IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

help spyware is all over my computer

998 Views 10 Replies 2 Participants Last post by imc1976, Jan 20, 2005

imc1976

Discussion Starter · Jan 19, 2005

Hi,

I was researching some medication that my mother had to take, and i got a message from semantic saying that a trojan horse virus was detected. Now i have a bunch of applications running on my pc, and i can't get them off. I have run ad aware, spybot search and destroy, and buster report, and the programs keep coming back. I also end up having my start page switched to "home search assistant" and I keep getting pop ups that say "only the best" My log form hijack this is as follows:

Can any one help?

Save

Status: Not open for further replies.

1 - 3 of 11 Posts

mjack547

· #2 · Jan 19, 2005

Welcome to TSG

Go to http://majorgeeks.com/download3155.html and download 'Hijack This!'.

First make a folder on your computer in my documents called Hijackthis and then Unzip it to that folder.
Then doubleclick the Hijackthis.exe.

Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.

Someone here will be happy to help you analyze the results.

See less See more

Save

mjack547

· #4 · Jan 19, 2005

Download and unzip or install these programs/applications if you haven't already got them. If you have them, then make sure they are updated and configured as described

CWshredder from http://www.subratam.org/?page=removal
Spybot - Search & Destroy from http://security.kolla.de
Download Adaware SE http://www.lavasoftusa.com/support/download/

then
Run CWSHREDDER,

Close all browser windows, click on the cwshredder.exe then click "FIX" (Not "Scan only") and let it do it's thing.
and make sure you have all of Microsoft security updates

then reboot &

Run Sybot S&D

After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server

Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.

then reboot &

Run ADAWARE

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

From main window :Click Start then under Select a scan Mode tick Perform full system scan.

Next deselect Search for negligible risk entries.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Restart your computer.
then post a new hijackthis log

See less See more

Save

mjack547

· #5 · Jan 19, 2005

Go to control panel, add/remove programs and remove this

180Solutions (or 180Search)

Than

Run hijackthis and fix the following items. Be sure all windows are closed except for hijackthis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zydwq.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zydwq.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zydwq.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zydwq.dll/sp.html#28129
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {ECFDC5BB-22C0-BB52-174D-50C3A13C509D} - C:\WINDOWS\system32\apicm.dll

O4 - HKLM\..\Run: [A.tmp] C:\DOCUME~1\ICOUGH~1\LOCALS~1\Temp\A.tmp.exe 3 28129
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\system32\tibs3.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [HG6d] C:\WINDOWS\luofno.exe

O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com

O16 - DPF: {9F9264A2-BC41-4A06-9FA1-BF264DB0AAD9} (BackWeb Lite Install Runner) - http://sznyc008.adjoined.net:81/web...iguration-1.cab

O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\PROGRA~1\QUESTS~1\TOAD\RNetPin.dll

Reboot to safe mode and delet these

C:\DOCUME~1\ICOUGH~1\LOCALS~1\Temp\A.tmp.exe 3 28129
C:\WINDOWS\system32\tibs3.exe
c:\program files\180solutions\sais.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\luofno.exe

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer.

When you are sure you are clean turn it back on and create a restore point.

Reboot and post a new hijackthis log

See less See more

Save

1 - 3 of 11 Posts

Status: Not open for further replies.

Top Contributors this Month