View Full Version : It Just Will Not Die!
{%shellshock%}
07-09-2004, 05:29 PM
Image Resized
Image Resized
[img]http://img49.exs.cx/img49/8787/spy.jpg' width='200' height='120' border='0' alt='click for full size view'> (http://img49.exs.cx/img49/8787/spy.jpg)
Iv try'd every spyware removel i can think of.The only thing that seem's to get rid of it is Hijackthis but a few day's later i just come's back.Eny help please.
[B][O][T]
07-09-2004, 05:35 PM
Use the search....there's lots of topics about this.
And don't use IE :rolleyes: :rolleyes:
BOT
{%shellshock%}
07-09-2004, 05:40 PM
Thanks for your help. :)
sparsely
07-09-2004, 05:59 PM
Originally posted by [B
[O][T],9 July 2004 - 12:43]Use the search....there's lots of topics about this.
And don't use IE :rolleyes: :rolleyes:
BOT
FIREFOOOOOOXXXXXXXXXX!!!!!!!
:D
Ariel_001
07-09-2004, 06:22 PM
Originally posted by {%shellshock%}@9 July 2004 - 13:37
Image Resized
Image Resized
<a href='http://img49.exs.cx/img49/8787/spy.jpg' (http://img49.exs.cx/img49/8787/spy.jpg) target='image'>Image Resized
Image Resized
[img]http://img49.exs.cx/img49/8787/spy.jpg' width='200' height='120' border='0' alt='click for full size view'> (http://img49.exs.cx/img49/8787/spy.jpg)</a>
Iv try'd every spyware removel i can think of.The only thing that seem's to get rid of it is Hijackthis but a few day's later i just come's back.Eny help please.
ok..
I beleve Hijackthis has the option to show a log of your computer`s state of something like that. Can you post it?
{%shellshock%}
07-09-2004, 07:55 PM
Logfile of HijackThis v1.97.7
Scan saved at 12:06:12 PM, on 7/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\robert\Desktop\Files\Hold\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\robert\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\robert\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\robert\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\robert\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\robert\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\robert\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {9964B2EF-BEA6-4B88-940D-A27310F9BF3B} - C:\WINDOWS\System32\pcl.dll
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab (http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab)
Ariel_001
07-10-2004, 10:45 AM
Ok there are some thing that would worry me for sure.....
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\robert\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\robert\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\robert\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\robert\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\robert\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\robert\LOCALS~1\Temp\sp.html
All that points to your %temp% folder and is all the same file. Delete it
Also this would worry me...
BHO: (no name) - {9964B2EF-BEA6-4B88-940D-A27310F9BF3B} - C:\WINDOWS\System32\pcl.dll
Rastapopoulos
07-10-2004, 12:18 PM
Yes what Ariel said, delete them all.
muchspl2
07-10-2004, 12:57 PM
http://members.cox.net/ot_space/spyware.jpg
[B][O][T]
07-10-2004, 01:29 PM
:rolleyes: lol yeah, it's getting more and more common now....
Use Firefox and You'll be safe :)
BOT
{%shellshock%}
07-10-2004, 03:47 PM
Alright im going to use firefox from now no.this browser just get's hijacked too much.Thanks for your help :)
[B][O][T]
07-10-2004, 04:04 PM
:beerchug: congrats :)
BOT
Ariel_001
07-10-2004, 04:23 PM
Originally posted by muchspl2@10 July 2004 - 09:05
http://members.cox.net/ot_space/spyware.jpg
OMG. This is what happends when you click yes to every Activex install question.
If you did that I am afraid no browser can help you. (spyware attacks firefox too).
{%shellshock%}
07-10-2004, 04:40 PM
Originally posted by muchspl2@10 July 2004 - 13:05
http://members.cox.net/ot_space/spyware.jpg
:lol: :lol: :lol:
muchspl2
07-10-2004, 09:02 PM
try to do a search, all the tool bars have a fight for the re-direct
Powered by vBulletin® Version 4.2.3 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.