Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

avg scan results [CLOSED]


  • This topic is locked This topic is locked

#1
nictrigg

nictrigg

    Member

  • Member
  • PipPip
  • 11 posts
hi there,

i have run hi jack this and deleted all dodgy files.

however i have run a scan with avg and it has found more spyware, which it can't remove.

how can i remove this. Here are the scan results:


Incident Status Location

Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\SYSTEM\MSFAOL.DLL
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\SYSTEM\bs?.dll
Adware:Adware/CWS.Oslogo No disinfected C:\WINDOWS\Web\oslogo.bmp
Adware:Adware/BlazeFind No disinfected C:\WINDOWS\SYSTEM\LCINST~1.EXE
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\SYSTEM\msnkmi.dll
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\SYSTEM\msfaol.dll
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\SYSTEM\mskhhe.dll
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\SYSTEM\msiaih.dll
Virus:Trj/Imk.A Disinfected C:\WINDOWS\SYSTEM\msnimk.gif
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\SYSTEM\mseggo.gif
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\SYSTEM\bs.dll
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\SYSTEM\bss.dll
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\WEB\oslogo.bmp
Virus:Trj/Multidropper.TY Disinfected C:\temp\Bargains.exe
Adware:Adware/CWS.Bootconf No disinfected C:\bootconf.exe

any help would be much appreciated. :tazz:

thanks

nick.
  • 0

Advertisements


#2
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please post a Hijack This log in your reply.

For instructions on where to download and how to use Hijack This, please visit http://www.geekstogo..._Log-t2852.html
  • 0

#3
nictrigg

nictrigg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
here you are

Logfile of HijackThis v1.99.1
Scan saved at 01:27:28, on 25/06/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\MY DOCUMENTS\NEW FOLDER\HIJACKTHIS.EXE

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

cheers mate.
:tazz:

nick.
  • 0

#4
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please open the Add or Remove Programs (click on Start ---> Settings ---> Control panel. This should be the 3rd item). Uninstall / remove the following items if found -

ClientMan
BookedSpace
BlazeFind


Close all Windows

Click here to download Pocket Killbox by Option^Explicit. Extract it from the zip file then double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each. Keep track of any files it tells you either could not be found or could not be deleted, as you'll need those later:

C:\temp\Bargains.exe
C:\bootconf.exe
C:\WINDOWS\Web\oslogo.bmp
C:\WINDOWS\SYSTEM\msnimk.gif
C:\WINDOWS\SYSTEM\mseggo.gif
C:\WINDOWS\SYSTEM\MSFAOL.DLL
C:\WINDOWS\SYSTEM\bs?.dll
C:\WINDOWS\SYSTEM\LCINST~1.EXE
C:\WINDOWS\SYSTEM\msnkmi.dll
C:\WINDOWS\SYSTEM\msfaol.dll
C:\WINDOWS\SYSTEM\mskhhe.dll
C:\WINDOWS\SYSTEM\msiaih.dll
C:\WINDOWS\SYSTEM\bs.dll
C:\WINDOWS\SYSTEM\bss.dll


For the files that it either couldn't find or couldn't delete, in the killbox again this time, put a mark next to "Delete on Reboot" and a mark next to "Unregister .dll Before Deleting" if it is not grayed out. Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again.


If the PC doesnt reboot automatically, do it manually.

Run Hijack This and post a fresh HJT log here
  • 0

#5
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP