Popups

[frazer]

hi all
i have scanned my pc with rootkit, avgas, smitfraud,vundofix and vbg, but still my IE is getting popunders asking to buy games consoles and phones etc. it also seems to slows up the operation of my pc too. i have installed FF but none appear there which is good so the problem is with msIE.
attached is a log from hjt.

i suspect that this may be the culprit O4 - HKLM\..\Run: [zmgjhijl] c:\windows\system32\zmgjhijl.exe zmgjhijl but i cant find any info on it.

your help would be appreciated:grinthumb

 

[tomrca]

i searched for this file too and found nothing. probably howard or momok will know something on it
it probably be best if you scan again with the programmes you already have used and post the logs from them too

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your system is infected with malware and you`re running an outdated version of HJT and from the wrong location.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of frazer only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[uero12]

XoftSpy. Works well.

 

[howard_hopkinso]

Hello and welcome to Techspot.

To be quite honest. I don`t think Xoftspy is very good. It seems to suffer from an inordinate amount of false positives and isn`t that good at killing malware.

Taken from HERE.

Note on XoftSpy: XoftSpy was listed on this page because of concerns with false positives (1, 2, 3, 4), questionable license terms, and the use of aggressive, deceptive advertising (1, 2), including exploitation of the name "spybot" by affiliates. Earlier versions of XoftSpy were also Ad-aware knockoffs. (There was clone of XoftSpy named SpyBurn, but that application is no longer available.)

Over the past few months, XoftSpy has taken aggressive steps to reign in its affiliates (who were primarily responsible for the unsavory advertising), revised its license text, and released a new version of XoftSpy (version 4.0) that addresses our concerns with false positves. Given these changes we can no longer regard XoftSpy as "rogue/suspect" anti-spyware.

Domains: paretologic.com

(Note: other domains associated with XoftSpy include: adware-destroyer.com, adware-elimination.com, adwarekillers.com, adware-real-free-scan.com, adwares.net, anti-adware.net, antispywares.com, deletespyware.net, nomorespyware.net, removespyware.net, softspy.net, softwho.com, spywarebest.com, spyware-detection.net, spywareprof.com, spywarepurge.com, spywarerem.com, spywareremoval.net) [A: 6-26-04 / U: 12-7-04]

Even though Xoftspy has now been unlisted from the rogue programmes list, I still feel, there are far better programmes out there.

Regards Howard :wave: :wave:

This thread is for the use of frazer only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[uero12]

Xoftspy

I guess it's time to move on. Xoftspy has worked in the past for me many of times. I have noticed in a few circumstances where new adware/spyware that is more aggressive Xoftspy has not always worked. Thansk for the heads up.

On another note
I know I know this question has been asked numerous of times and yes its the Dell Master Password question. Is anyone responding to this post? I only ask becasue I'm a technician for a school district in CA. We normally dont support Dell we're primarly HP systems. Well one of our students changed the bios password and I need help. I see this happening more often than wanted. Could you help or should I just wait to hear from someone else?

Thanks

 

[howard_hopkinso]

There`s only a couple of guys that can help with the Dell Password Issue. It really is a case of waiting for their help.

Regards Howard

This thread is for the use of frazer only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[frazer]

hi howard, done all the scans including nanoscan. panda antirootkit=0 and nonoscan=0.
attatched are the logs. thank you:grinthumb

 

[howard_hopkinso]

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Spyware-Secure

Close control panel.

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:

File::
C:\WINDOWS\system32\sfsync02.dll
C:\WINDOWS\UPSCR.Scr
C:\WINDOWS\iun6002.exe
C:\DOCUME~1\tom\APPLIC~1\wklnhst.dat
C:\WINDOWS\system32\eqpqylp.exe
C:\ScanSectorLog.dat

Folder::
C:\VundoFix Backups
C:\Program Files\Spyware-Secure

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware-Secure]

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

Regards Howard

This thread is for the use of frazer only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.