Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop-ups keep on coming out [RESOLVED]


  • This topic is locked This topic is locked

#16
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
When you start your Scan in Spybot, a window appears in the lower half of the Spybot windows and it is titled "Problems". That will contain the text that I am looking for.


Trevuren
  • 0

Advertisements


#17
thomasdqt

thomasdqt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Thank you Trevuren.

I guess this is the log you want to see:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HuntBar: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-08-14 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi (*)
2005-08-19 Includes\Dialer.sbi (*)
2005-08-19 Includes\Hijackers.sbi (*)
2005-08-16 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-08-19 Includes\Malware.sbi (*)
2005-08-12 Includes\PUPS.sbi (*)
2005-04-27 Includes\Revision.sbi (*)
2005-08-19 Includes\Security.sbi (*)
2005-08-16 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-08-19 Includes\Trojans.sbi (*)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Regards,

Tom



Add on:

Ewido report also keeps on saying there is something found, even after cleaned:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:51:53 PM, 8/22/2005
+ Report-Checksum: A1C1ED7D

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools -> Spyware.WebSearch : Error during cleaning


::Report End

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thanks,

Tom

Edited by thomasdqt, 22 August 2005 - 08:56 PM.

  • 0

#18
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Backup the registry by going to Start>Run> and type "regedit" without the quotes. Then on the file menu choose ‘export’ in XP. Export the file to your Desktop.

If a restore of the registry is required in case of emergency, just click on the exported regfile on your desktop, and answer YES to the question whether you want to merge this file with the registry. Wait until you get a message saying something like Merge Successfull.

2. Launch Notepad, and copy/paste everything in the codebox below into the new document, including the word REGEDIT4. Go up to "File Save As" and click the drop-down box to change the "Save As Type" to "All Files" and save it to your desktop as fixme.reg.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools]

3. Locate fixme.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer Yes and wait for a message to appear similar to Merged Successfully.

4. Reboot your computer.

5. Run Spybot and see if it is gone

Regards,

Trevuren

  • 0

#19
thomasdqt

thomasdqt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hi Trevuren,

Thank you for all the help.
The HuntBat and Spyware.WebSearch are still shown in Spybot and Ewido scanning. The logs content are exactly the same as in my last post except different date and time.

Please help.

Best regards,

Tom
  • 0

#20
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
  • Download, install, update, configure, and run Ad-Aware SE Personal 1.06.
    • Download Ad-Aware SE Personal 1.06:
    • Install Ad-Aware SE Personal 1.06:
      • Double-click on aawsepersonal.exe to install the program.
      • Follow the default settings for installation.
      • After the program has finished installing uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
    • Update Ad-Aware SE Personal 1.06:
      • Double-click the Ad-Aware SE Personal icon on your desktop.
      • Click "Check for updates now" then click "Connect".
      • It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
    • Configure Ad-Aware SE Personal 1.06:
      • Click on the Gear button at the top of the window.
      • Click "General" on the left hand side to display the General Settings box.
        • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Automatically save logfile"
        • "Automatically quarantine objects prior to removal"
        • "Safe Mode (always request confirmation)"
        • "Prompt to update outdated definitions" - change to 7 days from the default 14.
    • Click "Scanning" on the left hand side to display the Scan Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
      • "Scan within archives"
      • "Select drives & folders to scan" - select your hard drive(s).
      • "Scan active processes"
      • "Scan registry"
      • "Deep-scan registry"
      • "Scan my IE favorites for banned URLs"
      • "Scan my Hosts file"
    • Click "Advanced" on the left hand side to display the Advanced Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
      • "Move deleted files to Recycle Bin"
      • "Include additional object information"
      • "Include negligible objects information"
      • "Include environment information"
    • Click "Defaults" on the left hand side to display the Default Settings box.
      • Make sure these items have your preferred settings in them.:
      • "Default homepage"
      • "Default searchpage"
    • Click "Tweak" on the left hand side to display the Tweak Settings box.
      • Click the + (plus) sign next to the Log Files section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Include basic Ad-Aware settings in log file"
        • "Include additional Ad-Aware settings in log file"
        • "Include reference summary in log file"
        • "Include alternate data stream details in log file"
      • Click the + (plus) sign next to the Scanning Engine section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Unload recognized processes & modules during scan"
        • "Scan registry for all users instead of current user only"
        • "Obtain command line of scanned processes"
      • Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
        • "Always try to unload modules before deletion"
        • "During removal, unload Explorer and IE if necessary"
        • "Let Windows remove files in use at next reboot"
        • "Delete quarantined objects after restoring"
    • Once you are done with these settings, click "Proceed" to save them.
    • This will take you back to the main screen.
  • Run Ad-Aware SE Personal 1.06:
    • Click the "Start" button.
    • Uncheck the "Search for negligible risk entries" entry.
    • Choose the "Use custom scanning options" scan mode.
    • Click the "Next" button.
    • Ad-Aware will begin to scan for malware residing on your computer.
    • Allow the scan to finish.
    • Right-click on any entry in the list and click "Select All" to select the whole list.
    • Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.


Trevuren
  • 0

#21
thomasdqt

thomasdqt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hi Trevuren,

Ad-Aware scanning result says there is 0 infectioned.

What else to do?

Thank you like always.

Best regards,

Tom
  • 0

#22
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Backup the registry by going to Start>Run> and type "regedit" without the quotes. Then on the file menu choose ‘export’ in XP. Export the file to your Desktop.

If a restore of the registry is required in case of emergency, just click on the exported regfile on your desktop, and answer YES to the question whether you want to merge this file with the registry. Wait until you get a message saying something like Merge Successfull.

2. Launch Notepad, and copy/paste everything in the codebox below into the new document, including the word REGEDIT4. Go up to "File Save As" and click the drop-down box to change the "Save As Type" to "All Files" and save it to your desktop as fixme.reg.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"WinTools"=-

3. Locate fixme.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer Yes and wait for a message to appear similar to Merged Successfully.

4. Reboot your computer.

5. Run Spybot and see if it is gone

Regards,

Trevuren

  • 0

#23
thomasdqt

thomasdqt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hi Trevuren,

No, same results. Both Spybot and Ewido show the same things as previously shown.

Are they high risk worms or not that much? Maybe we have to give up. Anyway, the computer is very much cleaner than it was.

Thank you very much.

Best regards,

Tom
  • 0

#24
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi Tom, I don't think that they are there at all.... Let me explain, I think that they are orphaned registry entries from when they were there and are still being seen by Spybot which doesn't know the difference. I run Ad-Aware myself even though I have both on my machine. Your call Tom... I don't think we will find them personnally but I don't mind searching more but we aree running ouy of methods.


Humor me please and let's run a different type of scan:

1. Download WinPFind.zip
- Extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.

2. Reboot your computer into Safe Mode.

3. Open the C:\WinPFind folder and double-click on WinPFind.exe.
(- Add any desire config changes here)
- Click on the Start Scan button and wait for it to finish.

This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log file at C:\WinPFind\WinPFind.txt.

4. Please copy that log to your next reply.


Regards,

Trevuren

  • 0

#25
thomasdqt

thomasdqt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hi Treveuren,

I have to give up cuz my frieend took back the computer. He's very happy about the condition now.

Very much appreciate your professional help.
Best regards,

Tom
  • 0

Advertisements


#26
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP