet. I do not know what this is for but it is running on the taskbar's processes tabs whether or not i allow it. Does anyone have any advice for me? Once again, thank you to all whole contribute to this forum.
  4. Cinders

    Cinders TechSpot Chancellor Posts: 1,313   +12

    DDC.exe is naughty malware and mim.exe is from MusicMatch Jukebox. Complete the process just to be sure.
  5. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Yes, you should complete the instructions and post the requested logfiles.

    Regards Howard :)

    This thread is for the use of Rizz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  6. Rizz

    Rizz Newcomer, in training Topic Starter Posts: 32

    OK.I will finish the instructions =D
  7. Rizz

    Rizz Newcomer, in training Topic Starter Posts: 32

    i cant upload the logs, so i just pasted them. Also, i noted that although the spyware appears to have dissapered my pc is running extermely slow now. There are quite a few processes running when i looked at the taskmanager and also some of the normal programs i used used quite a lot of the performance.for example, firefox used maybe around 68,000. could anyuone help me? shall i type the list of running procceses so that someone could identify the spyware/malware???

    Hijackthis:

    i cant attach my combofix log =( ALso, i beleive i followed the avg instructions properly, i don't know why it says no action taken

    heres the avg:---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 02:38:33 31/08/2007

    + Scan result:



    :mozilla.33:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\al0ptrvu.default\cookies.txt -> TrackingCookie.Paypal : No action taken.


    ::Report end
  8. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Boiler_Breakers

    Close control panel.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    AVG Anti-Spyware Guard

    Close the services window.


    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R3 - URLSearchHook: Boiler Breakers Toolbar - {14d9b873-6995-4a57-a78c-fc8cdbec1a47} - C:\Program Files\Boiler_Breakers\tbBoil.dll

    O2 - BHO: Boiler Breakers Toolbar - {14d9b873-6995-4a57-a78c-fc8cdbec1a47} - C:\Program Files\Boiler_Breakers\tbBoil.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)

    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

    O3 - Toolbar: Boiler Breakers Toolbar - {14d9b873-6995-4a57-a78c-fc8cdbec1a47} - C:\Program Files\Boiler_Breakers\tbBoil.dll

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)

    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\Boiler_Breakers<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log as an Attachment. Also, please try and provide a Combofix log.

    Regards Howard :)

    This thread is for the use of Rizz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  9. Rizz

    Rizz Newcomer, in training Topic Starter Posts: 32

    Here is the combo fix log

    Here is the new hijack this log
  10. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

    2. Download the attached avengerscript.txt and save it to your desktop

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by double clicking on its icon on your desktop.

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the file you have just downloaded, click on it and press open
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh Combofix log.

    Regards Howard :)

    This thread is for the use of Rizz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  11. Rizz

    Rizz Newcomer, in training Topic Starter Posts: 32

    Here are the attachments requested, once again thanks for all your help.
     
  12. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Everything looks fine there.

    Unless you`re still having problems, you should be good to go.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Rizz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  13. Rizz

    Rizz Newcomer, in training Topic Starter Posts: 32

    ok thanks for your help, one thing i have noticed however, is that my computer has suddently bacome slower than it used to be, loading a new page using mozzila firefox will suddently raise the cpu usage to 100% even when im only using just one program. do you know what happened??Also, would you advise me to keeep all the programs that you asked me install, on my copmuter(that is :Spybot, AVG, C cleaner, adaware and avenger) and how often would you recomend i scan with an antispyware, antivirus program?
  14. NFSFAN

    NFSFAN Newcomer, in training Posts: 340

    keep all the programs except adaware and avenger.

    if you want a good and and small but powerful antivirus PM me. And yes it is legal.
  15. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Yes, keep all programmes except Vundofix, Combofix, Avenger, SmitFraudfix.

    Go and read this thread HERE for speeding up your system.

    Also, run the Ccleaner programme as per stpe9 of the instructions HERE.

    Regards Howard :)

    This thread is for the use of Rizz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  16. Rizz

    Rizz Newcomer, in training Topic Starter Posts: 32

    I have completed the instructions on making your pc faster. However, zonealarm displays a message everytime i log on, it says that it has detected a new network and has addded it. This message comes up EVERY time i log on. Also, in the task manager i noticed that firefox uses around 50,000 k of memory usage along with 'svchost.exe' 'explorer.exe' and 'vsmon.exe' which use around 10-20k. is this normal?
    I also noticed that upon opening a new webpage or evening just starting firefox, cpu usage will shoot from less than 10% all the way to 100%, this happens even whem im just using one program. This surely can't be right as i remember my pc being much faster than this.Anyone have any advice? Thanks in advance
  17. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Firefox has been known to cause memory leaks. I`ve had the same problem myself from time to time.

    Uninstall and reinstall Firefox, making sure you have the latest version. I also recommend uninstalling and reinstalling Zonealarm.

    See if that helps, if not, post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of Rizz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  18. Rizz

    Rizz Newcomer, in training Topic Starter Posts: 32

    Ok..reinstalled firefox and zonealarm..im attaching a hjt file just in case, then ill reboot.

    Sorry, but i have another problem =D i use a wireless broadband router as my sister has a laptop. The model is a linksys WRT54G. I noticed that sometimes the router would 'reboot' and then a popup would display saying 'a local area connection was lost' this happens at random times, do you know anything about this?? is there a way that i can protect my wireless from outsiders?? thanks again
     
  19. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Everthing looks ok there mate.

    For your router problems, I suggest opening a new thread in our Storage and Networking forum. You might also want to take a look at this thread HERE.

    The router problem is probably the cause of Zonealarm finding new networks.

    Regards Howard :)
  20. Rizz

    Rizz Newcomer, in training Topic Starter Posts: 32

    ^thanks for all your help. now im determined to find a pc problem you CAN'T fix
  21. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Lol, I`m sure you`ll find quite a few I can`t fix.

    Regards Howard :)

    This thread is for the use of Rizz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.