Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

avg scan results [CLOSED]

Started by nictrigg , Jun 24 2005 08:49 AM

  • This topic is locked This topic is locked

#1
nictrigg
Posted 24 June 2005 - 08:49 AM

nictrigg

    Member

  • Member
  • PipPip
  • 11 posts
hi there,

i have run hi jack this and deleted all dodgy files.

however i have run a scan with avg and it has found more spyware, which it can't remove.

how can i remove this. Here are the scan results:


Incident Status Location

Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\SYSTEM\MSFAOL.DLL
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\SYSTEM\bs?.dll
Adware:Adware/CWS.Oslogo No disinfected C:\WINDOWS\Web\oslogo.bmp
Adware:Adware/BlazeFind No disinfected C:\WINDOWS\SYSTEM\LCINST~1.EXE
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\SYSTEM\msnkmi.dll
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\SYSTEM\msfaol.dll
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\SYSTEM\mskhhe.dll
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\SYSTEM\msiaih.dll
Virus:Trj/Imk.A Disinfected C:\WINDOWS\SYSTEM\msnimk.gif
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\SYSTEM\mseggo.gif
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\SYSTEM\bs.dll
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\SYSTEM\bss.dll
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\WEB\oslogo.bmp
Virus:Trj/Multidropper.TY Disinfected C:\temp\Bargains.exe
Adware:Adware/CWS.Bootconf No disinfected C:\bootconf.exe

any help would be much appreciated. :tazz:

thanks

nick.
  • 0

Advertisements

#2
tampabelle
Posted 24 June 2005 - 12:31 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please post a Hijack This log in your reply.

For instructions on where to download and how to use Hijack This, please visit http://www.geekstogo..._Log-t2852.html
  • 0

#3
nictrigg
Posted 24 June 2005 - 06:32 PM

nictrigg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
here you are

Logfile of HijackThis v1.99.1
Scan saved at 01:27:28, on 25/06/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\MY DOCUMENTS\NEW FOLDER\HIJACKTHIS.EXE

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

cheers mate.
:tazz:

nick.
  • 0

#4
tampabelle
Posted 24 June 2005 - 07:13 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please open the Add or Remove Programs (click on Start ---> Settings ---> Control panel. This should be the 3rd item). Uninstall / remove the following items if found -

ClientMan
BookedSpace
BlazeFind

Close all Windows

Click here to download Pocket Killbox by Option^Explicit. Extract it from the zip file then double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each. Keep track of any files it tells you either could not be found or could not be deleted, as you'll need those later:

C:\temp\Bargains.exe
C:\bootconf.exe
C:\WINDOWS\Web\oslogo.bmp
C:\WINDOWS\SYSTEM\msnimk.gif
C:\WINDOWS\SYSTEM\mseggo.gif
C:\WINDOWS\SYSTEM\MSFAOL.DLL
C:\WINDOWS\SYSTEM\bs?.dll
C:\WINDOWS\SYSTEM\LCINST~1.EXE
C:\WINDOWS\SYSTEM\msnkmi.dll
C:\WINDOWS\SYSTEM\msfaol.dll
C:\WINDOWS\SYSTEM\mskhhe.dll
C:\WINDOWS\SYSTEM\msiaih.dll
C:\WINDOWS\SYSTEM\bs.dll
C:\WINDOWS\SYSTEM\bss.dll


For the files that it either couldn't find or couldn't delete, in the killbox again this time, put a mark next to "Delete on Reboot" and a mark next to "Unregister .dll Before Deleting" if it is not grayed out. Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again.


If the PC doesnt reboot automatically, do it manually.

Run Hijack This and post a fresh HJT log here
  • 0

#5
tampabelle
Posted 05 July 2005 - 10:09 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP