Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

adclicker generic trojan [RESOLVED]


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you go start > run > and type in regedit if the registry editor appears then close it

Re-run your scan to see if it has gone

If not let me know
  • 0

Advertisements


#17
jotter1

jotter1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
hi there scanned a few times and it didn't come back. however i restarted my pc and it found it once again
  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets clear all your caches then re-run the reg fix, to see if that cures it

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Never had one this stubborn before
  • 0

#19
jotter1

jotter1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
restarted pc after using atf cleaner and it still came back its really annoying
  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Totally annoying - lets try an online scan

None of my other scans detected it though - I removed the initiators so it should no longer be there

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

  • 0

#21
jotter1

jotter1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
heres the results of f secure scan thanks




Scanning Report
Saturday, March 29, 2008 23:51:36 - 00:36:02

Computer name: PC
Scanning type: Scan system for malware, rootkits
Target: C:\
Result: 2 malware found
RiskTool.Win32.Reboot (spyware)

* System

Tracking Cookie (spyware)

* System

Statistics
Scanned:

* Files: 25908
* System: 3178
* Not scanned: 6

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 2
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-03-29
* F-Secure AVP: 7.0.171, 2008-03-29
* F-Secure Pegasus: 1.20.0, 2008-02-26
* F-Secure Blacklight: 1.0.64

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets have a look at that reg key


@echo off
regedit.exe /e C:\look.txt hkey_users \S-1-5-21-220523388-299502267-725345543-1004\software\install
exit

Next you will need to create the batch fix to do that copy and paste ALL of the above in the quote box to a notepad file.
Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type look.bat

This will create a batch file Posted Image

Then run look.bat by double clicking this should then place a text file of the key on your root c: drive please post the contents here
  • 0

#23
jotter1

jotter1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
tried to do as you said but a box appears for a sec then goes off thats it no log to be seen any ideas thanks
  • 0

#24
jotter1

jotter1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
sorry to be a noob but were should this file be exactly looked on c:\ cant find it cheers
  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It should be at C:\look.txt
  • 0

Advertisements


#26
jotter1

jotter1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
its not there.i deleted the first look.bat and tried again but the file says look now not look.bat and still not there cheers
  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Maybe I made an error in the batch file I need to check that - but it looks OK :)

Could you open regedit (start >run >regedit)
When opened select EDIT
Select find
Paste in hkey_users \S-1-5-21-220523388-299502267-725345543-1004\software\install
Select find next
Right click the key install and select export.
In the drop down box for file type select .txt
Save to your desktop
Post that in your next post
  • 0

#28
jotter1

jotter1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
did as you asked and it just came up finished searching registry didnt show me anything.
  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
To me that would suggest that the key is not there and would also explain why there was no text file. Could this be a glitch with your programme that you use to scan as nothing else I have used has shown that key, or any associated files to be present. I will see if that is a known false positive
  • 0

#30
jotter1

jotter1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
just ran a quick scan with spyware doc and it found this application.nircmd 4 infections but think it could be combofix it didnt find adclicker.i use pc guard from virgin media and upgraged to get the spyware with it dont know if its any good. pc guard only finds it after i restart my pc. but does find it everytime cheers
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP