Trevuren
Pop-ups keep on coming out [RESOLVED]
Started by
thomasdqt
, Aug 18 2005 05:13 PM
#16
Posted 20 August 2005 - 09:05 PM
Trevuren
#17
Posted 22 August 2005 - 08:27 PM
Thank you Trevuren.
I guess this is the log you want to see:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HuntBar: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-08-14 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi (*)
2005-08-19 Includes\Dialer.sbi (*)
2005-08-19 Includes\Hijackers.sbi (*)
2005-08-16 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-08-19 Includes\Malware.sbi (*)
2005-08-12 Includes\PUPS.sbi (*)
2005-04-27 Includes\Revision.sbi (*)
2005-08-19 Includes\Security.sbi (*)
2005-08-16 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-08-19 Includes\Trojans.sbi (*)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Regards,
Tom
Add on:
Ewido report also keeps on saying there is something found, even after cleaned:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 10:51:53 PM, 8/22/2005
+ Report-Checksum: A1C1ED7D
+ Scan result:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools -> Spyware.WebSearch : Error during cleaning
::Report End
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks,
Tom
I guess this is the log you want to see:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HuntBar: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-08-14 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi (*)
2005-08-19 Includes\Dialer.sbi (*)
2005-08-19 Includes\Hijackers.sbi (*)
2005-08-16 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-08-19 Includes\Malware.sbi (*)
2005-08-12 Includes\PUPS.sbi (*)
2005-04-27 Includes\Revision.sbi (*)
2005-08-19 Includes\Security.sbi (*)
2005-08-16 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-08-19 Includes\Trojans.sbi (*)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Regards,
Tom
Add on:
Ewido report also keeps on saying there is something found, even after cleaned:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 10:51:53 PM, 8/22/2005
+ Report-Checksum: A1C1ED7D
+ Scan result:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools -> Spyware.WebSearch : Error during cleaning
::Report End
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks,
Tom
Edited by thomasdqt, 22 August 2005 - 08:56 PM.
#18
Posted 22 August 2005 - 08:58 PM
1. Backup the registry by going to Start>Run> and type "regedit" without the quotes. Then on the file menu choose export in XP. Export the file to your Desktop.
If a restore of the registry is required in case of emergency, just click on the exported regfile on your desktop, and answer YES to the question whether you want to merge this file with the registry. Wait until you get a message saying something like Merge Successfull.
2. Launch Notepad, and copy/paste everything in the codebox below into the new document, including the word REGEDIT4. Go up to "File Save As" and click the drop-down box to change the "Save As Type" to "All Files" and save it to your desktop as fixme.reg.
3. Locate fixme.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer Yes and wait for a message to appear similar to Merged Successfully.
4. Reboot your computer.
5. Run Spybot and see if it is gone
Regards,
Trevuren
If a restore of the registry is required in case of emergency, just click on the exported regfile on your desktop, and answer YES to the question whether you want to merge this file with the registry. Wait until you get a message saying something like Merge Successfull.
2. Launch Notepad, and copy/paste everything in the codebox below into the new document, including the word REGEDIT4. Go up to "File Save As" and click the drop-down box to change the "Save As Type" to "All Files" and save it to your desktop as fixme.reg.
REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools]
3. Locate fixme.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer Yes and wait for a message to appear similar to Merged Successfully.
4. Reboot your computer.
5. Run Spybot and see if it is gone
Regards,
Trevuren
#19
Posted 23 August 2005 - 04:52 AM
Hi Trevuren,
Thank you for all the help.
The HuntBat and Spyware.WebSearch are still shown in Spybot and Ewido scanning. The logs content are exactly the same as in my last post except different date and time.
Please help.
Best regards,
Tom
Thank you for all the help.
The HuntBat and Spyware.WebSearch are still shown in Spybot and Ewido scanning. The logs content are exactly the same as in my last post except different date and time.
Please help.
Best regards,
Tom
#20
Posted 23 August 2005 - 09:09 AM
- Download, install, update, configure, and run Ad-Aware SE Personal 1.06.
- Download Ad-Aware SE Personal 1.06:
- Download Ad-Aware SE Personal 1.05.
- Save aawsepersonal.exe to a convenient location.
- Install Ad-Aware SE Personal 1.06:
- Double-click on aawsepersonal.exe to install the program.
- Follow the default settings for installation.
- After the program has finished installing uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
- Update Ad-Aware SE Personal 1.06:
- Double-click the Ad-Aware SE Personal icon on your desktop.
- Click "Check for updates now" then click "Connect".
- It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
- Configure Ad-Aware SE Personal 1.06:
- Click on the Gear button at the top of the window.
- Click "General" on the left hand side to display the General Settings box.
- Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
- "Automatically save logfile"
- "Automatically quarantine objects prior to removal"
- "Safe Mode (always request confirmation)"
- "Prompt to update outdated definitions" - change to 7 days from the default 14.
- Click "Scanning" on the left hand side to display the Scan Settings box.
- Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
- "Scan within archives"
- "Select drives & folders to scan" - select your hard drive(s).
- "Scan active processes"
- "Scan registry"
- "Deep-scan registry"
- "Scan my IE favorites for banned URLs"
- "Scan my Hosts file"
- Click "Advanced" on the left hand side to display the Advanced Settings box.
- Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
- "Move deleted files to Recycle Bin"
- "Include additional object information"
- "Include negligible objects information"
- "Include environment information"
- Click "Defaults" on the left hand side to display the Default Settings box.
- Make sure these items have your preferred settings in them.:
- "Default homepage"
- "Default searchpage"
- Click "Tweak" on the left hand side to display the Tweak Settings box.
- Click the + (plus) sign next to the Log Files section. This will expand the section.
- Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
- "Include basic Ad-Aware settings in log file"
- "Include additional Ad-Aware settings in log file"
- "Include reference summary in log file"
- "Include alternate data stream details in log file"
- Click the + (plus) sign next to the Scanning Engine section. This will expand the section.
- Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
- "Unload recognized processes & modules during scan"
- "Scan registry for all users instead of current user only"
- "Obtain command line of scanned processes"
- Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.
- Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
- "Always try to unload modules before deletion"
- "During removal, unload Explorer and IE if necessary"
- "Let Windows remove files in use at next reboot"
- "Delete quarantined objects after restoring"
- Once you are done with these settings, click "Proceed" to save them.
- This will take you back to the main screen.
- Download Ad-Aware SE Personal 1.06:
- Run Ad-Aware SE Personal 1.06:
- Click the "Start" button.
- Uncheck the "Search for negligible risk entries" entry.
- Choose the "Use custom scanning options" scan mode.
- Click the "Next" button.
- Ad-Aware will begin to scan for malware residing on your computer.
- Allow the scan to finish.
- Right-click on any entry in the list and click "Select All" to select the whole list.
- Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.
Trevuren
#21
Posted 23 August 2005 - 09:54 PM
Hi Trevuren,
Ad-Aware scanning result says there is 0 infectioned.
What else to do?
Thank you like always.
Best regards,
Tom
Ad-Aware scanning result says there is 0 infectioned.
What else to do?
Thank you like always.
Best regards,
Tom
#22
Posted 23 August 2005 - 10:17 PM
1. Backup the registry by going to Start>Run> and type "regedit" without the quotes. Then on the file menu choose export in XP. Export the file to your Desktop.
If a restore of the registry is required in case of emergency, just click on the exported regfile on your desktop, and answer YES to the question whether you want to merge this file with the registry. Wait until you get a message saying something like Merge Successfull.
2. Launch Notepad, and copy/paste everything in the codebox below into the new document, including the word REGEDIT4. Go up to "File Save As" and click the drop-down box to change the "Save As Type" to "All Files" and save it to your desktop as fixme.reg.
3. Locate fixme.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer Yes and wait for a message to appear similar to Merged Successfully.
4. Reboot your computer.
5. Run Spybot and see if it is gone
Regards,
Trevuren
If a restore of the registry is required in case of emergency, just click on the exported regfile on your desktop, and answer YES to the question whether you want to merge this file with the registry. Wait until you get a message saying something like Merge Successfull.
2. Launch Notepad, and copy/paste everything in the codebox below into the new document, including the word REGEDIT4. Go up to "File Save As" and click the drop-down box to change the "Save As Type" to "All Files" and save it to your desktop as fixme.reg.
REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"WinTools"=-
3. Locate fixme.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer Yes and wait for a message to appear similar to Merged Successfully.
4. Reboot your computer.
5. Run Spybot and see if it is gone
Regards,
Trevuren
#23
Posted 24 August 2005 - 05:09 AM
Hi Trevuren,
No, same results. Both Spybot and Ewido show the same things as previously shown.
Are they high risk worms or not that much? Maybe we have to give up. Anyway, the computer is very much cleaner than it was.
Thank you very much.
Best regards,
Tom
No, same results. Both Spybot and Ewido show the same things as previously shown.
Are they high risk worms or not that much? Maybe we have to give up. Anyway, the computer is very much cleaner than it was.
Thank you very much.
Best regards,
Tom
#24
Posted 24 August 2005 - 09:29 AM
Hi Tom, I don't think that they are there at all.... Let me explain, I think that they are orphaned registry entries from when they were there and are still being seen by Spybot which doesn't know the difference. I run Ad-Aware myself even though I have both on my machine. Your call Tom... I don't think we will find them personnally but I don't mind searching more but we aree running ouy of methods.
Humor me please and let's run a different type of scan:
1. Download WinPFind.zip
- Extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.
2. Reboot your computer into Safe Mode.
3. Open the C:\WinPFind folder and double-click on WinPFind.exe.
(- Add any desire config changes here)
- Click on the Start Scan button and wait for it to finish.
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log file at C:\WinPFind\WinPFind.txt.
4. Please copy that log to your next reply.
Regards,
Trevuren
Humor me please and let's run a different type of scan:
1. Download WinPFind.zip
- Extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.
2. Reboot your computer into Safe Mode.
3. Open the C:\WinPFind folder and double-click on WinPFind.exe.
(- Add any desire config changes here)
- Click on the Start Scan button and wait for it to finish.
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log file at C:\WinPFind\WinPFind.txt.
4. Please copy that log to your next reply.
Regards,
Trevuren
#25
Posted 25 August 2005 - 08:01 PM
Hi Treveuren,
I have to give up cuz my frieend took back the computer. He's very happy about the condition now.
Very much appreciate your professional help.
Best regards,
Tom
I have to give up cuz my frieend took back the computer. He's very happy about the condition now.
Very much appreciate your professional help.
Best regards,
Tom
#26
Posted 25 August 2005 - 08:13 PM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users