Spyware problems

[Shane]

Hi,

Im having a bad Spyware problem.

I had loads of spyware on my system and Spyware Doctor got rid of alot of it but i think it keeps re-instaling itself and downloading trojan horses.

My latest virus is....

Networm-i.Virus@fp

Then it gets removed but then re-appears again.
Why do i keep getting infected?

Also my homepage keeps getting hijacked to companys offering antispyware

 

[Shane]

Anyone please help

 

[soccerdude]

Are you using only Spywar Doctor to remove your spyware? If you are, you should get Ad-aware, Spybot, Ewido, Windows Defender, Spyware Terminator, a firewall if you don't have one(I recomend Zonealarm or Comodo) and also an antivirus(I recomend Avg). After scanning with all these programs, you should be back to normal. If you are not just post back and me or someone else would help you.

 

[Shane]

Hi,

Ive got rid of the pop-ups & spyware now but still me Homepage on IE keeps getting hijacked by the spyware.

Telling me to but VirusBlast software which i believe is the spyware.

They instal spyware & junk on your system so you will buy their software but they aint gonna make me

How can i stop them hijacking my homepage? I think they must have my Ip address

 

[computerhakk]

Have you tried posting a hijack log? It seems like it's somewhere in the registry keys that keeps hijacking your page.

http://www.computerforum.com/24672-hijackthis-logs.html

 

[Shane]

Ok heres my log....

I think i have a registry full of it?

Logfile of HijackThis v1.99.1
Scan saved at 16:13:54, on 07/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\CacheBoost\cbsrv.exe
D:\Program Files\Comodo\Firewall\cmdagent.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
d:\program files\mcafee.com\agent\mcdetect.exe
d:\PROGRA~1\mcafee.com\agent\mctskshd.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\system32\UAService7.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\alg.exe
D:\Program Files\PCODEC\pmsngr.exe
D:\Program Files\PCODEC\isamonitor.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\PCODEC\pmmon.exe
D:\Program Files\PCODEC\isamini.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Browser Mouse\mouse32a.exe
D:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe
D:\WINDOWS\AGRSMMSG.exe
D:\WINDOWS\ALCXMNTR.EXE
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
D:\Program Files\Comodo\Firewall\CPF.exe
D:\Program Files\Comodo\LaunchPad\CLPTray.exe
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
D:\Program Files\CacheBoost\trayicon.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.1.720.5674\GoogleToolbarNotifier.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\PCODEC\pmsngr.exe
D:\Program Files\PCODEC\isamonitor.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Browser Mouse\mouse32a.exe
D:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe
D:\WINDOWS\AGRSMMSG.exe
D:\WINDOWS\ALCXMNTR.EXE
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
D:\Program Files\Comodo\Firewall\CPF.exe
D:\Program Files\Comodo\LaunchPad\CLPTray.exe
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
D:\Program Files\CacheBoost\trayicon.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.1.720.5674\GoogleToolbarNotifier.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\system32\scrnsave.scr
D:\PROGRA~1\WINZIP\wzqkpick.exe
D:\PROGRA~1\WINZIP\winzip32.exe
D:\Documents and Settings\Shane\Local Settings\Temp\wz1159\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - D:\Program Files\PCODEC\isaddon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Protection Bar - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - D:\Program Files\PCODEC\iesplugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] D:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] D:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ASM] "D:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [Comodo Firewall] "D:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] "D:\Program Files\Comodo\LaunchPad\CLPTray.exe"
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [CacheBoost] D:\Program Files\CacheBoost\trayicon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] D:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CacheBoost Performance Optimizer and Tuner Service (CacheBoost Service) - Systweak India - D:\Program Files\CacheBoost\cbsrv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - d:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - d:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - D:\WINDOWS\system32\UAService7.exe

 

[raskish]

hey dude!!!!! every hacker in this world try to hack IE which is most used by pals.......
try using opera or firefox .... those r browser....
opera ve loads of features.... n firefox isgood for security purpose....
but u want good features go for opera .. its good n safe...

use loads of antispyware but only one firewall.... (firewall is must if u r not using) plz do not depend on xp inbuilt firewall....

free antispyware only remove spams while scanning .... they dont have runtime program....
spybot... spyware terminator r good...
for firewall Zonealarm.... thts the best

 

[Bobo]

hey dude!!!!! every hacker in this world try to hack IE

No. Just plain no.

opera ve loads of features.... n firefox isgood for security purpose....
but u want good features go for opera .. its good n safe...

Firefox has hundreds of times more installable features than Opera has.

(firewall is must if u r not using)

No it isn't. I don't use a firewall at all, I just know exactly what I am doing at all times.

for firewall Zonealarm.... thts the best

No it isn't. For free programs, Avast and AVG are the best.

 

[soccerdude]

When your page gets changed, is it in IE? Because if it is, then download Firefox or something and then it probably wouldn't change. And I know this isn't resolving your issue but it is an alternative. Also if it is happening in IE don't use it after you start using Firefox unless you REALLY have to.

 

[holyjunk]

Run this it won't repair spyware but it will repair viruses.
http://www.pandasoftware.com/activescan/

 

[Bobo]

Whatever you do, don't use that. Use Spybot S&D. (google it...)

 

[Counter - Strike]

if none of that work i would re-format lol