AHH!! My computer is infested with Spyware!!!

[chuyler1]

I don't know how it happened. I have an air tight firewall, I'm running Antivirus Software, I use a popup blocker, and I never, NEVER, click "OK" when a website asks to install something.

It all started yesterday sometime when I got this suspicious Windows Dialog that asked me if I want to upgrade my tool bar...I closed it and it came up a few minutes later. I was trying to view some images on this forum when my browser kept locking up. I got tired and manually shut off my computer.

I booted it up this evening and the first thing I saw was that dam tool bar dialog...wtf. So I close it and then 2 minutes later IE windows start poping up like crazy. I checked the task manager and found some odd things running, tried to find out where they were installed and some were in the Windows Folder. I"m very hesitant about deleting things in the Windows Folder so I held off. I checked msconfig and found a bunch of wierd stuff there too. I didn't know where to begin to get rid of everything.

...oh s***, here they come again...hold on...

Ok, man, so I just downloaded SpyHunter and already it has found over 100 cookies, registry entries, and files...and its only 10% done. It put a bunch of stupid links on my desktop (at least I don't remember them being there before I installed it..but then again, my computer is infested with spyware) but if it gets rid of all this crap I'll be sold on the product. It looks like most of the stuff belongs to a program called WinActive.

This sucks...I am so carefull...I have no idea how this happened.

...
...

AHH ******* FREEWARE. It finds everything for you but you have to buy it to remove the stuff...**** that s***...I'll go and remove them myself.

 

[element.8]

i highly recommend you run adaware and spybot search and destroy, also.


adaware seems to catch almost everything, but spybot finds the little stuff most of the time.

they're both much much better than spyhunter.

 

[ND4SPEED]

Two best popup detectors and get ridders
Ad-aware = http://download.com.com/3000-2094-10045910.html?legacy=cnet
Spybot = http://download.com.com/3000-2144-10194058.html?tag=lst-0-1

 

[chuyler1]

Running Ad-aware now

 

[Wiggles6983]

as already stated, spybot and adware, adware is my fav though, and free for life

 

[chuyler1]

spybot found a bunch of stuff that adware missed...but I'm sure you knew that. Thanks guys.

 

[MisterT]

what about window washer trial version? It's under www.windowswasher.com

 

[noclue119]

what about window washer trial version? It's under www.windowswasher.com

best one is adware6.... its free and good... as for toolbar thingy u might of gotten it when it was bundled with ur other programs i.e morphous or gator.

 

[shinzen]

Couple of good programs mentioned there- reminds me, somehow I wound up with a damned virus about 2 days ago, it kept shutting down my pc for me- something about windows network authorization- fortunately I had enough time between shutdowns to hit http://www.antivirus.com and use the free online scan- they are always up to date with the new virus definitions if you don't want to pay for norton or mcafee.

 

[chuyler1]

I like to be more pro-active than re-active when it comes to viruses. A real-time scanner is the best way to do this so any file that enters your system is scanned before it can do any damage. You don't get that unless you purchase McAfee, Norton, or any other AV software.

Spyware is anoying but in most cases, it doesn't affect your daily routines and it never corrupts your data (if it did it would be a virus). Granted the rest of the world might know you are searching for used women's underwear on ebay...but at least your mp3 collection is safe.

DISCLAIMER: I have never searched for used women's underwear on ebay...that was merely an example to prove a point.

 

[chuyler1]

best one is adware6.... its free and good... as for toolbar thingy u might of gotten it when it was bundled with ur other programs i.e morphous or gator.

Never installed either of those. I'm pretty sure it traces back to a website I was visiting that asked if I wanted to install a flash plug-in. After saying no a few times I finally clicked yes but nothing happened. I think I was trying to send my sister an Easter e-card at the time. I think the toolbar was part of WinActive.exe, which was placed in my startup items. It didn't come up until I rebooted. There were also tons and tons of links in my favorites folder that I didn't make. It took me a while to weed out the ones that weren't mine.

 

[MSPinVA]

Actually you should d/l Spyware Blaster from www.javacoolsoftware.com if you are pro-active about spyware. It tells the computer NOT to install any of the programs that it lists and NOT to visit any of the websites it has listed. We use it here at work and it saves me a WHOLE BUNCH of headaches. Then we use Spybot S&D to mop up what gets through.

 

[MP3TLH]

I keep having something take over my browser for the last two weeks. It resets my homepage to a search engine to search-find.com or something like it and retypes any URL I enter by adding extra letters and "/" throughout the URL. Adware 6 and spyhunter can't find it. I am using Zone Alarm firewall, so I am limiting the info going in and out of my computer. Anyone else have this problem and know how to get rid of it??

I'm not a L33T haX0r, so please repond in english.

 

[MSPinVA]

spybot search & destroy will fix it..... go to download.com and download the latest one (its free). When you first load it, make sure you go start it in "advanced mode". Download all the updates and tell it to check for problems. After it's done, go to the immunize page and at the bottom there should be a box for IE options. Make sure its set to "block pages silently" and "lock IE start page" and "lock Hosts file as read only" are checked. That should fix everything right up for you.

Or you could use Opera or Mozilla instead (2thumbs)

 

[chuyler1]

WTF!!! I keep getting stupid popups and I can't figure out where they are coming from!!!! Something is slipping through both Ad-aware and Spybot.

 

[shinzen]

free surfer kicks ass- free download and install- use it!

 

[Mr. Win]

forget man its over for your computer the best thing to do is shot just like a horse. Stop visiting porn so often and it will cut back on some of it.

 

[Moeed]

sure fire help will come from the following.

Get hijackthis and scan and post your log. Ill be able to tell ya what you should check and remove.

 

[chuyler1]

Logfile of HijackThis v1.97.7
Scan saved at 11:35:21 PM, on 4/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\eTrust Antivirus\inoweb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM+\AIM+.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Silicon Image\SiICfg\SiICfg.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\MSI\PC Alert 4\CoolerXP.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Avant Browser\abrowser.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\chuyler1\Local Settings\Temporary Internet Files\Content.IE5\OHEJ85MV\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = caproxy.ca.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 64FORVIEW - {4261EE2B-51A6-6CFC-7735-8D3CBA9241FC} - C:\PROGRA~1\LocksThe\TeamCorn.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Shortcut to CoolerXP.lnk = C:\Program Files\MSI\PC Alert 4\CoolerXP.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: SiICfg.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: ComcastHSI (HKCU)
O9 - Extra button: Support (HKCU)
O9 - Extra button: Help (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/19e9d64f630adc974000/netzip/RdxIE601.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37639.6517013889
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab

 

[chuyler1]

That last one looks fishy.