Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spy-trooper [CLOSED]


  • This topic is locked This topic is locked

#1
mglavich

mglavich

    New Member

  • Member
  • Pip
  • 1 posts
Hello Geek Squad,

Would very much appreciate your help here.

I have the same problem as HeedLee (see below) and kitepirot (http://www.geekstogo...showtopic=63472)

Some kind of spyware has taken control of my PC and wherever I try to go on the internet, I am forwarded back to a site saying "You have spyware download PS Guard or Spy Trooper". There is also constant pop ups that come as windows (generally from Search2K.net), or a little text box that comes from my quick launch toolbar saying "you have spyware click here to remove it" which brings me back to spy trooper.

I own and ran updated scans of both SpyWare XTerminator and Ad-Ware SE Plus. They run, but can't find anything, all the while the little System Alert Textbox is blinking at me.

This is theft of property and extorsion on an incredibly arrogant and aggressive scale and I am at a loss as to what to do :tazz:

Would very much appreciate any help and thank-you for doing the kind of work u do.

BTW, when I run Hijack This, I get a BHO that can't be deleted and here is the "HiJack this" Log:

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\mssearchnet.exe
C:\WINNT\system32\nvctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
C:\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe
C:\WINNT\system32\mobsync.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {893fad3a-931e-4e53-b515-b1426d63799b} - C:\WINNT\system32\hp7A07.tmp (file missing)

mglavich
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

This is not the whole log file. Please repost the whole log now.
  • 0

#3
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP