Darksma spyware removal
- Thread starter dlee337
- Start date
- Status
xxdanielxx
Posts: 1,069 +0
PokerStarsUpdate.exe is not an infection I believe it can easily get infected if you do not use it remove it using hijackthis with the entry below
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
================================
Uninstall ComboFix
The above procedure will Delete the following:
------------------------------------------------------------------
OTCleanit! by Oldtimer
=======================================
Now we need to create a new System Restore point.
Click Start Menu > Run > type (or copy and paste)
%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.
Next goto Start Menu > Run > type
cleanmgr
Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.
To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.
=================================
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
================================
Uninstall ComboFix
- Click Start then Run
- Now Type Combofix /u in the runbox
- Make sure there's a space between Combofix & /u
- Then hit Enter
The above procedure will Delete the following:
- ComboFix & it's associated files & folders.
- Reset the clock settings.
- Hide file extensions, if required.
- Hide system/hidden files, if required.
- Set a new, clean Restore Point.
------------------------------------------------------------------
OTCleanit! by Oldtimer
- Download OTCleanIt
- Click the CleanUp! button.
(It will go thorugh the list & remove all of the tools it finds and then delete itself) Requiring a reboot
=======================================
Now we need to create a new System Restore point.
Click Start Menu > Run > type (or copy and paste)
%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.
Next goto Start Menu > Run > type
cleanmgr
Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.
To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.
=================================
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
- Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
- AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
- SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
- SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
- IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
- ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
- Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
- Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
- Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
Thanks for all your help. one last question. when I ran my anti spam today I had a banbot spyware found again. it says its a trojan. do you think it is coming off of some site I go to or is it still hiding in my computer somewhere? I had it several days ago.but not in the last couple of days until today.
I use pokerstars atleast once a week. I don't know what kim means about the REIS. I reset it like she said.
I use pokerstars atleast once a week. I don't know what kim means about the REIS. I reset it like she said.
xxdanielxx
Posts: 1,069 +0
REIS is just reseting internet explorer to default run dss from below and attach the results.
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
- Close all other windows before proceeding.
- Double-click on dss.exe and follow the prompts.
- When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
xxdanielxx
Posts: 1,069 +0
right click on hijackthis and look at the location it is installed go to that location and rename hijackthis to bobo then copy and past a shortcut to your desktop then run and post a fresh hijackthis log
Blind Dragon
Posts: 3,774 +4
Hi dlee337,
DSS renames Hijackthis anyways - but the problem doesn't show in the Hijackthis portion anyways.
Run HJT and click on Open the Misc Tools section.
* Click the Open ADS Spy... button.
* Uncheck "Quick scan (Windows base folder only)"
* Click the Scan button to the left of the Save log... button.
* When the scan has completed, click the Save log... button.
* When the "Save ADS Spy log..." window open, click the Save button.
* The log will be displayed in a Notepad window and when you close it, it will be saved by default to your Desktop.
* Copy and paste the contents of the file adsspy.txt into your next reply.
DSS renames Hijackthis anyways - but the problem doesn't show in the Hijackthis portion anyways.
Run HJT and click on Open the Misc Tools section.
* Click the Open ADS Spy... button.
* Uncheck "Quick scan (Windows base folder only)"
* Click the Scan button to the left of the Save log... button.
* When the scan has completed, click the Save log... button.
* When the "Save ADS Spy log..." window open, click the Save button.
* The log will be displayed in a Notepad window and when you close it, it will be saved by default to your Desktop.
* Copy and paste the contents of the file adsspy.txt into your next reply.
Blind Dragon
Posts: 3,774 +4
I am not seeing anything left - does it still detect the file every time your restart?
xxdanielxx
Posts: 1,069 +0
Anytime 
- Status
