"System alert pop-up"

[katzmark06]

There is this file/program thing on my computer and it is 16,000MB, i think its called "system alert pop-up"... Anyways i went into add or remove files and it is there but when i press the delete/change button i get a

Loading error C:/ blah blah blah
The specific module could not be found..

Now i have SS&d and i am running that and I also have Norton( i read i need to reinstall this, really??? Why?? and how.)
I have been reading other peoples trials with virus and such and i dont know how to post LOGS...Or even what they are or where to find...

Sorry

 

[02408806]

I'm a noob and i cant help you but to post logs you have to download hijackthis.exe

 

[howard_hopkinso]

Hello and welcome to Techspot.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of katzmark06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[katzmark06]

where do i find that?


Also i see there are alot of things i need to download.. I have no room on my computer..NONE this "thing" keeps getting bigger every stinkin day.. And with my computer shutting down every 30 minutes im not sure how i am gonna finish all this...

If i take it in somewhere will they be able to fix it?

Sooo if i reformat will i loose everything? I have tons of pictures and important files...Is there a way to protect them?

 

[howard_hopkinso]

If you have no room on your hard drive, go to add remove programmes in your control panel and uninstall anything you don`t want or use. That should help to free up some space.

I suggest you backup your important data, just in case you need to reformat. Reformatting would completely wipe your hard drive and all your files.

Once you`ve done that, follow the instructions and post the requested logfiles.

If you still have problems following the instructions, go and read this thread HERE and post a HJT log as an attachment into this thread.

Regards Howard

This thread is for the use of katzmark06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[katzmark06]

OK how do i backup data.. Like burn it on a disc.... What if i cant do that? I also have a few programs like Photoshop that i no longer have the disc for, thanks for my 2 yr old, that was fairly expensive...

 

[howard_hopkinso]

Yes, backing up your data to DVD/CD or another hard drive is the way to do it. I`ll try my best to help you to avoid a reformat, but I really need to see your logfiles. At the very least, I need to see a HJT log as per the instructions I gave you.

The system alert popup thing, isn`t something you should be overly alarmed about and is fairly easy to get rid of.

Regards Howard

This thread is for the use of katzmark06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[katzmark06]

Ok soo would reformat or just clean, which do you think would be easier... My CD burner is kinda crappy too, it works when it wants to.. I really just need to get a new computer i have a CRAPPY inspiron 1000 (dont laugh)..

Sorry for so many questions, i hope im not a bother..

 

[howard_hopkinso]

Only you can decide if you want to reformat or not. If you use your computer for online banking/credit card use etc, then a reformat maybe the preferred option. If you only use your computer for photo`s/music/gaming etc, then cleaning is possibly the better option.

All this is fairly academic at the moment, because apart from the system alert popup, which isn`t particularly nasty, I don`t know what else may be lurking on your system.

I need to see at least a HJT log, otherwise I can`t help you.

Regards Howard

This thread is for the use of katzmark06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[katzmark06]

Ok here is my HJT.. I am fairly sure i have done everthing right so far.. However my COMODO firewall is crazy.. I had to disable it to even get online again.. Is there a way to lessen its power?


Thank you..

 

[howard_hopkinso]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Viewpoint
Viewpoint Manager
Video Access ActiveX Object
SpyDawn
SystemDoctor 2006 Free

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ViewMgr.exe
SpyDawn.exe
dcmon.exe
regscan.exe
isamntr.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimtoday.aol.com/today/aimtoday.adp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Shell Doc Object and Control Helper Class - {00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000} - C:\WINDOWS\system32\shdocvs.dll

O2 - BHO: Shell Event Object Class - {00534B55-3155-CA4F-B41D-0E922121D03C} - C:\WINDOWS\system32\cscentfy.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll (file missing)

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O2 - BHO: (no name) - {ea6386c4-dd77-423b-b04d-09d213ad1c28} - C:\WINDOWS\system32\DSAUEST.dll

O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll (file missing)

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O4 - HKLM\..\Run: [SpyDawn] C:\Program Files\SpyDawn\SpyDawn.exe /h

O4 - HKLM\..\Run: [dc6_check] C:\Program Files\SystemDoctor 2006 Free\dcmon.exe

O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe

O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video Access ActiveX Object\isamntr.exe

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O20 - AppInit_DLLs:

O20 - Winlogon Notify: DSAUEST - C:\WINDOWS\SYSTEM32\DSAUEST.dll

O22 - SharedTaskScheduler: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} - C:\WINDOWS\system32\geplxss.dll (file missing)

Click on the fix checked button.

Close HJT.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT log.

Regards Howard

This thread is for the use of katzmark06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[katzmark06]

OK i went into the HJT and fixed what you told me to... But when i went into avenger it wouldnt/couldnt do what i wanted. It kept giving me a 1813 error... Im not sure if i was doing the right file though... i did the backup folder.? What wasi suspost todo with the avengerscript attachment?

 

[howard_hopkinso]

Ok, try this from normal mode.

1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT log.

Regards Howard

This thread is for the use of katzmark06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[katzmark06]

ok i think i did it right this time...

Do i now need to continue on the step (7 i think) i was on?

 

[howard_hopkinso]

Your HJT log is now clean.

Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {ea6386c4-dd77-423b-b04d-09d213ad1c28} - C:\WINDOWS\system32\DSAUEST.dll (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (file missing)

O20 - Winlogon Notify: DSAUEST - DSAUEST.dll (file missing)

Click on the fix checked button.

Close HJT and reboot your system.

Now, go and follow the rest of the steps and post the requested logfiles.

Regards Howard

This thread is for the use of katzmark06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[katzmark06]

Smitfraudfix is not working for me.. Any ideas, all i get i s a black window with a blinking underslash..?

 

[howard_hopkinso]

Ok, forget SmitFraudfix for now and continue with the rest of the instructions.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard

This thread is for the use of katzmark06 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.