annoying adware, spyware problem 9 replies

Please wait...

HyPER_OxyGENated

Chopper Fanatic

50 XP

12th August 2005

0 Uploads

128 Posts

0 Threads

#1 13 years ago

I've recently picked up a spyware/adware bug from somewhere and it is very persistent. I've scanned my pc once several times using the latest version of Paretologic's Xoftspy while offline and it picks nothing up. I also scanned my pc with a not-so-up-to-date Spybot S&D while offline and it picked up a couple of things. When I scanned using Xoftspy while online it picked up a TROJAN!!!!! In addition to some falkag or something cookies. I removed these things when the scan finished but the problem still persists. I know its spyware because i get annoying messages in a box labelled 'Messenger Service' that tells me to download various registry cleaners and spyware removers. They look somewhat like this.




War Hawk

۞ www.thisisnotporn.com ۞

50 XP

27th January 2004

0 Uploads

8,749 Posts

0 Threads

#2 13 years ago

In addition to being offline, turn off system restore when you run those programs. System restore is a common way for those little devils to respawn. Control Panel>System>System Restore




Agentlaidlaw

Pie

50 XP

21st February 2005

0 Uploads

3,801 Posts

0 Threads

#3 13 years ago

Also try running those in Safemode.




jaximus88

~Tine Spingling~Ill count to 3

50 XP

25th August 2005

0 Uploads

344 Posts

0 Threads

#4 13 years ago

if you know anything about your registry, and what belongs use hijackthis. its great for picking that crap out.

http://www.majorgeeks.com/download3155.html




-aFh- Gen.Fatcat

I just got nOObed

50 XP

20th September 2005

0 Uploads

244 Posts

0 Threads

#5 13 years ago

Well like jaximus88 said try hijackthis. Also some good programs for feature use. CC Cleaner Ad-Ware




Johnny Mullet

Hi-Tech Redneck

50 XP

7th March 2005

0 Uploads

1,969 Posts

0 Threads

#6 13 years ago

I used to get those same exact pop-ups on my PC! I got them right after a fresh install of Windows XP on my upgraded emachine. After downloading AVG free Anti-Virus, Adaware SE, and Spybot, the problems went away. Also make sure Windows is updated to latest version! Malicious software can be almost impossible to get rid of without critical updates.




Guest

I didn't make it!

0 XP

 
#7 13 years ago

Once you get rid of it, use Firefox to help avoid getting spyware.




HyPER_OxyGENated

Chopper Fanatic

50 XP

12th August 2005

0 Uploads

128 Posts

0 Threads

#8 13 years ago

ic i was using firefox before but i recently installed xp pro and delted my old xp home.

edit: I downloaded hijackthis and did a scan here is the log file

---------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 9:33:35 AM, on 10/10/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\OptusNet Dial-up Internet\DSC.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Documents and Settings\Administrator.OURHP.000\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.optusnet.com.au/search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optusnet.com.au/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet Dial-up Internet\DSC.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/ O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0 O17 - HKLM\System\CCS\Services\Tcpip\..\{7DC8946E-842B-47DD-86B3-A1A148B38323}: NameServer = 203.2.75.132 198.142.0.51 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - C:\WINDOWS\System32\xplugin.dll O20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\1ae14.dll

------------------------------------------------------------------------

What should i do now?




Dipship

Smarter than your average stump.

71 XP

26th June 2003

0 Uploads

26,967 Posts

0 Threads

#9 13 years ago
HyPER_OxyGENatedI know its spyware because i get annoying messages in a box labelled 'Messenger Service' that tells me to download various registry cleaners and spyware removers. They look somewhat like this.

The pop-up you're getting is from the windows messenger service. An old utility used for transmitting messages amongst computers in a Lan. Open the administrative tools from the start menu or control panel, select services and disable the messenger service. Don't worry, this WILL NOT disable your instant messaging clients like MSN messenger. Srvcmsngr.jpg


When in doubt, gas it!



Guest

I didn't make it!

0 XP

 
#10 13 years ago
DipshipThe pop-up you're getting is from the windows messenger service. An old utility used for transmitting messages amongst computers in a Lan. Open the administrative tools from the start menu or control panel, select services and disable the messenger service. Don't worry, this WILL NOT disable your instant messaging clients like MSN messenger. Srvcmsngr.jpg

LOL exactly, just turn off the service, i thought no one would post it. should be a sticky.