annoying spyware message

grazhopper · 03-07-2007, 09:39 PM

recently Ive been recieving this annoying spyware message at the bottom right end of my screen, that says
"System has detected a number of active spyware that may impact the performance of your computer..."
When I click the message balloon, it brings me to a website with some bullshit spyware thing. Is this message for real. If not, how can i get it off of my taskbar

Laptop · 03-07-2007, 10:15 PM

Try all the anti software u got. If you have mcfee, norton or zone alabs, do a few scanning.

If u u think the message is still coming up try to install ad-adware SE personal and AVG anti-spyware. You could download both from google for free. I think you are affected by a virus. You need to take immediate action if my suggestion wont give any effect. I didnt take any action when I have this message came up and I ended up rebooting my PC and I had to pay £30($60 - i think).

Impulse666 · 03-07-2007, 11:08 PM

start -> run -> msconfig -> Startup tab -> disable all

then reboot and see if it goes away. if it does its just simple spyware so do a scan with ad-aware (free - google it).

if not its likely a virus so backup your files no matter what, and you can chose to ride it out (BACKUP FILES DAILY) or reinstall windows after backing up your data.

grazhopper · 03-07-2007, 11:08 PM

yes I have SE sersonal and AVG and a few more that I've run and they have picked up pretty much everything else, but for some reason not this

Impulse666 · 03-07-2007, 11:12 PM

Quote:

Originally Posted by Impulse666

start -> run -> msconfig -> Startup tab -> disable all

qft

grazhopper · 03-08-2007, 11:07 PM

I realized the best way to describe my problem would be to post a Hijack this log, so here it is, help is really appreciated...

Logfile of HijackThis v1.99.1
Scan saved at 5:07:26 PM, on 3/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Video Access ActiveX Object\isamntr.exe
C:\Program Files\Video Access ActiveX Object\isamini.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Video Access ActiveX Object\isamini.exe
C:\Program Files\Creative\MediaSource\CTCMS.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Hijackthis\Show.exe.exe

AudiPlayer · 03-09-2007, 01:34 AM

One reason is AIM< they send out a lot of ad's ect. I see you are using their high speed internet.... since you use that im sure you notice their pop ups on their main page.

Try doing a house call for viruses, ect.

http://www.housecall65.trendmicro.com

**Buzz1927** · 03-10-2007, 05:52 AM

Download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

grazhopper · 03-11-2007, 07:34 PM

SmitFraudFix v2.117

Scan done at 14:34:51.57, Sun 03/11/2007
Run from C:\Documents and Settings\Michael\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Michael

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Michael\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Michael\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"

[HKEY_CLASSES_ROOT\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}\InProcServer32]
@="C:\WINDOWS\system32\geplxss.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{aed6f6a 3-183c-488d-9f90-23db99f56e7f}\InProcServer32]
@="C:\WINDOWS\system32\geplxss.dll"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

**Buzz1927** · 03-12-2007, 06:52 AM

Have you run any scans since postint the Hijackthis log? There were entries in there that should have appeared in the Smitfraudfix log.

Anyhow,

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

03-07-2007, 09:39 PM	#1 (permalink)
grazhopper Silver Member Join Date: Nov 2005 Age: 18 Posts: 219	annoying spyware message recently Ive been recieving this annoying spyware message at the bottom right end of my screen, that says "System has detected a number of active spyware that may impact the performance of your computer..." When I click the message balloon, it brings me to a website with some bullshit spyware thing. Is this message for real. If not, how can i get it off of my taskbar __________________ Le Rig... Mobo: ASUS A8N-SLI Deluxe Vid card: eVGA 7800GTX 256MB Sound card:Creative Sound Blaster 2zs Case: Aspire X-cruise HD: Western Digital 3.0GB/s 250GB 7200RPM RAM: OCZ Gold Series 1GB(2x512MB) CPU:AMD Athlon 64 3700+ San Diego PSU:Antec Truepower 550W Headphones: Sennheiser PC150 Keyboard/ Mouse: G15/ Razer Diamondback Monitor:Dell UltraSharp 1907FP 19"

03-07-2007, 11:08 PM	#4 (permalink)
grazhopper Silver Member Join Date: Nov 2005 Age: 18 Posts: 219	yes I have SE sersonal and AVG and a few more that I've run and they have picked up pretty much everything else, but for some reason not this __________________ Le Rig... Mobo: ASUS A8N-SLI Deluxe Vid card: eVGA 7800GTX 256MB Sound card:Creative Sound Blaster 2zs Case: Aspire X-cruise HD: Western Digital 3.0GB/s 250GB 7200RPM RAM: OCZ Gold Series 1GB(2x512MB) CPU:AMD Athlon 64 3700+ San Diego PSU:Antec Truepower 550W Headphones: Sennheiser PC150 Keyboard/ Mouse: G15/ Razer Diamondback Monitor:Dell UltraSharp 1907FP 19"

03-08-2007, 11:07 PM	#6 (permalink)
grazhopper Silver Member Join Date: Nov 2005 Age: 18 Posts: 219	I realized the best way to describe my problem would be to post a Hijack this log, so here it is, help is really appreciated... Logfile of HijackThis v1.99.1 Scan saved at 5:07:26 PM, on 3/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Video Access ActiveX Object\isamntr.exe C:\Program Files\Video Access ActiveX Object\isamini.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\lxcgcoms.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Xfire\Xfire.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Video Access ActiveX Object\isamini.exe C:\Program Files\Creative\MediaSource\CTCMS.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Hijackthis\Show.exe.exe __________________ Le Rig... Mobo: ASUS A8N-SLI Deluxe Vid card: eVGA 7800GTX 256MB Sound card:Creative Sound Blaster 2zs Case: Aspire X-cruise HD: Western Digital 3.0GB/s 250GB 7200RPM RAM: OCZ Gold Series 1GB(2x512MB) CPU:AMD Athlon 64 3700+ San Diego PSU:Antec Truepower 550W Headphones: Sennheiser PC150 Keyboard/ Mouse: G15/ Razer Diamondback Monitor:Dell UltraSharp 1907FP 19"

03-10-2007, 05:52 AM	#8 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 6,104	Download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. __________________ The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight!

03-11-2007, 07:34 PM	#9 (permalink)
grazhopper Silver Member Join Date: Nov 2005 Age: 18 Posts: 219	SmitFraudFix v2.117 Scan done at 14:34:51.57, Sun 03/11/2007 Run from C:\Documents and Settings\Michael\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Michael »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Michael\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Michael\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="about:Home" "SubscribedURL"="about:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler] "{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies" [HKEY_CLASSES_ROOT\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}\InProcServer32] @="C:\WINDOWS\system32\geplxss.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{aed6f6a 3-183c-488d-9f90-23db99f56e7f}\InProcServer32] @="C:\WINDOWS\system32\geplxss.dll" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End __________________ Le Rig... Mobo: ASUS A8N-SLI Deluxe Vid card: eVGA 7800GTX 256MB Sound card:Creative Sound Blaster 2zs Case: Aspire X-cruise HD: Western Digital 3.0GB/s 250GB 7200RPM RAM: OCZ Gold Series 1GB(2x512MB) CPU:AMD Athlon 64 3700+ San Diego PSU:Antec Truepower 550W Headphones: Sennheiser PC150 Keyboard/ Mouse: G15/ Razer Diamondback Monitor:Dell UltraSharp 1907FP 19"

03-07-2007, 10:15 PM	#2 (permalink)
Laptop Gold Member Join Date: Feb 2007 Age: 17 Posts: 451	Try all the anti software u got. If you have mcfee, norton or zone alabs, do a few scanning. If u u think the message is still coming up try to install ad-adware SE personal and AVG anti-spyware. You could download both from google for free. I think you are affected by a virus. You need to take immediate action if my suggestion wont give any effect. I didnt take any action when I have this message came up and I ended up rebooting my PC and I had to pay £30($60 - i think).

03-07-2007, 11:08 PM	#3 (permalink)
Impulse666 Platinum Member Join Date: Feb 2007 Posts: 571	start -> run -> msconfig -> Startup tab -> disable all then reboot and see if it goes away. if it does its just simple spyware so do a scan with ad-aware (free - google it). if not its likely a virus so backup your files no matter what, and you can chose to ride it out (BACKUP FILES DAILY) or reinstall windows after backing up your data.

03-09-2007, 01:34 AM	#7 (permalink)
AudiPlayer Bronze Member Join Date: Dec 2006 Posts: 96	One reason is AIM< they send out a lot of ad's ect. I see you are using their high speed internet.... since you use that im sure you notice their pop ups on their main page. Try doing a house call for viruses, ect. http://www.housecall65.trendmicro.com

03-12-2007, 06:52 AM	#10 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 6,104	Have you run any scans since postint the Hijackthis log? There were entries in there that should have appeared in the Smitfraudfix log. Anyhow, You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log. The report can also be found at the root of the system drive, usually at C:\rapport.txt __________________ The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight!

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
annoying error message...	grazhopper	Computer Security	2	09-25-2006 12:49 AM
annoying spyware popup	Vipernitrox	Computer Security	13	06-01-2006 02:45 PM
Annoying spyware problem	Nevakonaza	Internet Discussion	2	12-08-2005 01:03 PM
Annoying error message	Shambree	General Computer Chat	5	09-03-2005 01:01 PM
If anyone of you wonders what spyware is	Fure6	Internet Discussion	0	02-07-2005 03:11 AM