W32.Myzor.FK@yf ?????

Thanks I think its removed?

This is what I did

1. downloaded spysweeper. It found a bunch of stuff and trojans. The fircken free version of spysweeper doesn't allow you to remove them!!!!!!!

2. I used smitFraudfix

3. VundoFix.exe Look2Me-Destroyer.exe did not work. I waited for 5 minuites and the window never came back.



So how do I know if everything is ok with my computer now. What were all these programs I was downloading. Is that smitFraudfix program like Hijackthis?

The SmitFraudfix is what hopefully removed your particular infection.

However, it`s very important, that you follow the rest of the instructions, then post a fresh HJT log.

The reason for this is, there`s a very good chance your system will be infected with secondary infections, in addition to the original one.

Regards Howard

4. I scaned with spysweeper again and it still finds all this adware...

Adware found: zeropopup
Adware found: start4search toolbar
Adware found: ietoolbar
Adware found: searchtoolbar
Adware found: quicklink search toolbar
Adware found: whenu savenow
Trojan Horse found: trojan-downloader-ruin
Adware found: security2k hijacker
Adware found: unspypc


My web browser apears to be back to normal and same with my task bar but spysweeper still finds this stuff.

Ok here is my hijackthis log. I'm using version 1.97.7 I hope thats the newest version

No, that`s an old version. the newest version is 1.99.1.

If you had followed the instructions correctly, you should`ve known that.

Once I have a fresh uptodate HJT log I can help you further.

Make sure you have followed all the instructions exactly.

Regards Howard

Oops sorry Howard. Here is a new version.

I think you`ve forgotten to attach it lol.

Regards Howard

nah I didn't I just forgot to change the extension. I noticed after hitting submit post lol.

You just repond so quickly

Thanks for that

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


Go to add remove programmes in your controil panel and uninstall anything to do with(if there).

Dap

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

StartCpl.exe
SYSTRAV.exe
dmglo.exe
InpriseMon.exe
install2.exe
init32.exe

Close task manager.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [_ctcp] StartCpl.exe
O4 - HKLM\..\Run: [Uint32] SYSTRAV.exe
O4 - HKLM\..\Run: [dmglo.exe] C:\WINDOWS\system32\dmglo.exe
O4 - HKCU\..\Run: [typeconf] InpriseMon.exe
O4 - HKCU\..\Run: [iehelper] init32.exe
O4 - HKCU\..\Run: [TForm1] install2.exe

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136844084140
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
C:\Program Files\DAP\dapextie.htm
StartCpl.exe
SYSTRAV.exe
dmglo.exe
InpriseMon.exe
install2.exe
init32.exe

You will need to search your system for some of the above files.

Reboot into normal mode and turn system restore back on.

Post a fresh HJT log.


Regards Howard

here is my new log. I didn't delete the ones that had to do with the 'define' thing. that comes with microsoft office doesn't it? I find it usefull.

Spysweeper still finds this stuff... Anyway to delete them without having to dish out 30 bucks?

Drives: C: D: E:
Adware found: searchtoolbar
Trojan Horse found: trojan-downloader-ruin
Adware found: security2k hijacker

Let HJT fix these entries.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

F2 - REG:system.ini: UserInit=userinit.exe

Other than that, your HJT log is clean.

If you`re still concerned about the entries Spysweeper says it finds. Go to the instructions in my first reply and use several of the online scanners.

Regards Howard

Thanks for your help. I really apecieate it

I tried 3 of those online scan sites already. One site found adware but wouldn't let me delete them unless i pay.

The ones that find stuff but won`t delete it without payment are often giving false positives.

Have you tried the Ewido scan? Go HERE and follow the instructions.

Regards Howard

well i tried a bunch more of programs and the one you suggested. They all seem to remove different 'threats' this makes me so confused...

A program called Fixwareout got rid of the tool bar and the trojan that spysweeper found but I still can't get rid of 'security2k hijacker'

I really want to get rid of this last thing.

Thanks again for helping me out man.

Please post a fresh HJT log.

Regards Howard

New Log. Thank You.

Your HJT log is clean.

However, I`ve just noticed that you stated earlier, that you had trouble running the vundo and look2me fixes.

I`d like you to try running them again.

Start with the look2me fix HERE. Follow the instructions carefully.

Then, run the vundo fix from HERE. Again, following the instructions carefully.

Let me know the results please.

Regards Howard

I guess I gave up too soon... I had to wait like 5 minutes before the windows would re-open. I think The Look2me-Destroyer found and delete files, not sure.

The vundo program didn't find anything.

Btw what are these programs. Are they just a program the removes a specific spyware and nothing else?



S still have that security2k hijacker! I couldn't find much about it on the web either.

Cyclone_S said:

I guess I gave up too soon... I had to wait like 5 minutes before the windows would re-open. I think The Look2me-Destroyer found and delete files, not sure.

The vundo program didn't find anything.

Btw what are these programs. Are they just a program the removes a specific spyware and nothing else?



S still have that security2k hijacker! I couldn't find much about it on the web either.

Click to expand...

Yes, the vundo and look2me fixes are rather specific.

Please run the Panda active scan from HERE.

When done, post the active scan report and a fresh HJT log.

Regards Howard

Hi, here is the panda log and the HJT log
thanks.

I can find nothing in your HJT log that`s nasty.

However, the active scan report mentions Spyfalcon.

Boot into safe mode and turn off system restore.

Open your task manager and end process for(if there)

sa2E.exe

Close task manager.

Go to the following directory and delete the bold file(if there).

C:\WINDOWS\Temp\sa2E.exe

Boot into normal mode and turn system restore back on.

See if that helps.

Regards Howard

I found and delete the sa2E.exe file. Did a new scan in spysweer and 'security2k hijacker' is still there. Maybe it's nothing to worry about??

Spysweeper give me this info about it. Maybe I should delete this from my registry?

HKLM\software\microsoft\windows\currentversion\explorere\browser helper objecta\


ADWARE Description:

Name:
Security2k Hijacker

Author:


Category:
Adware

Threat Assessment:
Critical




Description:

Security2k Hijacker is a Browser Helper Object that may hijack your homepage to a fake security site.

Characteristics:

Security2k Hijacker is a Browser Helper Object (BHO) that may change your browser settings. A BHO is a file, usually a toolbar, which loads with Internet Explorer. BHOs may route certain domains to false addresses thus hijacking your search.

Method of Infection:

Hijackers generally propagate through the use of seemingly-innocent dialog boxes, various social engineering methods, or through a java scripting error. Usually hijackers are bundled with various, free, software programs.