Adware Virus Spyware?! PLEASE HELP

K

kingdante87

New Member
The other day my computer just started spazing out. It has been downloading programs to my desktop and every few minutes Internet Explorer pops up taking me to a strange site I've never seen before. It takes me to http://ads1.revenue.net/r?site_id=12324&pplacement_id=1&r_num=2154 or www.adv1.eblocs.com. I can't stop it from doing this and I've tried everything. I have adaware 6.18 and it isint detecting any adware on my computer. No new programs pop up in the ctrl+alt+del menu except the new programs that are being downloaded. Does anyone have any Ideas as to what I can do? Please help this is so anoying and potentially destructive to my computer. E-mail me at [email protected] if you have ANY news.
 
K

kingdante87

New Member
I have antivir9x and it detected a few viruses but deleting them didnt stop the problem. I've put the sites on my IE block list so they dont load the page when they pop up but they still pop up. I thought changing the name of the Iexplorer.exe file would help but no. I don't have a firewall so I guess it's kinda my fault I have this thing whatever it is, but I'd still like help. If anyone knows anything else. Please help me. Thank you.
 
Praetor

Praetor

Administrator
Staff member
- But he made no mention of Spybot yet :p
- Hijack would definitely be a good route to take :)
 
K

kingdante87

New Member
Ok I downloaded hijack this and have no clue what to fix and what not. Here is the log file it made for me:
Logfile of HijackThis v1.97.7
Scan saved at 1:30:20 PM, on 9/11/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\MSUPDATEQ49500X86.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\JUNO\BIN\JUNO.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\PROGRAMS\BACK UP FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINDOWS\search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\search.htm
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 66.250.171.167 sitefinder.verisign.com
O1 - Hosts: 66.250.171.167 sitefinder-idn.verisign.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [atiupdate] C:\MSUPDATEQ49500X86.EXE
O4 - Startup: Findfast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8} (SBITAX7Ctrl Class) - http://directplugin.com/tl7000.dll
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

Does anyone know if any of these are bad and should be deleted?
Thanks ... again.
 
K

kingdante87

New Member
I deleted C:\MSUPDATEQ49500X86.EXE but the problem still hasn't been solved. Hum maybe I didn't delete it because I just opened my ctrl alt del and found it running. I've never cought it running before. Guess I'm gonna have to try killing it again.
 
K

kingdante87

New Member
ok this is interesting. I deleted the one thing with hijackthis.exe and so later I see it running in the task manager window. I thought well maybe it reinstalled its self or I didnt actually delete it but guess what ... I did. I ran hijack this again and it didn't find it YET it was running. any ideas?
 
Praetor

Praetor

Administrator
Staff member
Shit a lot of that can prolly be nailed :)
C:\WINDOWS\SYSTEM\KERNEL32.DLL -- never seen the kernal pop up for more than say 2 seconds... never the DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE -- kill this
C:\WINDOWS\SYSTEM\MPREXE.EXE -- never heard of this -- which probably means if killable
C:\WINDOWS\SYSTEM\mmtask.tsk -- unless you use task scheduler, kill
C:\WINDOWS\SYSTEM\MSTASK.EXE -- unless you use task scheduler, kill this
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE -- shouldnt see for more than 2 seconds, kill
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe -- non critical service... terminatable
C:\WINDOWS\SYSTEM\WMIEXE.EXE -- leave this
C:\WINDOWS\SYSTEM\TAPISRV.EXE -- unless you use TAPI, kill
C:\WINDOWS\SYSTEM\RNAAPP.EXE -- non critical, terminatable
C:\MSUPDATEQ49500X86.EXE -- terminate
C:\WINDOWS\SYSTEM\DDHELP.EXE -- dunno why you have this running, killable
C:\PROGRAM FILES\JUNO\BIN\JUNO.EXE -- killable
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\PROGRAMS\BACK UP FILES\HIJACKTHIS.EXE
 
K

kingdante87

New Member
nothing is working. I do things and it stops them from poping up but as soon as I restart my computer they restart too. I'm like 3 seonds from taking my computer and throwing it in a lake. That or completely reformating the hard drive.
 
Praetor

Praetor

Administrator
Staff member
nothing is working. I do things and it stops them from poping up but as soon as I restart my computer they restart too. I'm like 3 seonds from taking my computer and throwing it in a lake. That or completely reformating the hard drive.
Click to expand...
Wouldnt it be easier to format? :confused: Like i mean.,.. 30-40 minutes... whoopee
 
You must log in or register to reply here.
Top