Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

** help plz! ** i need to remove these adware! [CLOSED]


  • This topic is locked This topic is locked

#1
laziboi

laziboi

    New Member

  • Member
  • Pip
  • 7 posts
im stuck with these adware/malware on my comp for a few days now!

problems...

- first time when i got the viruses.. i had this extra toolbar with the options like AdultGambling | Pharmacy | XXX personal photos .. etc etc forgot what the rest are, somehow i got rid of the toolbar by deleting some stuff in the HJT results.

- sometimes i get a window popup saying "Windows Security Center" WARNING: Windows Firewall detected suspicious network activity on your computer, Malicious software codes try to steal your privacy information, such as credit card numbers, electronic mail accounts, financial data or passwords. Do you want to learn how to protect your computer?" and its got the YES NO button but i always click NO because im scared its a virus thing trying to trick me so i downloaded "Zone Alarm" but the message still comes up sometime.

- i keep getting extra favourite files in my favourite folder section.. i deleted them heaps of times but it keeps coming back after a reboot.. so heres the list in my favourite folder...

AdultGambling
Free Online Dating
[bleep] Real Girls
Kill Annoying Popups
Online Sex Poker Rooms
Play Adult-Poker
Remove Toolbars
Spyware Uninstall
SPYWARE
XXX Personal Photos


this is the list of programs i used to get rid of my problem but none of them works... :tazz:

ad-adware v1.06
avast
AVG 7.0
CWShredder
ewido
solo anti-virus
spysubtract (deleted it after AVG detected theres a virus in it)
spybot search&destroy
spyware blaster
stinger

i first update them then restart in safemode and i ..

Disk Cleanup
enable - Show hidden files and folders
disable - Hide extentions for known file types
disable - Hide protected operating system files

then yeah start scanning and after finishing scan i do online scans but the adware/spyware is still there.

heres my latest scanning logs...

Logfile of HijackThis v1.99.1
Scan saved at 3:23:12 AM, on 6/5/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\chi1\My Documents\phynx\phynx\mirc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Internet Explorer Hot Fix - {CDAB930D-AFB8-4FC9-901C-8773E9414E0A} - C:\WINNT\System32\zrpuh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [win32pssd] win32sdds.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [teqq32] Preliminary.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [win32pssd] win32sdds.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...416/mcfscan.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe


Panda Online Scan...


Incident Status Location


Adware:Adware/SBSoft No disinfected C:\WINNT\System32\nmvqb.dll
Adware:Adware/CWS No disinfected C:\Documents and Settings\chi1\Favorites\AdultGambling.url
Adware:Adware/SBSoft No disinfected C:\WINNT\System32\nmvqb.dll
Adware:Adware/GloboSearch No disinfected Windows Registry
Adware:Adware/SBSoft No disinfected C:\WINNT\system32\nmvqb.dll
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\AdultGambling.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Play Adult-Poker.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Online Sex Poker Rooms.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Kill Annoying Popups.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Spyware Uninstall.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Remove Toolbars.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\Free Online Dating.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\XXX personal photos.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\All Users\Favorites\[bleep] Real Girls.url
Virus:Bck/IRCFlood.AA Disinfected C:\Documents and Settings\chi1\My Documents\scripts\nnscript.zip[nHTMLn.dll]
Adware:Adware/CWS No disinfected C:\Documents and Settings\chi1\Favorites\AdultGambling.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\chi1\Favorites\Play Adult-Poker.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\chi1\Favorites\Online Sex Poker Rooms.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\chi1\Favorites\Kill Annoying Popups.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\chi1\Favorites\Spyware Uninstall.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\chi1\Favorites\Remove Toolbars.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\chi1\Favorites\Free Online Dating.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\chi1\Favorites\XXX personal photos.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\chi1\Favorites\[bleep] Real Girls.url

Edited by laziboi, 05 June 2005 - 01:39 AM.

  • 0

Advertisements


#2
Guest_usetobe_*

Guest_usetobe_*
  • Guest
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
laziboi

laziboi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
thanks heapsss for replying! but OHHH NOOOO... i think i made the biggest mistake by installing "service pack 4" ! at first when tryed to update to "service pack 4" and when i asked me if i want to back up the files.. i clicked yes. after that i got a error and it wont update for me no more and i didnt wanna sit there for 2 hours waiting for nothing, so i had to quit the update and did it over again but this time i clicked on NO when it asked me if i wanna do the back-up files.. and now it finishes the update but stops while installing with this error message..

Setup cannot copy the file wbemtest.exe.

Ensure that the location specified below is correct, or
change it and insert 'Windows 2000 Service Park 4 Source Files'
in the drive you specify.

i click on "Cancel"

and get the popup saying...

do you want to continue the setup without wbemtest.exe ?

i click on "YES"

and i get the popup saying...

Service Pack 4 installation did not complete.

Windows 2000 has been partially updated and may not work properly.
it is recommeneded that you use your Emergency disk to repair your
system. to do this, insert the windows 2000 Setup Boot Disk into the
floppy drive, restart your computer, and then select the Emergency
Repair option.

i dont know what to do because i dont know if i have the "windows 2000 Setup Boot Disk" and now i dont want to shut down my computer no more because im scared my computer wont work anymore !! :tazz: ;)

can u help me fix this big problem please please please ????
  • 0

#4
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi,

I'm getting one of our tech experts in to help, i specialise in malware removal
  • 0

#5
laziboi

laziboi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ok, thank you... ill be waiting =)
  • 0

#6
Murray S.

Murray S.

    Trusted Tech

  • Member
  • PipPipPipPipPipPipPip
  • 4,513 posts
  • MVP
Howdy:

Go to your Temp and temp internet folders and clean them out totally..

Now try the update again..

Murray
  • 0

#7
laziboi

laziboi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
can you tell me where do i actually go??

cause i went to C:\Documents and Settings\chi1\Local Settings\Temporary Internet Files and its only pictures in there?

one more thing.. when i was doing the update.. the update thing automatically made a new folder D:\c4e with shdocvw.dll in there.. so u want me to delete that folder as well ?
  • 0

#8
laziboi

laziboi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
and also it made another new folder C:\WINNT\ServicePackFiles with heaps of files in there similar to C:\winnt\system32 folder
  • 0

#9
laziboi

laziboi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
1 moree thing.. i just relised i dont have the file wbemtest.exe in my computer so even if i do the update again.. wont the same error message come up???
  • 0

#10
Murray S.

Murray S.

    Trusted Tech

  • Member
  • PipPipPipPipPipPipPip
  • 4,513 posts
  • MVP
Wipe the temp internet folder.. you should also have a plain old temp folder.. clean it out as well..

Did your system originally come with Win2000 on it or was it an upgrade??

Murray
  • 0

#11
laziboi

laziboi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
my computer was a windows 98.. until i took it out the computer store for a format and then it became a win2000 pro.

these are the temp folders i have on my computer.. so please let me know exactly which one i should clean out.

C:\Documents and Settings\chi1\Local Settings\Temp
C:\Documents and Settings\chi1\Local Settings\Temporarly Internet Files

the windows update also made a folder C:\WINNT\ServicePackFiles so u want me to delete that folder as well ?

now i cant go on another site for some reason.. only this site and the windows update site works now :tazz:

this morning when u logged offline... i delete all the folders that the windows update created and started the update again but the same error message "Setup cannot copy the file wbemtest.exe" came up ... i tryed searching for that file on my computer but i dont even have that file name so even if i do the update again.. the same error message will keep coming up.

ok just to make sure that i chose the right update.. this is the one i chose.

Windows 2000 Service Pack 4 Express Install for End Users*

so that do i do now?? ;)
  • 0

#12
Murray S.

Murray S.

    Trusted Tech

  • Member
  • PipPipPipPipPipPipPip
  • 4,513 posts
  • MVP
That's the right update..

As for that other folder, have you tried opening it to see what was in it??

Murray
  • 0

#13
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP