Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Nothing has worked


  • Please log in to reply

#1
Byou

Byou

    New Member

  • Member
  • Pip
  • 5 posts
okay, I followed all the instructions in my previous thread to rid myself of this nightmare called WinFixer, but NOTHING has worked, nothing at all. I followed all the steps to the letter over 4 time now, and NOTHING changed.

Am I permenantly screwed here?
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Have you a HijackThis log I can look at?
  • 0

#3
Byou

Byou

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Have you a HijackThis log I can look at?


http://www.geekstogo...topic=69813&hl=

this was my previous thread. I tried the instructions given to me in that thread several times, but nothing has worked and WinFixer still remains
  • 0

#4
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,lets try this another way then.


Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:
    • Click "Next", read the agreement, Click "Next"
    • Choose "Custom" click "Next".
    • Leave the default installation directory as it is, then click "Next".
    • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

  • 0

#5
Byou

Byou

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
if it should be noted, I had to run spysweeper twice since I had to restart. I could only save the log the second time

********
8:12 PM: | Start of Session, Sunday, October 30, 2005 |
8:12 PM: Spy Sweeper started
8:12 PM: Sweep initiated using definitions version 564
8:12 PM: Starting Memory Sweep
8:16 PM: Memory Sweep Complete, Elapsed Time: 00:03:19
8:16 PM: Starting Registry Sweep
8:16 PM: Registry Sweep Complete, Elapsed Time:00:00:32
8:16 PM: Starting Cookie Sweep
8:16 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
8:16 PM: Starting File Sweep
9:07 PM: Found System Monitor: golden eye
9:07 PM: a0336867.exe (ID = 181198)
9:17 PM: File Sweep Complete, Elapsed Time: 01:00:27
9:17 PM: Full Sweep has completed. Elapsed time 01:04:30
9:17 PM: Traces Found: 1
9:17 PM: Removal process initiated
9:18 PM: Quarantining All Traces: golden eye
9:18 PM: Removal process completed. Elapsed time 00:00:24
********
6:22 PM: | Start of Session, Sunday, October 30, 2005 |
6:22 PM: Spy Sweeper started
6:22 PM: Sweep initiated using definitions version 564
6:22 PM: Starting Memory Sweep
6:24 PM: Found Adware: virtumonde
6:24 PM: Detected running threat: C:\WINDOWS\SYSTEM32\vtstq.dll (ID = 77)
6:29 PM: Memory Sweep Complete, Elapsed Time: 00:07:01
6:29 PM: Starting Registry Sweep
6:30 PM: Registry Sweep Complete, Elapsed Time:00:00:42
6:30 PM: Starting Cookie Sweep
6:30 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
6:30 PM: Starting File Sweep
7:14 PM: Found System Monitor: golden eye
7:14 PM: unins000.exe (ID = 181198)
8:01 PM: uninstall noadware .lnk (ID = 181198)
8:01 PM: File Sweep Complete, Elapsed Time: 01:31:18
8:01 PM: Full Sweep has completed. Elapsed time 01:39:15
8:01 PM: Traces Found: 3
8:03 PM: Removal process initiated
8:04 PM: Quarantining All Traces: golden eye
8:04 PM: Quarantining All Traces: virtumonde
8:04 PM: virtumonde is in use. It will be removed on reboot.
8:04 PM: C:\WINDOWS\SYSTEM32\vtstq.dll is in use. It will be removed on reboot.
8:04 PM: Warning: Timed out waiting for explorer.exe
8:04 PM: Warning: Timed out waiting for explorer.exe
8:04 PM: Warning: Timed out waiting for explorer.exe
8:04 PM: Warning: Quarantine process could not restart Explorer.
8:04 PM: Preparing to restart your computer. Please wait...
8:04 PM: Removal process completed. Elapsed time 00:01:45
********
5:32 PM: | Start of Session, Sunday, October 30, 2005 |
5:32 PM: Spy Sweeper started
5:32 PM: Sweep initiated using definitions version 564
5:32 PM: Starting Memory Sweep
5:33 PM: Found Adware: virtumonde
5:33 PM: Detected running threat: C:\WINDOWS\SYSTEM32\vtstq.dll (ID = 77)
5:39 PM: Memory Sweep Complete, Elapsed Time: 00:06:27
5:39 PM: Starting Registry Sweep
5:40 PM: Registry Sweep Complete, Elapsed Time:00:00:45
5:40 PM: Starting Cookie Sweep
5:40 PM: Found Spy Cookie: 2o7.net cookie
5:40 PM: chad hyou@2o7[1].txt (ID = 1957)
5:40 PM: Found Spy Cookie: yieldmanager cookie
5:40 PM: chad hyou@ad.yieldmanager[1].txt (ID = 3751)
5:40 PM: Found Spy Cookie: adknowledge cookie
5:40 PM: chad hyou@adknowledge[1].txt (ID = 2072)
5:40 PM: Found Spy Cookie: addynamix cookie
5:40 PM: chad hyou@ads.addynamix[1].txt (ID = 2062)
5:40 PM: Found Spy Cookie: ads.tripod.lycos.com cookie
5:40 PM: chad hyou@ads.tripod.lycos[2].txt (ID = 2133)
5:40 PM: Found Spy Cookie: atwola cookie
5:40 PM: chad hyou@atwola[1].txt (ID = 2255)
5:40 PM: Found Spy Cookie: azjmp cookie
5:40 PM: chad hyou@azjmp[2].txt (ID = 2270)
5:40 PM: Found Spy Cookie: a cookie
5:40 PM: chad hyou@a[2].txt (ID = 2027)
5:40 PM: Found Spy Cookie: burstnet cookie
5:40 PM: chad hyou@burstnet[2].txt (ID = 2336)
5:40 PM: Found Spy Cookie: fe.lea.lycos.com cookie
5:40 PM: chad hyou@fe.lea.lycos[1].txt (ID = 2660)
5:40 PM: Found Spy Cookie: nuker cookie
5:40 PM: chad hyou@nuker[1].txt (ID = 3085)
5:40 PM: Found Spy Cookie: partypoker cookie
5:40 PM: chad hyou@partypoker[1].txt (ID = 3111)
5:40 PM: Found Spy Cookie: revenue.net cookie
5:40 PM: chad hyou@revenue[1].txt (ID = 3257)
5:40 PM: Found Spy Cookie: serving-sys cookie
5:40 PM: chad hyou@serving-sys[2].txt (ID = 3343)
5:40 PM: Found Spy Cookie: reliablestats cookie
5:40 PM: chad hyou@stats1.reliablestats[1].txt (ID = 3254)
5:40 PM: Found Spy Cookie: tradedoubler cookie
5:40 PM: chad hyou@tradedoubler[2].txt (ID = 3575)
5:40 PM: Found Spy Cookie: tripod cookie
5:40 PM: chad hyou@tripod[2].txt (ID = 3591)
5:40 PM: Found Spy Cookie: adserver cookie
5:40 PM: chad hyou@z1.adserver[1].txt (ID = 2142)
5:40 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
5:40 PM: Starting File Sweep
6:18 PM: Sweep Canceled
6:18 PM: File Sweep Complete, Elapsed Time: 00:38:39
6:19 PM: Traces Found: 19
6:22 PM: | End of Session, Sunday, October 30, 2005 |
********
5:31 PM: | Start of Session, Sunday, October 30, 2005 |
5:31 PM: Spy Sweeper started
5:31 PM: Your spyware definitions have been updated.
5:32 PM: | End of Session, Sunday, October 30, 2005 |
  • 0

#6
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Lets see what else is laying around in there.


Download WinPFind:
http://www.bleepingc...es/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!

Restart in Safe Mode

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder!


Post back with a fresh HijackThis log and the results of the WinPFind Scan.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP