Malware problems

[michael.oleary]

Hey lads, I was hoping you could help me with this. I'm having huge problems with spy/ad-ware. I've run Adware se from lavasoft and spybot search and destroy several times. I have cleaned it of viruses and updated definitions. And also applied security patches sp4 to a win 2k box. Still popup occur and I believe it is down to the VX2 exploit here is my hijack log. I would greatly appreciate any help possible. I have run the add on for vx2 in adaware also to no avail.

Regards
Michael

 

[Rick]

I am pretty sure VX2 can be removed by using www.spysweeper.com which is an excellent spyware scanner, albiet not totally free.

http://www.webroot.com/products/spysweeper/?WRSID=100ea87a31ad0fb263b58835c917bd76

Your first update is free though, so here's what I'd do. Get online, download it, make sure you are still online when you install it and get the free, one-time update when it prompts you.

Restart the computer into safe mode (tap the F8 key the instance before the Windows logo appears while booting up) and run Spysweeper. It will take a long time to scan.. Maybe over a half hour if you have lots of files. But it should remove your VX2 problem.

Running ad-ware with the VX2 plugin may also work under safe mode, where it has failed in normal mode. But you'll have to try it and see.

 

[michael.oleary]

Spysweeper worked a charm. Cheers for that Rick. I might consider buying it although it hasn't gotten rid of everything. I still get pop, anyone have any idea?

This is why I tell people to use firefox.

 

[RealBlackStuff]

Based on your HJT-log from the previous post:
Update your HJT program, install it in a permanent directory, e.g. \program files\hjt

Boot in Safe mode and let HJT 'fix':
C:\WINNT\system32\internat.exe
C:\Documents and Settings\User01\Application Data\trdb.exe
C:\WINNT\System32\r?ndll.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKCU\..\Run: [internat.exe] internat.exe
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FE05DC1-F146-4296-9F47-690DF2CE7436}: NameServer = 212.87.64.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6CE4278-2E71-4EC6-91ED-19DCCCA57853}: NameServer = 192.168.0.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{5FE05DC1-F146-4296-9F47-690DF2CE7436}: NameServer = 212.87.64.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{5FE05DC1-F146-4296-9F47-690DF2CE7436}: NameServer = 212.87.64.10

When done, delete the bold files.

If r?ndll.exe plays up, d/l and run Delete FXP Files from www.jrtwine.com/Products/DelFXPFiles/

Post a new hjt-log if you still have probs

 

[Kamic]

Try downloading Microsoft anti spy software, you can find it on their website. I used it at home and work and it's amazing what it finds that Spybot and Ad-Aware don't find. Good luck