Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware\spyware removal


  • Please log in to reply

#1
Theprem

Theprem

    New Member

  • Member
  • Pip
  • 1 posts
I`ve finalized the first steps. But I`me having troubble installingb SP1a. The process holts after downloading possible security updates (9 updates) and refusees to install them forr some reason. Hope you have some clue of how to help me.

Original problem:
This add (red and black) for a securitycompany (smart security) hijacked my desktpop background and genereal appereance.
After checking the companypages, this add proved to be illegeal, and smart security are trying to help people remove it. I`ve manged to get my general appereance back (icons ), but the add still stays. The companypages also offered an expanation of how to remove the add manually (the first was a download), I haven`t tried this yet.

This add also visits me as a popup-window, how nice of it tio care. In addition I`me bothered with to popups; adslim(something) and dosearch (something), both offering me spyware removal.

In my quest for removing theese pests I`ve disvovered some interesting automatic startupprocesses, you know - the ones that`s not supposed to be there. I elimenated one of them (service host), but I`me unable to elimanate the other to that seeme suspicious (they also seem to be connected some how). When I try to delete them they seem to regenerate. I`ve identified theese as TBPS and WinTools. After googling them of I found out theyre supposed to be really har to get rid of.
I`me not sure if theese processes are directly connected to the adds.

Anyway like I said, I`ve run the programs you suggested, they all identified and eliminated quite an amount of files. They all left some intact to, unable to do anything. TDS3, as the last step I`ve completed, gave me a list og files that seeme suspiscious somehow. However, since I`me only a geek in a non-computing fashion, and generally afraid of what my computer can do to me, I`me not sure what to do with this list. I`me posting it below.

This concludes everything I know about my problems, hope you can help me.

TDS3 scan:
Scan Control Dumped @ 14:39:08 12-04-05
Positive identification <Adv>: Possible keylogger
File: c:\windows\bpo.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\dpc.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\ncf.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\dkh.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\uji.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\itr.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\goq.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\hvj.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\oln.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\vps.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\sfn.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\tac.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\csh.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\pjg.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\qmh.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\lln.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\ilb.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\fit.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\kom.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\iao.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\plt.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\cvk.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\hlg.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\hhh.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\tgh.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\vbi.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\dcn.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\prt.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\iuc.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\ovs.exe

Positive identification <Adv>: Possible keylogger
File: c:\windows\system32\vqm.exe

Positive identification: Riskware.Tool.Exporun
File: c:\program files\toolbar\iexploreskins.exe

Almost forgot to mention, a searchpage has bloced my startpage in explorer - and I`me unable to change it: http://searchmeup.co...dex.php?aid=186

On top of everything I`me not able to run hijackthis, it encounters an error and haas to shut down...

Edited by Theprem, 13 April 2005 - 09:03 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP