Computer Hope
Software => Computer viruses and spyware => Topic started by: Aidan Colyer on November 03, 2005, 06:52:27 AM
-
Right this problem is quite difficult to describe but i will try my best!!
The basic problem is that everytime i open internet explorer it always takes me to www.syserrors.com and says that i need to download spyware protection.....
When this first happenend i forgot i had Adaware so downloaded a trial which was fine and i got rid of loads of spyware (didnt pay i just surfed my comp looking for the files and deleted them) this worked well and then problems started.......
It kept asking me to buy the product i didnt want to so i uninstalled it .... well i thought i had........ it still didnt get r id of the syserror page sooooo now remembering i had adaware i used it it helped me find a lot of files and some stuff in the registry which i deleted and now my computer apart from the internet is fine.
The syserrors page tells me i have someone trying to hack into my computer so i downloaded Zonealarms firewall this however has had no effect. I also occaisionally get adverts popping up bt t hat is rare what i do get is a flashing warning triangle on my task bar. This gives my the helpful your computer is infected with spyware (OHPE: ver4.12_23) but if i click on this it takes me to the download spytrooper website. The page that first comes up in my browser is a security centre page and the icons only appeared on my desktop for this when the problem started.
Help would be much appreciated....
PS. i downloaded firefox to use instead which works but only slowly and i need to get rid of the real problem.
-
ok, sounds first like you have some adware/spyware on the computer. Download adAware free from download.com and run it. Also get spybot from there and run it. should get rid of the crap.
Then to change your home page, go to tool > options and type in the name of the home page you want. click apply and ok at the bottom of the page. Hopefully this will solve the problem.
-
You may want to run your scans in safe mode also.
-
Have tried the scans many times the only thing that wont go is PSGuard.com in my registry. Its the licence that wont let itself be deleted!! how do i put a screenshot into the post because i think that would help a lot!
-
Download Hijack This and post the log file and someone wise will examine it.
http://www.majorgeeks.com/download3155.html
-
Google returned 84700 results for PSGuard, I suspect most of them were about removing it.
-
When this first happenend i forgot i had Adaware so downloaded a trial which was fine and i got rid of loads of spyware (didnt pay i just surfed my comp looking for the files and deleted them) this worked well and then problems started.......
It kept asking me to buy the product i didnt want to so i uninstalled it .... well i thought i had........ it still didnt get r id of the syserror page sooooo now remembering i had adaware i used it it helped me find a lot of files and some stuff in the registry which i deleted and now my computer apart from the internet is fine.
This does not sound like Ad Aware which you get at
www.lavasoftusa.com/software/adaware/
This sounds like some bogus adware removing program that is tryint to sell something. I have never seen AdAware do a strongarm for sales. Did you maybe pick this up?
http://www.noadware.net/?hop=wintech
That might be part of the problem, and not a solution at all. They seem more than happy to sell you something, but it is NOT Ad Aware, that we all know and love.
-
Logfile of HijackThis v1.99.1
Scan saved at 00:57:42, on 06/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\BELKIN USB Wireless Monitor\WLanCfgG.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\System32\nvctrl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Network Associates\VirusScan\mcconsol.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
-
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.computerhope.com/
O2 - BHO: HomepageBHO - {e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd} - C:\WINDOWS\System32\hp1FCB.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Getca] C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gba2218.exe
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-
Right ive done the scan thing and above is the logfile have fun!!
-
Find & delete mssearchnet.exe
05.11.2005 - mssearchnet.exe is registered as the Generic Downloader.aa and Trojan.Zlob.D Trojans. This process usually comes bundled with a virus and it’s main role is to do nothing other than download other viruses to your computer. It is a registered security risk and should be removed immediately.
Run Hijackthis & mark for removal...
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gba2218.exe
O18 - Filter: text/html - (no CLSID) - (no file)
Download, update & scan with Ewido.
-
Ewido keeps "deleting" the same stuff the PSGUard licence just wont go and everytime i delete msserchnet.exe it comes back!!!!!
-
If worst comes to worst have you got the original Windows or recovery CD to reinstall? :-/ :-/ :-/
-
I have finally got rid of mssearchnet.com which is good however Ewido can only delete the licence but is having trouble with the folders for PSGuard.com and as such the licence doesnt get deleted in the end!!
I could just use firefox i spose lol. And yes i have all disks needed handy! always have done since my last hardrive got fried and i put a new one in!!
-
i think i kno why it isnt working i need to delete the files from the other end when i use Ewido is there any way i could do that?
ie. licence first
-
This might sound like a stupid idea but seen as the file is broken (the PSGuard licence) if i downloaded it again then when the file was ok deleted it dya reckon thatd work?
am grabbing at straws now.
-
If worst comes to worst have you got the original Windows or recovery CD to reinstall? :-/ :-/ :-/
What about this? ::) ::) ::) ::) Seems like we're not making much progress.
-
Have you tried running Ewido in safe mode?
-
Aidan Colyer..... You hijackthis log indicates your using an older version of IE .....and you haven't got SP2 installed ........you should consider D/L SP2 as it has some very good features ......and then you could D/L antispyware Beta ......... http://www.microsoft.com/athome/security/spyware/software/default.mspx
dl65 ::)