Lots of Spyware, etc.

Status
Not open for further replies.

zoaxanthellae

Posts: 8   +0
I have very noticeable spyware on my computer [pop-ups, etc.] and need to get rid of it.

I downloaded and ran Malwarebytes, and the good news is my desktop and task manager are no longer locked, and the pop-ups seem to have stopped - awesome. But MBAM said it could not remove some threats...enclosed is the log.

Thanks in advance! :D
 
Hey I Welcome to TechSpot my Name is xxdanielxx I will be helping you in getting your computer clean. First open MBAM and click on the Quarantined tab and delete everything there if you have not done so yet.

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 
Thanks for your help :)

I followed all your instructions and came up with this.

[I can't copy and paste it, because it recognizes certain parts of it as links, apparently, and I don't have enough posts for that].
 
Right click Here and select Save As to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop. To run the inf file, right click on it and select Install.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please re-open HiJackThis and scan.**Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [xloadnet] "C:\Program Files\xloadnet\xloadnet.exe"
O4 - HKCU\..\Run: [xloadnet] "C:\Program Files\xloadnet\xloadnet.exe"
O15 - Trusted Zone: *.sxload.net (HKLM)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dmp0\command.exe

Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis.**Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

xloadnet

Please note any other programs that you don't recognize in that list in your next response.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\xloadnet


Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\WINDOWS\dmp0\command.exe

After that, Reboot, and post a new HijackThis log here in a reply
 
we need to delete this item in hijakcthis

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dmp0\command.exe
 
For some reason, HijackThis can't delete that. I tried a couple of times, and each time it asked if I wanted to delete this file, and I selected yes, but a second scan revealed it was still there.
 
yea hijackthis won't remove 023 entries they are running services - daniel you can remove with a batch file or through msconfig - I prefer batch, as no offense, but it removes the opportunity for the user to stop and delete the wrong service
 
i can recommend a 3rd (i think safe) approach to deal with users removing services
  • Start command prompt. Enter services.msc. (i think this interface makes it easier to recognize the correct service)
  • Right click on the service in question and select Properties
  • Change startup type to Disabled
  • Restart your computer
One can safely keep the service around when testing (When a service is Disabled it's impossible to Start it by accident or by anything else cuz it won't even get loaded when XP startups nor can it be loaded while XP is running. But note you must restart your computer first before Disabled takes affect). One can then test that all boots up and runs smoothly, if they choose, before physically deleting the service from their computer
 
We need to get rid of one of the services running on your machine. To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

Code:
@echo off
sc stop command.exe
sc delete command.exe
del service.cmd and exit

Save it to your desktop as File name: service.cmd
Save as type: All Files

Once done, double click service.cmd to run it. A command window will open briefly, then close. This is quite normal.
 
Very good try. this will not delete the file itself :grinthumb . So you still have to find a way to delete this folder c:\windows\<randomcharacters>

We need to get rid of one of the services running on your machine. To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

Code:
@echo off
sc stop cmdService
sc delete cmdService
del service.cmd and exit

Save it to your desktop as File name: service.cmd
Save as type: All Files

Once done, double click service.cmd to run it. A command window will open briefly, then close. This is quite normal.

Afterwards please run a fresh scan with hijackthis and attach here
 
you got it, and if there is a name in (shortname of service) that is what you use, if not then you use the full service name - then after just removed the random folder like normal
 
correct - after the services are stopped and deleted you should be able to delete the folder no problem - as the files will no longer be in use
 
looks good your log looks clean.

Update your Java Runtime Environment

First try going to Start -> Control Panel -> double click Java
Select the Update Tab at the top of the Java console
Click the Check for Updates button at the bottom
If it finds the newer version (Java 6 Update 7) Follow the on screen instructions (uncheck the yahoo toolbar option)
After it installs the newest version Go back to Control Panel -> Add/remove programs (programs and features in vista)
Uninstall any older versions of Java

If for some reason you couldn't update through the above instructions.
Update your Java Runtime Environment
Click the following link
Java Runtime Environment 6 Update 7
The 5th option down is the one you want (click Download)
Check the box to agree to terms of service
Check the box for your operating system and click 'Download selected'at the bottom
After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_07 folder

---------------------------------------------

Uninstall ComboFix

  • Click Start then Run
  • Now Type Combofix /u in the runbox
  • Make sure there's a space between Combofix & /u
  • Then hit Enter

The above procedure will Delete the following:
  • ComboFix & it's associated files & folders.
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide system/hidden files, if required.
  • Set a new, clean Restore Point.

------------------------------------------------------------------

OTCleanit! by Oldtimer

  • Download OTCleanIt
  • Click the CleanUp! button.
    (It will go thorugh the list & remove all of the tools it finds and then delete itself) Requiring a reboot

-------------------------------------

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  4. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  5. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  6. ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  8. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  9. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
xxdanielxx
 
Status
Not open for further replies.
Back