Highjackthis and spyware removal resources and tips.

  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

I have often looked for fixes to spyware, adware and browser hijacker problems, and almost always come up with countless Google results to links leading to highjackthis logs. I'm posting this thread as a place for the experts to offer and add tips and resources to using highjackthis to do manual removal of hard to remove adware/spyware/malware problems.

To start, here's the link to what I believe JrzyCrim recently posted as being a current highjackthis version:

https://ssl.perfora.net/tools.radiospla ... ckThis.exe

I usually just download it from here because I like the instructions that are included:

http://tomcoyote.com/hjt/

His forums are another great place to get help with your highjack this logs.

Some definitions:

Running Processes: Processes that are active and running in the background and/or foreground on your computer. Some start automatically when you start you your computer and others start when you have applications running.

BHO: Browser helper objects. Some are good some are not. Often times you will find a lot of your problems related to one of these.

DPF: Downloaded Program Files. Basically same as above. Some are good and necessary, but others may be what are causing your problems.

A lot of things can be identified by searching Google.

Your running processes, for example can usually be searched by typing the executable file name into Google.

A quick resource to identify running processes is here and it's the one I use the most :
http://www.answersthatwork.com/Tasklist ... sklist.htm

Click the letter of the first letter of the filename and scroll 'til you find it.

To date the best resource I have found for BHO's (Browser Helper Objects) is here:

http://www.spywaredata.com/spyware/bho. ... ent_page=0

Unforunately this page is not indexed in a completely user friendly manner, but the list is exhaustive and I use it religiously. Basically, BHO's have a unique code similar to this format: {00000000-0000-0000-0000-000000000000} and include a path to a .dll (dynamic link library) file associated with it . At this particular resource, the files are indexed first numerically, then alphabetically by the unique code and unfortunately, you may need to search through several of the page links to get to where you can find yours. Once you do, you can find the .dll file listed in your log and it will be identified as either a parasite (in which case delete it), pending ( probably OK to delete, but might want to ask for advice) or good, in which case leave it alone.

I'm hoping that JrzyCrim will also shortly add his tips on using command prompts for taskill as that is a very handy tool to stop tasks when you can't access taskmanager. I've seen him use a dozen other tricks as well as labrego and MOC lately and hope others will contribute to this thread so people can better learn to understand how their computers work and how to fix them without having to reformat and start from scratch.

//added note: please do not post logs in this thread. Use this thread for tips and resources only - thanks
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

An added note based on what JrzyCrim pointed out here:

http://www.ozzu.com/sutra123821.html#123821

Although I won't necessarily say that I think that the hijackthis logs are "destroying" search engine results, I can certainly agree that they are frustrating, because there is a lot of reading involved to see if the solution offered fixes your problem.


That's another reason I started this thread. I would much rather see people learn to use and understand such a resourceful tool without having to post their logs all over creation to get help and answers. Although I've come to appreciate results that give answers with logs, I've also found myself frustrated when I'm looking for a quicker answer.

One thing, I'm sure all of us agree on is that you should regularly use spyware removal tools such as Adaware, Spybot S&D, CWShreader and others that have already been posted and suggested numerous times here at OZZU.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

I'm pretty new to Hijack-This myself and basically fly it 'by the seat of my pants'. I rely on Google a lot for finding information about suspicious items or items I know nothing about. However, the more logs I examine the less I have to rely on Google. I am an experienced computer user and I can usually sort out the suspicious bits from the rest. Google, or your search engine of choice, can be a valuable tool in identifying possible threats.

If your interested in learning more about Hijack This, tutorials can be found here:
http://forums.majorgeeks.com/showthread.php?t=38752
http://hometown.aol.co.uk/jrmc137/hjttu ... torial.htm
http://www.bleepingcomputer.com/forums/ ... utorial=42

Forums related to spyware/malware/virus:
http://forums.spywareinfo.com/
http://computercops.biz/forum67.html
http://www.wilderssecurity.com/

As ATNO mentioned, a command line tool I use frequently is Taskkill. This is a command line utility that comes with Windows 2000/XP Pro. Frequently, spyware\malware related files will set a registry entry to execute at startup.

Typically they are found in Windows\System or Windows\system32 and sometimes are 'hidden files'. They usually have a random file name like MWWRQOEBN.EXE or try to appear as a legitimate system file such as MSCRON.EXE; the MS at the beginning an obvious attempt at subterfuge. They often prevent the user from using the tools necessary to get rid of them such as Task manager, Regedit, msconfig and AV programs. This is where taskkill comes in handy. Before you can delete a file, you have to close the program; kill the process. If you can't use Task manager you have to find another way. If you know the offending file is MWWRQOEBN.EXE, then open a command prompt and enter:
Code: [ Select ]
taskkill /F /IM MWWRQOEBN.EXE

For more info about the command line options for Taskkill, type taskkill /? at the command prompt.

From here you can delete the file. More often than not, the file has had it's read only and hidden attributes set. This makes it slightly more difficult to delete but not much. A command like this usually will take care of it:
Code: [ Select ]
del /F /A:H C:\windows\system32\MWWRQOEBN.EXE

The /F forces the deletion of read-only files and /A:H is for hidden files.

The only problem with this, however, is that the file will not always be hidden in every case and this command will produce an error if it is not.

Instead of wasting time determining if a particular file is hidden or not, I use the Attrib command before deleting.
Code: [ Select ]
Attrib -s -h -r C:\windows\system32\MWWRQOEBN.EXE
del C:\windows\system32\MWWRQOEBN.EXE
  1. Attrib -s -h -r C:\windows\system32\MWWRQOEBN.EXE
  2. del C:\windows\system32\MWWRQOEBN.EXE

This removes the system, hidden, and read only attributes. It will not produce an error if these attributes are already cleared. These two commands used in conjunction will work in every case.

For Windows 98/ME/XP Home users, taskkill isn't an option. However, there is another tool available:
PSkill

Just extract pskill.exe to your windows, system, system32, or any directory in your command path.

This is a command line utility similar to taskkill:
Code: [ Select ]
pskill MWWRQOEBN.EXE


That being said, there are many different ways to accomplish the same thing. I use the above methods. Use whatever methods that work and that you are comfortable with. MOC, in another thread, provided a link for Emergency Utilities:
http://www.dougknox.com/xp/utils/xp_emerutils.htm

It's a small program that will create a copy of Taskman, Regedit, MSconfig in a directory C:\EmergencyUtils. They are named copy_of_taskman.exe, etc, so the problem program won't know to prevent them from running. Very useful if you want to use these programs.

Also, hijack this has it's own process manager which can be used to terminate processes. Config > Misc. Tools.

Once you know your system is clean, add all the items listed by Hijack-This to the ignore list. Check all the items and click 'Add checked to Ingore list'. This will make future diagnoses less cumbersome.

The ignore list can be edited by going to Config > Ignorelist.
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

Jim wrote:
There was someone in another thread using XP and didn't have access to taskkill. It seemed to be missing but he was able to use pskill instead. I'm still curious what happened to it

It seems that taskkill.exe is included in WinXP Pro but not in some installations of WinXp Home Edition. (I don't have it in my home computer)

Or its possible that the directory may not be in the path of the system, so you may need to specify the full path: c:\windows\system32\taskkill.exe
  • MOC
  • Proficient
  • Proficient
  • User avatar
  • Posts: 490
  • Loc: Ocean City , Maryland

Post 3+ Months Ago

Nice job on this! If I have anything to add I will continue to edit this post.

SHOW IT ALL! Be sure that Windows is set to show hidden files and folders (in Windows Explorer, at Tools | Folder Options | View). In all Windows versions, reboot to Safe Mode. Then rerun the ?screening and cleaning? programs.

If you have Windows 98, run the System File Checker every now and then, to make sure that you do not have critical system files missing or damaged. (Click Start, click Run, type SFC, click OK.) In SFC, click on Settings, then Search Criteria, and restructure the folders listed so that the entire Windows folder and all of its subfolders, and the entire Program Files folder and all of its subfolders are included. Sometimes Win98?s SFC will give you confusing information on file overwrites; you just have to use your best judgment and common sense in sorting
through its messages.
SFC also exists in Windows XP, but it is a very different program. you have to have the windows XP disk installed during this error checker. And have to be logged on as the Administrator
If the cache folder becomes damaged or unusable, you can use the sfc /scannow to repair its contents.
SystemFIleChecker : Scans all protected system files immediately and replaces incorrect versions with correct Microsoft versions. This command may require access to the Windows installation source files.

Links for SpyWare Removal Tools:
Every removal tool under the Sun ,
Specific Trojan,and Backdoor,worms
http://www.majorgeeks.com/downloads31.html

As you can see we like MajorGeeks.lol they get the software we want !
l
All Free,and All have weekly updates:
AntiVir Personal Edition 6.27.00.03
Avast! Home Edition 4.1.412
AVG Free Edition 6.0 Build 754
http://www.majorgeeks.com/downloads29.html

This is the ermergency utility's download ,
that gives you an extra (Msconfig, Regedit, TaskManager)
http://www.dougknox.com/xp/utils/xp_emergencyutil.zip

This Is a tool to repair your TaskBar (every problem)
http://www.kellys-korner-xp.com/taskbarplus!.htm

And just a great list of auto Reg entrys,and VB scripts
for repair purposes,after you have had your bout with
SpYWare !
http://www.kellys-korner-xp.com/xp_tweaks.htm

AIM FIX:
For all those that use AIM ,this is a tool that goes after
known AIM viruses in one consolidated removal tool. It is designed to end the virus processes, delete the files, and remove registry keys created by the virus.
http://www.majorgeeks.com/download4348.html


FirePanel XP 1.0.1710
For your exsisting Windows Firewall,
FirePanel XP is a tool that will configure & monitor your Windows Firewall activity, and keep tabs on what exactly you're being exposed to, in real-time.
http://www.majorgeeks.com/download4333.html

Here's a real good one (saved me alot of time)
Automatic Winsock Fix Utility (I have used it on every Micro OS)
Alot of times Virus's ,trojans,worms ,and the removal of
software ,and installing software can wrek havoc on your TCP/IP
your internet connection .This will restore all the regeistry back to
origainal config.

http://www.tacktech.com/display.cfm?ttid=257

Ad-Aware SE Tweak SE : This is new ,it's a plugin .
allows you to alter and "tweak" settings as well as make GUI alterations available to the user.

http://www.majorgeeks.com/download4351.html

This is a nice little tool to view all of your running processes
you get to see much more than what the Task Manager could show
and you get to find things while viewing it ? that you have no idea
were they came from .lol But thats the whole point ...to be able to see.

http://www.kellys-korner-xp.com/regs_edits/PrcView.zip
**********************************************************
This is ScumWare : I will keep this updated this is dated 09/20/04
this is software that is not what it says it is ,and this is the most recent list.

Instead of removing spyware, they install it. Some will even attack whatever genuine protection your computer may already have, leaving it wide open to hackers, viruses, spyware and every other kind of malware imaginable.

Worse, trying to remove the scumware in the usual way can often result in even more spyware being installed, so if you have installed anything on this list, please get some advice before trying to remove it.


AdDestroyer
AdProtector
Adware Agent
AdwareHunter
ADS Adware Remover
AdWare Remover Gold
AdwareSpy
AdwareX
AdwareX Eliminator
Anonymizer Spyware Killer
AntiSpy & PopStopper
BPS Spyware Remover
BPS Spyware & Adware Remover
Computer Shield
Drive Cleaner
eAcceleration
Easy Spyware Killer
Eblocs
Hacker Smacker
Internet AntiSpy
JC Spyware Remover & Adware Killer
Kazaa Platinum
Kazanon
Lop Uninstaller
MailWiper
MaxNetShield
MP3U
NetSpyProtector
NoAdware
NoSpyX
Online PC-Fix
PAL Spyware Remover
pcOrion
PC ToolWorks 2003
Popup Guard
Privacy Defender
PurityScan
PuritySweep
Real AdWareRemoverGold
ScanSpyware
SpyAssasin
SpyAssault
SpyBan
SpyBlast
SpyBlocs
SpyBouncer
SpyBurn
SpyClean
SpyCleaner
SpyDeleter
SpyDoctor
SpyEliminator
SpyFerret
Spy Gone
Spy Guardian Pro
SpyHunter
Spyinator
SpyKiller
SpyKiller 2004
SpyKillerPro
SpyMagic
Spyware & Pop-Up Utility
Spyware Annihilator
SpywareAssasin
SpywareBeGone
SpywareCleaner
Spyware Cleaner & Pop-Up Blocker
Spyware C.O.P.
SpywareCrusher
SpywareKilla
SpyWare Killer
SpywareNuker
SpywareRemover
Spyware Stormer
SpywareThis
SpywareZapper
SpyWiper
S Scanner
Stop-Sign
System Detective
The Shield
The Shield 2004
The Web Shield
TZ Spyware Adware Remover
VBouncer
Veloz
Virtual Bouncer
Virus Guard
Windows Antivirus 2004
XoftSpy
xp-AntiSpy
Xupiter Uninstaller
ZeroSpyware

**********************************************************
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

Concerning Hijack This logs, a dead give away is the same items in the HKLM and HKCU Run, RunOnce and RunServices sections. No legitimate program is going to set itself for startup in all of these areas.. Example:

Code: [ Select ]
O4 - HKLM\..\Run: [SDKCprords] SDKc55rezzz.exe
O4 - HKCU\..\Run: [SDKCprords] SDKc55rezzz.exe
O4 - HKLM\..\RunServices: [SDKCprords] SDKc55rezzz.exe

O4 - HKLM\..\Run: [sdkupdate22] SDK0mCORE.exe
O4 - HKCU\..\Run: [sdkupdate22] SDK0mCORE.exe
O4 - HKLM\..\RunServices: [sdkupdate22] SDK0mCORE.exe
O4 - HKLM\..\RunOnce: [sdkupdate22] SDK0mCORE.exe
O4 - HKCU\..\RunOnce: [sdkupdate22] SDK0mCORE.exe
  1. O4 - HKLM\..\Run: [SDKCprords] SDKc55rezzz.exe
  2. O4 - HKCU\..\Run: [SDKCprords] SDKc55rezzz.exe
  3. O4 - HKLM\..\RunServices: [SDKCprords] SDKc55rezzz.exe
  4. O4 - HKLM\..\Run: [sdkupdate22] SDK0mCORE.exe
  5. O4 - HKCU\..\Run: [sdkupdate22] SDK0mCORE.exe
  6. O4 - HKLM\..\RunServices: [sdkupdate22] SDK0mCORE.exe
  7. O4 - HKLM\..\RunOnce: [sdkupdate22] SDK0mCORE.exe
  8. O4 - HKCU\..\RunOnce: [sdkupdate22] SDK0mCORE.exe


These items are all from the same log.
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

This information is quoted from TonyKlein in cexx.org discussion boards, I think is useful for every one who wants to know how he/she got infected.

______________

So how did I get infected in the first place?

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

1) Watch what you download!
Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself.

2) Go to IE > Tools > Windows Update > Product Updates, and install ALL Security Updates listed.
It's important to always keep current with the latest security fixes from Microsoft.
Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.

3) Go to Internet Options/Security/Internet, press 'default level', then OK.

Now press "Custom Level."

In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option/security.

So why is activex so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?

And some more advice:

4) Install Javacool's SpywareBlaster

It will protect you from all spy/malware in it's database by blocking installation of their ActiveX objects.

Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer)
Press "select all", then "kill all checked", and you're done.
The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer.
Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
Don't forget to check for updates every week or so.

There's a board at Wilderssecurity as well.

Let's also not forget that SpyBot Search and Destroy has the Immunize feature which works roughly the same way.
It can't hurt to use both.

5) Another brilliant program by Javacool we recommend is SpywareGuard.
It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware! And you can easily have an anti-virus program running alongside SpywareGuard.
It now also features Download Protection and Browser Hijacking Protection!

6) IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

https://netfiles.uiuc.edu/ehowes/www/resource.htm

Incidentally, another site with an enormous amount of information on computer security, and which is well worth a visit is http://www.wilders.org/


Finally, after following up on all these recommendations, why not run Jason Levine's Browser Security Tests.
They will provide you with an insight on how vulnerable you might still be to a number of common exploits.
______________
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

A good training program for HJT is available here:
http://forums.spywareinfo.com/index.php?showtopic=34

You need to register as a user first and then respond to the above thread. A hidden forum named "Boot Camp" will be made available to you. There are many resources available as well as practice logs, tutorials and tools.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

Hey -- nice find. I'll have to play around in there over the weekend.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

Steps to Take Before Posting your Hijack This Log

If you are not using the latest version of Hijack This, Version 1.98.2, please download it from:
  • http://tomcoyote.com/hjt/
  • http://www.majorgeeks.com/download3155.html

Do not run Hijack This from a temporary folder. HJT makes backups for items that are fixed. Any backups saved in a temporary folder run the risk of being deleted. Backups are important in case a previous fix needs to be restored. It's best to make a permanent folder: C:\HJT this for example. Any place other than a temporary folder is fine.


If you have your own anti-virus program, please update it and do a complete scan.


Use Trend Micro's Online scanner
http://housecall.trendmicro.com/houseca ... t_corp.asp
Housecall often finds things that popular AV programs miss.

Select your location and click go. If you have never used Trend Micro's online scanner before, you will have to install their active X component. After that is finished installing, the update engine and pattern file will begin downloading. If you are on a dialup connection, this will take several minutes but it's well worth the wait.

To use Housecall, you need one of the following browsers:
Microsoft Internet Explorer (version 4.0 or above)
Netscape Navigator (version 3.01 or above)

Check 'Auto Clean' and 'My computer' and click 'Scan'.


Download these two programs
  • Spybot Search and Destroy
  • AdAware
Install and update both. Reboot into Safe Mode and use one then reboot again into safe mode and run the other.

Here are instructions on how to use both programs:
  • Using Spybot - Search & Destroy
  • Using Ad-Aware SE

Go to add/Remove programs and check and see if you have any of the following programs. Remove them if present. These programs are known to be packaged with or are adware/spyware/malware:

  • Alexa Toolbar
  • Bargain Buddy
  • Bonzi Buddy
  • Comet Cursor
  • Date Manager
  • Download Accelerator Plus (Free version)
  • Hotbar
  • Huntbar
  • Kazaa
  • Memory Meter
  • My Search Bar
  • New.Net or NewDotNet
  • SearchSquire
  • SideFind or IS Technologies SideFind
  • Smiley Central
  • Weatherbug
  • WebHancer or WEBHANCER AGENT
  • WebSearch Toolbar
  • WildTangent
  • Winad
  • Windows SyncroAd or SyncroAd

If the folders for any of the above programs are still present, remove those as well. If you're not sure about a particular folder, ask about it in your post. More programs will be added in the future. Some programs on the list may not be removable via Add/Remove programs. Click on a specific entry for manual removal instructions or programs that will detect and remove these.

If you unsure about other programs on your computer, please search this database:
http://www.spywareguide.com/product_search.php

A partial search query generally works best: 'Bon' or 'Bud' will return Bonzi Buddy, for example. A full list can be viewed at this sight as well as different categories of adware/spyware/malware.


Finally, reboot normally. Run Hijack This, Scan and post the log. Make sure you post the complete log including the HJT version and Windows version information. Include a detailed description of the problems you are experiencing. When posting, use a descriptive topic title:

Hijack This Log - {Place Brief Description of the Problem Here}
(example: HijackThis Log - Windows constantly reboots)

If the particular problem that prompted you to post a log goes away after following the above steps, please post a fresh log anyway. Sometimes a problem will return after a reboot if it was not removed successfully. Once it has been determined your system is clean, additional follow-up steps will be given. It is important to follow any steps given to ensure a good 'fix'.

After posting your log, someone will analyze it as soon as possible and give you further instructions.

Please be patient. The analysis can sometimes take awhile. The time will depend on the amount of spyware/malware which is on your system. Hopefully the above steps will fix most, if not all, of the problems.
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

Good one Jimmy, kudos ;)
  • madmonk
  • Mastermind
  • Mastermind
  • madmonk
  • Posts: 2115
  • Loc: australia

Post 3+ Months Ago

I have just deleted my search and destroy. It couldnt rid me of all the spybots I want.

there is always a DSO exploit in my computer. what is it?
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

I think I know which one's you are talking about. I usually have two that always return. I've narrowed one down to TCP/IP settings and I think it has to do with the IE internet connection settings. The other appears to be related to Internet settings also, although I'm not sure what the DWORD does.. Regardless, it appears both DSO's are from MS and probably OK. I quit deleting them because they always return regardless.
  • madmonk
  • Mastermind
  • Mastermind
  • madmonk
  • Posts: 2115
  • Loc: australia

Post 3+ Months Ago

Quote:
I think I know which one's you are talking about. I usually have two that always return. I've narrowed one down to TCP/IP settings and I think it has to do with the IE internet connection settings. The other appears to be related to Internet settings also, although I'm not sure what the DWORD does.. Regardless, it appears both DSO's are from MS and probably OK. I quit deleting them because they always return regardless.



yeap same here. I have 5 entries that keep coming back.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

The DSO exploit is always found because of a minor bug in Spybot S&D.

http://www.safer-networking.org/en/faq/36.html

It's really nothing to worry about.
  • madmonk
  • Mastermind
  • Mastermind
  • madmonk
  • Posts: 2115
  • Loc: australia

Post 3+ Months Ago

great link mate! guess it is time to patch my windows! :-)
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

Found another excellent resource this morning.

This very handy tool comes from Sysinfo.org:
http://sysinfo.org/bhoinfo.html

The BHOlist application is an online/offline tool that can be used for identifying spyware Browser Helper Objects and can be toggled to a Toolbar list for help in identifying Toolbar spyware / adware

You can load the lists from the online servers, but the key is you can dump the lists to your hard drive for use when online access is unavailable. I also like that you can toggle between BHOlist view and Toolbarlist view. The biggest thing to me is that it is searchable which to date I have not found on any online counterpart.

The status key is at the bottom of the above page link. X = spyware, L = legit and O = "open for debate"

The executable download can be found on the page:
http://www.spywareinfo.com/~merijn/files/bholist.zip

There is also a companion proggie BHODemon:
http://www.spywareinfo.com/downloads/bhod/

Another very handy BHO tool.

Enjoy!
  • nadaness
  • Newbie
  • Newbie
  • nadaness
  • Posts: 12
  • Loc: tejas

Post 3+ Months Ago

one of my favorite scanners is Bazooka Adware and Spyware Scanner. The scan takes roughly two seconds and it then produces a list of spyware on your computer. It will not remove the files for you, but it will produce a log file that shows you what files/keys triggered the alert as well as provide you with a link to a page that details how to manualy remove the piece of spy ware found.

http://www.kephyr.com/spywarescanner/
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

ATNO/TW wrote:
Found another excellent resource this morning.

This very handy tool comes from Sysinfo.org:
http://sysinfo.org/bhoinfo.html
...
Enjoy!


That's a very handy utility. I've been referencing Tony Kline's BHO list on the web but this makes the chore much easier. Thanks! :)
  • DaremoAlpha
  • Beginner
  • Beginner
  • DaremoAlpha
  • Posts: 39
  • Loc: Calgary Canada

Post 3+ Months Ago

I have that DSO thing too and was going to start asking about it as well, plus my computer keeps trying to change homepages on IE, even though I don't use IE it still bugs hell outta me with Spybot.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

CWShredder Returns To The Web

Quote:
CWShredder is back. Merijn has sold the source code and rights to CWShredder to Intermute. They have published an updated version at cwshredder.net. CWShredder still is a free download and now is being updated once again on a continuing basis to deal with new variants of the CWS hijacker.

Full Story

Download Page
  • radio
  • Born
  • Born
  • radio
  • Posts: 1

Post 3+ Months Ago

1st, thanks for the links back to my site :)
I was just checking the referrer logs and saw quite a few hits from ozzu.com (almost 1000 for October)

2nd, there's a patch available for the Spybot DSO bug.
http://www.majorgeeks.com/download4392.html
**version 1.3 final must be installed prior to using the patch**
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

*smiles -- thanks for the patch link radio and welcome to OZZU.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

radio wrote:
1st, thanks for the links back to my site :)
I was just checking the referrer logs and saw quite a few hits from ozzu.com (almost 1000 for October)

2nd, there's a patch available for the Spybot DSO bug.
http://www.majorgeeks.com/download4392.html
**version 1.3 final must be installed prior to using the patch**


Yes, welcome to ozzu. :)

I've seen that patch but it was removed from safer-networking.org:
http://www.safer-networking.org/files/spybotsd131tx.exe

That gave me the impression that it may not be ready for release. I searched safer-networking.org for info and couldn't find anything about the patch. Not sure what to think about it. *shrug*
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

I just discovered on online Hijack This analysis tool. You can paste a copy of your HJT log into a text box or upload it and receive a detailed analysis.

http://hijackthis.de/en
  • Funny_Fuzz
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1517

Post 3+ Months Ago

JrzyCrim wrote:
  • Alexa Toolbar
  • Bargain Buddy
  • Bonzi Buddy
  • Comet Cursor
  • Date Manager
  • Download Accelerator Plus (Free version)
  • Hotbar
  • Huntbar
  • Kazaa
  • Memory Meter
  • My Search Bar
  • New.Net or NewDotNet
  • SearchSquire
  • SideFind or IS Technologies SideFind
  • Smiley Central
  • Weatherbug
  • WebHancer or WEBHANCER AGENT
  • WebSearch Toolbar
  • WildTangent
  • Winad
  • Windows SyncroAd or SyncroAd


Oh my gosh! I never realised how many I had! I have half of those! *Gasp* :eek2:
  • pramitroy
  • Guru
  • Guru
  • pramitroy
  • Posts: 1284

Post 3+ Months Ago

Is Download Accelerator Plus an adware? I thought it brings up ads which are related only to the program window. And that also can be stopped by some tips I found here
http://tweakxp.com/article37278.aspx
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

Take a look a this pages pramitroy.

http://www.infopackets.com/freenewsarti ... pyware.htm
http://www.safer-networking.org/en/arti ... agers.html
http://research.sunbelt-software.com/th ... eatid=4615
  • pramitroy
  • Guru
  • Guru
  • pramitroy
  • Posts: 1284

Post 3+ Months Ago

To speak about performance I can see that DAP is nowhere criticized. But now I am more assured that it contains adware or is adware.
Well, I uninstalled it long ago reading this list by Jim
http://www.ozzu.com/sutra152935.html#152935
But now I can find no free download manager to choose. :(
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

hehe, yeah I know, I felt the same about DAP. I used it a long time too.
  • Byrddog
  • Beginner
  • Beginner
  • Byrddog
  • Posts: 41
  • Loc: New Jersey, USA

Post 3+ Months Ago

free download manager is a decent one and from what my roomate tells me contains no adware. search it on - c-net to find the download.
  • blink182av
  • Guru
  • Guru
  • blink182av
  • Posts: 1258
  • Loc: New York

Post 3+ Months Ago

avast! Self-Cleaner
This tool is made by the anti-virus company "avast!" This will search your whole computer thoroughly. Any viruses that it picks up will be reported to you.

http://files.avast.com/files/eng/aswclnr.exe
  • jona69
  • Born
  • Born
  • jona69
  • Posts: 2

Post 3+ Months Ago

Logfile of HijackThis v1.99.1
Scan saved at 9:13:44 PM, on 12/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ASUSKBService.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Rediff Bol\RediffMessenger.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\jona\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=219.142.40.82:80
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: Underground Toolbar - {CCA00000-0000-0000-0000-000000000000} - C:\PROGRA~1\UNDERG~1\update.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{88D76665-037B-4E6B-9C41-988AF85E15F5}: NameServer = 140.114.63.1,140.114.64.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F32CAD17-6D7A-4BFC-89DE-6F991140D89A}: NameServer = 140.114.63.1,140.114.64.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ASUSKBService.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • pramitroy
  • Guru
  • Guru
  • pramitroy
  • Posts: 1284

Post 3+ Months Ago

I would suggest you to read these before posting HijackThis log
http://www.ozzu.com/mswindows-forum/steps-take-before-posting-your-hijack-this-log-t34568.html
http://www.ozzu.com/mswindows-forum/highjackthis-and-spyware-removal-resources-and-tips-t31034.html

Then please create a new topic, describe in brief about the problem and post a fresh new log(full log along with the header). It is better for many of the cases to take a log in safe mode.

Well, it doesnt show up any potetially dangerous entry. You can fix this instead.
Quote:
O3 - Toolbar: Underground Toolbar - {CCA00000-0000-0000-0000-000000000000} - C:\PROGRA~1\UNDERG~1\update.dll
Though this toolbar removal is under debate but I suggest to delete that
  • littlephoenix
  • Graduate
  • Graduate
  • User avatar
  • Posts: 147

Post 3+ Months Ago

Avast is great yes, but I have found AVG to be a little more friendly, fast and is updated frequently by their servers, you can get it from http://www.softe.org along with other tools for spyware removal and such,
remember to use a firewall, I use Filseclab, its free and gives super protection, you can also get that at softe.org

good luck
  • cnun
  • Novice
  • Novice
  • cnun
  • Posts: 21

Post 3+ Months Ago

try sypwareterminator , i highly recommend it.
  • malaysiamanufac
  • Born
  • Born
  • malaysiamanufac
  • Posts: 3

Post 3+ Months Ago

I am using Spyware terminator and i found it is better than Spybot S&D
  • pearl5
  • Novice
  • Novice
  • pearl5
  • Posts: 28

Post 3+ Months Ago

great link mate! it is the right time to patch my OS!
  • Latindesign
  • Novice
  • Novice
  • Latindesign
  • Posts: 21
  • Loc: Bogotá

Post 3+ Months Ago

Hi!

Well, I've had good results with these two tools:

- SpywareBlaster.
- Spybot S&D.

They're for free, by the way.
Hope they're useful!
  • faith1986
  • Born
  • Born
  • faith1986
  • Posts: 2

Post 3+ Months Ago

Wooow, this is an amazing list!

If you allow me I have another FREE links:

AVG Free Anti-Spyware
PC Tools Antivirus
Infected Or Not
Panda ActiveScan

Cheers
  • jamestcs2
  • Novice
  • Novice
  • jamestcs2
  • Posts: 20

Post 3+ Months Ago

faith1986 wrote:
Wooow, this is an amazing list!

If you allow me I have another FREE links:

AVG Free Anti-Spyware
PC Tools Antivirus
Infected Or Not
Panda ActiveScan

Cheers


Which is better from the list you recommend ? I am finding a free and good anti-virus because I suspect my computer is infected but my current spybot search and destory cannot detect it.
  • bodom321
  • Graduate
  • Graduate
  • bodom321
  • Posts: 141

Post 3+ Months Ago

hi guys, i am one of the new members of this forum and i really like it cause i can share my knowledge with you and i also learn some new tricks.
anyway, i've been reading this threat and is interesting; however, i decided i wanna share some other tricks to defeat viruses, spyware and trojans.

all your tips are very good but sometimes anti-viruses and other programs can get the job done completely, i know this, for i got infected with a program that totally hijacked my computer at work and it did a mess with my computer, eventually i tried to use my anti-spyware (windows defender, ad-aware etc) but none of these tools helped me at all. if you have similar problems to the ones i just described then don't get crazy. try to get as much information as you can from those programs, such as the name of the virus etc, (the most important part to me). and if the location of the files.

this information is really important, for you can get more information from there. so how can you get rid of those programs with that information and a few other tricks. well the first thing i would do is to try to get as much info as i can (like i said) then try to deny your system to access those files. sometimes you can't delete the files that belong to the virus because the system itself is using them. you can try to kill explorer.exe and then try to delete the files from the command prompt, but if you can't then use a program called "UNLOCKER" that program is great to unlock filed that are bing use in your system, after you unlock those files you will be probably be able to delete them without any problems.

if you can't do that then like i said try to deny your system to access those files, so how can you do this, well this is gonna work in windows xp pro and 2003, it is not gonna work in home edition unless you use the command prompt.

to deny access to fiules just go to the the folder options then go to view and uncheck the box that says"use simple file sharing"
that is gonna create a new tab in the properties of all the files in your computer, the tab name is "security" if you know about that is not a big deal but it is off by default in windows. now right click omn the files that belong to the virus or trojan and go to properties and click on the security tab. there you can deny access tyo any user account to that files (not recommended if you are trying to use that for security against other admin users, for they can override that security, for they have admin rights) anyway, there just uncheck the box that allow your system to access those files and check the one that says "deny";likewise, only let checked the box that allow your username to acccess that files.

after you do that with all the files that belong to the virus, just reboot your computer. after that your computer will not be able to access those files because you just denied access to them, then just go to the location of those files and delete them manually. this is a great trick that has worked for me 100%, i figured it out how to do this, when i got infected by a piece of spyware that no antyspyware could delete.

after you do this then, run your antivirus or antispyware to delete the mini files that are not working anymore because you don't have the main files that were infecting your computer, now your antivirus should not have any problems deleting the rest of the files such as registry keys and things like those.

2) another tip i would suggest is to use bootable operating systems such as knoppix or your own bootable cd such as the one that you can create with "pebuilder". PEBUILDER is a great program to create your own windows bootable cds, as you might already know there are many portable antiviruses and antispyware, so you can use them from your bootable cd and delete all the viruses that are in your computer, this will work pretty good because your system is not gonna be using the files, for you are using your system to run your bootable operating system not the one installed in your hard drive. Likewise, you can delete the files manually once you know where they are and the name of them. if you decide to built your windows bootable cd with pebuilder, look for the hundreds and hunderds of plugins for your cd, there are plugins even to create admin accounts in your operating system that is install in your computer, this is great when you can't remember your administrator password or when you wanna bet the password of other accounts in the computer by getting the hashes from your new admin account and cracking them.

another tool you can use is one of those "hiren's versions" that are out there, this is basically the same as having a bootable cd, but the only difference is that "hiren" has the antiviruses included within it, and some other great tools such as poartition magic and some other recovery programs.

another great tool that i love is a progrtam called "sandboxie" http://www.sandboxie.com/

this program is great because it creates a buffer in your computer in which you can run programs, when you run the program in that buffer created by sandboxie, the program is not able to infect, damage or affect your computer. so for instance if you think you might be getting viruses from your internet explorer, you can run internet explorer or mozilla from sandboxie,so that all the coockies, viruses, activex programs, or any other program that think you get from the net throught your browser will be totally delete it when you close sandproxy, all those viruses will go directly to the buffer, so they will never touch your any files in your hard drive. those viruses or program will not have any power on your computer because they are not written in your hard driove, but in the buffer. it is also great to test programs such as viruses and programs that you think are trojans etc.

also try to check what ports are open in your computer, for it can help you to see if you have a backdoor open in your computer, this is not gonna guaranty you don't have a trojan, for they can hide themselves sometimes; however, it will help you to find the ones that are not hiding from you. it is also good to take a snapshot of the processes running in your computer, just open your taskbar and maximize the windows then take a snapshot and save it, then if you see that something is going on wwith your computer then just check that pic that you had of your processes running in your computer and compare the ones that are in the pic with the ones that are running now in your computer, that might help you to see what processes might be affecrting your computer.

if you have a virus that is not letting you use your task manager then don't use the windows task manager, i recomment you use the ones from systernals http://www.microsoft.com/technet/sysint ... lorer.mspx
it is a great program that will give you much more info about all the processes running in your computer, it will also show you a bar that tells you what processes has been using more cpu cycles in your computer. it can also hijack your windows taskbar, so that every times you press ctrl alt delete, it will appear instead of the windows taskmanager.

try to use a good firewall, do not use the one that comes from windows, i also recomment you don't use zonealarm firewall because you will get problems to connect to the internet from times to time. you will have to set many thing to the firewall to work properly in your computer, i recomment you use the comodo firewall http://www.personalfirewall.comodo.com/
it is a great firewall, and creating the rules for it is very easy and does not take a lot of time.
i recommend you block icmp traffic in your computer, with the comodo firewall you can block icmp traffic coming to your computer not the one sleaving from your computer. i say this because i read on the new that new trojans are able to be activated by icmp traffic, which is a protocol not very observed by many firewalls.

if you are really afraid of viruses and trojans, then try to use a user account in your computer, not the admin account. i know this is a pain in the @## but if you want to have admin rights in your computer then just use the "ruin as" command that is given to you when you right click on a program when using a user account, if you don't like that then create a shortcut to command prommt, then open it by using the "run as" command and leave it open while you use your computer, then just type in the your cmd shell the name of the programs you wanna use with admin rights in your computer and command prompt will open them with admin rights without asking you everytime for the password and username.

i also recomment you never use internet explorer, usefirefox with the plugin to block scripts, that is good because you will not have to worry much about java scripts and activex programs running in your computer without you knowing about them.

if i remember more things i will post them, i am sorry if my post is taking so much space, sorry about that.

i hope i was helpful and that my tips can help you at least a little bit to get rid of viruses or spyware in your computer.

cya
  • bodom321
  • Graduate
  • Graduate
  • bodom321
  • Posts: 141

Post 3+ Months Ago

oh sorry , for those with very powerful computer, you might wanna use virtual computer. try to create a virtual computer of windows xp or 2003 with with virtual computer 2007 then use the converter of vmware to convert that virtualc omputer to vmware format, then just use vmware player to use your virtual computer. this is good because anything the you do in that virtual commputer does not affect your physical computer, unless it crashes, it might use more cpu cycles but at least you don't get infected with any viruses. then only probelsm is that if you get a virus in your virtual computer it will be there untill you use an antivirus to delete it, that is not good if you wanna tranfer files from your virtual computer to your physical computer. if you don't weanna have those problems then just create your virtual computer with "virtual computer 2007 from microsoft(free)" and use your virtual computer with that program, just check the box that says undo changes, in the menu. every time you shut down your virtual computer it will automatically delete any changes you made to it, including viruses and trojans and anything like it.

if you wanna use linux then you should use vmplayer. you can't just use linux if you don't have the files to use it. al you need is sa linux iso image and a vmware files to run that linux image, if you wanna have those vmware files you need to get the workstation program created by them; however, you can get them for free in some websites so that you don't have to have the workstation version. i will upload my file so that you can download it, just let me know if somebody needs it so that i can upload it to one of those websites and you can download it.

cya
  • bodom321
  • Graduate
  • Graduate
  • bodom321
  • Posts: 141

Post 3+ Months Ago

no offense man, but this threat was created to be some kind of tutorial for people, not to post your problems but your solutions and suggestions. if you have a problem with your computer, then create a new threat
  • spork
  • Brewmaster
  • Silver Member
  • spork
  • Posts: 6299
  • Loc: Seattle, WA

Post 3+ Months Ago

halen wrote:
no offense man, but this threat was created to be some kind of tutorial for people, not to post your problems but your solutions and suggestions. if you have a problem with your computer, then create a new threat

No offense either, but it would be nice if you'd start spell-checking your posts before you submit them.
  • bodom321
  • Graduate
  • Graduate
  • bodom321
  • Posts: 141

Post 3+ Months Ago

jesus, didn't know i had to know how to spell and a little about computers before giving tips and suggestions.

sorry, i guess i should type my posts in microsoft word and use the spell-checking thing, then post huh?

thanks for the tip
  • ajuisonline
  • Born
  • Born
  • ajuisonline
  • Posts: 1

Post 3+ Months Ago

i have a problem of some adware,spyware attacked my PC ,i got all my files hidden and when i open taskmanager ,run: regedit,cmd ..it automaticall opens..i got a suggestion from webmaster that to download HIJACK THIS ...and i have done..and here is my log file copy, please get me out of this..i woill be very much thankful to you.



Logfile of HijackThis v1.99.1
Scan saved at 5:51:42 PM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\killer.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\DAP\DAP.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Google\Google Talk\googletalk.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
D:\Program Files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe
D:\WINDOWS\smss.exe
D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Maxthon2\Maxthon.exe
D:\WINDOWS\regedit.exe
F:\smss.exe
D:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\AJUISO~1\LOCALS~1\Temp\Rar$EX00.687\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedbit.com/FinishInstall.a ... InstallVA=
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=explorer.exe, killer.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [googletalk] "D:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Web Video Downloader] "D:\Program Files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe"
O4 - HKCU\..\Run: [Runonce] D:\WINDOWS\smss.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: lsass.exe
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://cache2.vuze.com/files/Azureus_Java_Installer.cab
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
  • spork
  • Brewmaster
  • Silver Member
  • spork
  • Posts: 6299
  • Loc: Seattle, WA

Post 3+ Months Ago

Reboot into safe mode (hold down F8 as the computer is booting up) and fix the following entries using HijackThis:
Quote:
D:\WINDOWS\smss.exe

F:\smss.exe

F2 - REG:system.ini: Shell=explorer.exe, killer.exe

O4 - HKCU\..\Run: [Runonce] D:\WINDOWS\smss.exe

O4 - Global Startup: lsass.exe

O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://cache2.vuze.com/files/Azureus_Java_Installer.cab

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
  • rocketman888
  • Born
  • Born
  • rocketman888
  • Posts: 1
  • Loc: Canada

Post 3+ Months Ago

Hello All:

I am new to threads but I wanted to log on to read what everyone has to say about these pesky spyware and adware issues.

I have a problem and was wondering what the best course of action was to take. I just set up my very first Media PC that links to my Home Theater.
I am using a freshly formated PC with Windows XP Pro just loaded. In my process of installing software......somehow I got nailed with these wierd POPUPS before I had a chance to get my anti-virus software up and running. Even though my pop-up blocker is running I am still getting Ads that pop up now and then for Party Poker, XXX, etc.

Please help. They are driving me insane. I don't want to re-format and start all over again. What programs do you recommend? Everyone seems to have different favorites, but HiJack This sounds to complex for me.
Any suggestions?

You help is greatly appreciated
  • Zeliah
  • Born
  • Born
  • Zeliah
  • Posts: 3

Post 3+ Months Ago

Hi I am new to this forum, but would really appreciate some help. I use Adobe Flash a lot as in everyday, and about a month ago it started to take to long to load, and sometimes the process itself is slow to response to tasks. I checked the processes and found csrss.exe takes up all the resources on certain application when I try to open them up.

I found your forum through the csrss.exe removal, and I've followed the Hijack This instructions. I ran Lavasoft Adaware, Spybot Search & Destroy, TweakNow Regcleaner, Ccleaner, IOBit SmartDefrag. I also installed all windows updates, and removed the spywares listed on Your Hijack This instructions, but to no avail. I ran my HijackThis log on the http://hijackthis.de/en. and found two Mprage.exe and an old button for Paltalk.exe and fixed those. I am hoping you can take a look at my HijackThis log, and offer some advice. Thanks in advance.

http://hijackthis.de/logfiles/ca7f84838 ... 3c38b.html
  • spork
  • Brewmaster
  • Silver Member
  • spork
  • Posts: 6299
  • Loc: Seattle, WA

Post 3+ Months Ago

Hi Zeliah -- please start a new topic here in the Windows forum, and post a fresh HijackThis log directly into the topic. Someone will look at it from there.
  • lajocar
  • Proficient
  • Proficient
  • User avatar
  • Posts: 272
  • Loc: South Africa

Post 3+ Months Ago

Great tips guys

Who uses Microsoft free spyware remover tool?
  • Craig_85
  • Newbie
  • Newbie
  • User avatar
  • Posts: 8

Post 3+ Months Ago

Now a days browser hijacking has become a major problem. There are lots of Anti Spyware Software available, but most of the programs itself is a Spyware. So we've to be cautious while installing those programs, "Hijackthis" by TrendPc is the best free Anti Spyware Software available in the internet.
  • Allwyna
  • Novice
  • Novice
  • Allwyna
  • Posts: 20

Post 3+ Months Ago

I have recently installed superantispywre, and it removed a lot of spyware from another so-called antispyware........

I had Hijackthis, but it is too complicated, so I removed it.
  • Mr OBrien
  • Graduate
  • Graduate
  • User avatar
  • Posts: 191
  • Loc: down a creek without a paddle

Post 3+ Months Ago

halen wrote:
jesus, didn't know i had to know how to spell and a little about computers before giving tips and suggestions.

sorry, i guess i should type my posts in microsoft word and use the spell-checking thing, then post huh?

thanks for the tip


What do you mean? Goto post advance reply and Right click and select spell check this field.

By the way i use Norton and i recommend it.
  • susanqy2
  • Newbie
  • Newbie
  • susanqy2
  • Posts: 10

Post 3+ Months Ago

I have just deleted my search and destroy. It couldnt rid me of all the spybots I want.
  • paul8368
  • Novice
  • Novice
  • paul8368
  • Posts: 27
  • Loc: UK

Post 3+ Months Ago

MOC wrote:
This is ScumWare : I will keep this updated this is dated 09/20/04
this is software that is not what it says it is ,and this is the most recent list.

Instead of removing spyware, they install it. Some will even attack whatever genuine protection your computer may already have, leaving it wide open to hackers, viruses, spyware and every other kind of malware imaginable.

Worse, trying to remove the scumware in the usual way can often result in even more spyware being installed, so if you have installed anything on this list, please get some advice before trying to remove it.




Interesting list makes me a bit worried about freeware I've been using

superantispyware and malwarebytes

How can I tell if they are for real or if they are "scumware"
  • Zenislevs
  • Born
  • Born
  • Zenislevs
  • Posts: 3

Post 3+ Months Ago

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:08 PM, on 2/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\VSTASCAN\vsaccess.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://stats.garena.com/clientinstall.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local; http://192.168.0.150:918
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\PC\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6115 bytes
  • phamornmi
  • Born
  • Born
  • User avatar
  • Posts: 3

Post 3+ Months Ago

thanks for useful info.
  • phamornmi
  • Born
  • Born
  • User avatar
  • Posts: 3

Post 3+ Months Ago

- I have used AVG Anti Virus, Comodo Pro Firewall, I have recently added superantispyware and Malwarebytes. They are all free for personal use and I have had no trouble with Viruses Trojans Hackers etc. They can all be downloaded from http://malware-virus-spyware-remover-to ... gspot.com/ Online Armor Free is good and is fairly easy to use.
  • rafchris1993
  • Newbie
  • Newbie
  • rafchris1993
  • Posts: 9

Post 3+ Months Ago

Hi there, i have the same problem, i have 2 csrss.exe files one in:

C:\windows\system32

AND

C:\windows\servicepackfiles\i386



which one should i delete?
  • rafchris1993
  • Newbie
  • Newbie
  • rafchris1993
  • Posts: 9

Post 3+ Months Ago

If anyone has a answer to my question could you please email me (chris-muldoon4@hotmail.com)
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

don't delete either. They are both legit.
  • rafchris1993
  • Newbie
  • Newbie
  • rafchris1993
  • Posts: 9

Post 3+ Months Ago

Ok thankyou, but everytime i start my computer it comes up with cant find csrss.exe how do i send pictures on here? i will try to send you a picture of the problem. Thankyou very much.

Chris.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

Follow the directions here
mswindows-forum/steps-take-before-posting-your-hijack-this-log-t34568.html

And post a log in a New Post. Please don't post the log in this thread. Also for easy reference, summarize the problem you're having so we don't have to bounce back and forth between two threads.

If you can post the picture somewhere on the internet you can link to it in your post.
  • charmforever81
  • Newbie
  • Newbie
  • charmforever81
  • Posts: 6

Post 3+ Months Ago

Hi All,

I have this warning message coming from my Kaspersky Anti-virus s/w over and over again.Seems like it can't kill that virus.

Object:
C:\WINDOWS\system32\drivers\xeizi.sys

Virus:
Rootkit.Win32.Agent.aagg

I tried to go to above mentioned directory and delete it manually. But it says "Cannot delete xeizi:Cannot delete from the source of the file or disk"

I'm using Microsoft Windows XP Professional Version 2002 SP2. And also i'm not very much familiar with computer stuff.

Highly appreciate if you can help me with this issue.

Thanks.
  • dabbler603
  • Newbie
  • Newbie
  • dabbler603
  • Posts: 8

Post 3+ Months Ago

A great easy fix I have found is to follow the pros I have gone onto computer magazine websites and searched what they said I recently had a problem with a virus that had infected my entire home network so I found some articles try to go to for example maximumpc and search virus. I followed the different tools they use and they ridded all of the viruses on my systems. Don't try to remake the wheel just see how other people have made the wheel work and follow suit. I found one of my favorite programs was superanti spyware free edition. This worked well for me and works on a donation system! I also think the newer the article the better because these hackers are constantly making new viruses that will find a way around old systems.
  • kappa84
  • Born
  • Born
  • kappa84
  • Posts: 4

Post 3+ Months Ago

Post a hijackthis log, maybe we could help you further charmforever.
  • navidimran
  • Graduate
  • Graduate
  • navidimran
  • Posts: 142

Post 3+ Months Ago

It is better that you manage yourself a better Ad Ware and also a quality anti-virus software like Kaspersky.
  • StepWill
  • Novice
  • Novice
  • StepWill
  • Posts: 18

Post 3+ Months Ago

You can try these tools to try to remove infections:

Marlwarebytes at Malwarebytes(dot)org
SuperAntiSpyware at superantispyware(dot)com

Or search for antivirus live cd. And you will have some bootable options to scan your pc before windows start, making this safer than when windows is running.
  • coronaadvances
  • Born
  • Born
  • coronaadvances
  • Posts: 1

Post 3+ Months Ago

I have a "adserving.cpxinteractive" issue. couldn't find a solution yet.
  • nabuko
  • Born
  • Born
  • nabuko
  • Posts: 1

Post 3+ Months Ago

help please i have avg right now scanning but im not sure i still have that no opening task manager issue and i think its linked with this virus locking my computer saying its a agent or something but fake pla help :(

Post Information

  • Total Posts in this topic: 66 posts
  • Users browsing this forum: No registered users and 23 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2016. Ozzu® is a registered trademark of Unmelted, LLC.