Spamware??

[ashishsinglaca]

Since the last 2-3 days, whenever i search for something in google and click on any link of google search results, it invariably opens a site called hotwebfinder.net and hrena.com. I cant view the results i am looking for 

 I think this is Spamware or spyware or virus ..watever.

I have scanned my laptop with the most updated Symantec Anti Virus software. but Nothing happened.

Can you tell me how to handle the problem?

[CBMatt]

Looks like you've got yourself a search hijacker.  You need to be careful when using the internet.  Keep in mind that Symantec doesn't tend to provide the best protection.  Download CounterSpy or AVG Anti-Spyware and perform a full scan with either and remove/quarantine whatever comes up.  That should clear it up for you.  If not, further instructions will be provided.

[patio]

And do the above while dis-connected from the web with System Restore turned off...

[CBMatt]

And do the above while dis-connected from the web with System Restore turned off...

Right, I left that bit out.  I would also suggest doing the scan(s) in Safe Mode.

[ashishsinglaca]

Hey thanx for your suggestions. I had already done the latest AVG Anti Spyware Scan before i read your reply (without disabling system restore and and it brought out approx. 35 hijackers/spywares. )

Ill do it now the way you told me. But though AVG had deleted so many spywares, Still my laptop seems to be badly infected. It opens google site on its own (even after resetting it to 'use blank' in the internet explorer)

I think you need to tell me further course of action!!

[dl65]

ashishsinglaca ..... In addition to what has already been mentioned above ,
it might be a good idea to......
1. Download Ccleaner from here...... http://www.filehippo.com/download_ccleaner/ 
Note.... Do not install the yahoo toolbar.....
2. Set your laptop up to show hidden files and folders.  go into control panel/folder options/View tab ........ in the advanced settings , scroll down until you see show hidden files and folders, put a mark in front of it and then click apply and ok.
Configure ccleaner as outlined here.......
http://www.computerhope.com/forum/index.php/topic,22078.html
run the cleaner part of the program..... ( the brush icon ) it is completely safe to remove anything ccleaner lists.
Once you have removed what the cleaner portion has found ........ click on the Issue icon ( it's right below the cleaner icon) dont forget to backup when asked to do so ......... then click scan for issues......... ( once its finished ) click on fix selected .    Run ccleaner in the normal mode .......

Now you can reboot into safe mode and run the scan using your anti-virus and then run a full scan again using AVG Anti-spyware.

After these scans are complete and you have removed anything found, reboot back into normal mode and see how your machine is ..........
If it is still being redirected , d/l hijackthis    http://www.majorgeeks.com/download3155.html     ( I would create a folder for it on your desktop )  ...once its installed , open it up and do a scan and save the log file ........ then post the logfile here in your post and we should be able to offer what to do next.   ***Don't remove anything using hijackthis until you are told to do so ***

dl65 

[ashishsinglaca]

Even after running the Ccleaner, still the problem persists. So here I am posting the log file created by Hijack this ( I understand that it is a very potent software - able to make or destroy the system)

Kindly, guide as to further procedure of cleansing my system :

Logfile of HijackThis v1.99.1
Scan saved at 7:54:22 PM, on 4/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

[ashishsinglaca]

i downloaded another anti spyware - Spyware Doctor which has scanned and listed out 33 infections on my laptop which categorises the infections under 3 heads -

1.Tracking cookies ( 2)

- doubleclick.net/doubleclick.net
- tribalfusion.com/tribalfusion.com

2.Advertising Cookies (1)

- overture.com/overture.com


3.Trojan.PWS.Transpy ( 30 infections) High Risk

It shows the register keys, registry value and file - ipv6mons.dll

I tried to delete the abovementioned .dll file but i couldnt delete it. Moreover i thought it would be better to go seek expert counsel here. I compared the registry keys with the 'hijack this' log report, but i could find nothing in common .

Anyway, hoping that it throws more light on my already aggravated problem.

[dl65]

ashishsinglaca .....  Before we proceed...... I need to know .......
1. Do you have the system restore turned off ?
2. Do you have the machine set to show hidden files ?
3.  Did you d/l and install the latest version of ccleaner ?
Did you run both the cleaner and the issues functions .......from the normal mode ?
I ask because the cookies should have been removed by it ...and they are still there.
4. Did you update your anti-virus and run it in Safe mode ?
Did it find anything ?
5. Did you update AVG anti-spyware before running it in safe mode ?
Did it find anything.

Trojan.PWS.Transpy ( 30 infections) High Risk
It shows the register keys, registry value and file - ipv6mons.dll

  You say you tried to delete this..... How did you attempt to delete this entry ?
Just so you know, running ccleaner wasn't supposed to remove the issue, but simply remove a lot of not required crap.  ( you did remove all it found didn't you ?)

let us know and we can proceed.

dl65 

[ashishsinglaca]

My replies :


1. Yes, System restore turned OFF
2. Yes, Machine set to SHOW hidden files
3. Yes, d/l latest version of  Ccleaner
I did run both cleaner and issue functions from the normal mode.
I dont know why the cookies are still there.
4. Yes i did update my Symantec anti virus and ran it in safe mode. it found nothing.
5. Yes, i did update my AVG anti spyware before running it in safe mode. It didnt find anything.


Yes a lot of crap as listed by Ccleaner was deleted by me (I think you had asked me to trust on that)

I tried to delete the ipv6mons.dll by following the path as listed in the Spyware doctor C:\Windows\System 32\ipv6mons.dll . It said it is being used by another program etc. and hence cannot be deleted. I also tried to delete the cookies manually by following path C:\ Documents and Settings\ ashish.singla\ cookies but to no avail.

Lemme know how to proceed further. Thanx

[patio]

DLoad and run the following in safemode...

Here

Then post a new HJT log.

A few of the nasties you have are tricky little........

[ashishsinglaca]

Now the bludi sypware dosent even let me connect to the net. Lemme try and get back!

Im using another laptop for the time being.

[dl65]

ashishsinglaca ....... What type of connection are you using ? Dialup, Cable or ADSL ?
Can you possibly D/L and install spybot ........  http://www.tucows.com/preview/310138   once it's downloaded , get the latest updates and then run a full scan....... If it finds anything , record what it finds and then fix the found items.
Please post a fresh hijackthis logfile......... the old one is several days old.

dl65 

[ashishsinglaca]

Thanx a lot IT whizs -  dl65 , Cbmatt and Patio for your valuable help. I think my system got cured after downloading almost 6 anti-spywares but the real solution came only after running spybot and Super antispyware. (What is the real test that my system is cured?? My previous problems are all cured!!)

Kickass!! keep up the good work.

As of now the computer is not behaving spooky.

One last is question is out of all these softwares which one should i keep running on my system (i already have a dump of all of them) - spybot, spyware doctor, Avg antispyware, Ccleaner, Hijackthis, super antispyware and symantec anti virus.

[dl65]

ashishsinglaca ......  Glad to hear that your machine is back to normal.......
Now then ....what software to keep and use on a regular basis.......

I would suggest the following:

ccleaner ....... I would run a scan with the cleaner part, several times a week ......

Spybot ......... check for updates once a week and then run a full scan.

Your anti-virus program, whatever your using, be sure and check for updates regularly....... also make sure it's configured to monitor : mail in and out , all internet downloads and all instant messenger services.  I woud run a full scan at least once a week.

AVG antispyware........ remember that after the 30 day trial is over it still works as a manual scanner ....... so remember to update it on a regular basis. Run it at least every 2 weeks , more often if you notice things not right.

hijackthis ..... I would definately keep this one as it is a good indicator of whats going on in your system........ It won't find everything, but is very good.

You asked about how do you know if your system is clean now.......... run a scan with hijackthis and post it here ........

You should also remember that there isn't currently any one program which will do it all. Thats the reason for using more than one program.
Re anti-virus programs...... You should only have one active anti-virus program.  It's ok to have several installed, as long as only one is active.


dl65