Inqwire & empnads

[Pugiv]

Hi,
I have been using spyware blaster, Spybot and Ad aware together for at least the past year and I somehow managed to get infected with the "inqwire" ware. From I found on google,I believe
Google showed there are also more threats related or may originated form "inqwire": "empnads"
These threats open new search windows using their search pages when browsing in internet explorer(not sure about the other web browsers). I read about even more items being produced from these 2, with systems that had many spyware/ad blocking programs installed.
Im not by any means a security newbie so please take into consideration I have run Adaware,Spybot,Spyware balster,Outpost firewall spyware scanner and Microsoft Windows AntiSpyware (Beta). All with latest updates to no avail. I also ran high jack this and it found nothing.
Like I said before,I googled these 2 adwares and found many posts but no confirmed fix.
I also run Nod32,Outpost firewall,hardware router and google toolbar. None of these can even find anything.
Im posting here in hopes someone can find a fix for this as Im not sure were else to turn( i submitted info to Lavasoft and adware but seemed to be ignored).
Thanks.

[SirDice]

If none of your scanners can find it, how did you find out you're infected?

Did you scan in "Safe Mode"?

You can always post a HiJackThis log here for us to look at..

[Maverick811]

Originally posted here by SirDice
If none of your scanners can find it, how did you find out you're infected?

Did you scan in "Safe Mode"?

You can always post a HiJackThis log here for us to look at..

It may be that the scanners found it, but none were able to clean it. I've run into this a few times in the past...

Pugiv, when you searched Google previously did you look for manual removal instructions?

[dalek]

Hi Pugiv

Sounds like you have a problem with some garbage, try running Crap Cleaner first. Then download EWIDO if you have any problems with the updates you can do them manually from Updates

It's a 14 day trial period, but even after 14 days it will still update, just some of the deeper features will be turned off.

Do these scans in "Safe Mode" http://computer.howstuffworks.com/question575.htm empty out all of your temp files, CCLeaner will get rid of most, unhide your system files.

As SirDice mentions go ahead and post a log.

[Pugiv]

Hi guys.Thank you for the replies
dalek,
I didn't run crap cleaner or EWIDO because I figured if none of the many other programs I tried were unsuccessful then them 2 would probably be of no assistance. I'll run them as you suggested.
Maverick811,
Google showed nothing in regards to manual removals. All that was listed were many posts with no solid answer.
SirDice,
Yes I always scan in safe mode.
I know I am infected because I am quite literate in regards to the antispyware/Adware field,though I don't consider myself an expert. I believe this to be an issue where a registry entry was added or changed,thus allowing the ad's to open new windows.These are not spyware.
I'll post my high jack this log in a couple hours.
Thanks again

[Pugiv]

OK,
ran CC and deleted most of the items.Nothing severe,just a bunch of temp files.
Ewido seems to have picked something up,maybe what I have been looking for. Here is the log:
+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MiniBugTransporter.dll\\.Owner -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MiniBugTransporter.dll\\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} ->

I wont know until maybe 2 or 3 days of running IE, as I once went 2 days without the ad's popping up.
I'll post back and let you know if the above registry entries were the culprits..Your thoughts?
Thanks!

[Pugiv]

Well the ads are back.
I dont understand how this is still happening.
Anyways the "search inqwire" page that opens is from source: (DONT CLICK UNLESS YOU WANT THE INFECTION!!!) CLICK ON THE LINK PROPERTIES FOR THE FULL SOURCE

http://www.inqwire.com/homepage.prec...nlpt=yes&cb=70

The other "empnads.com" :
http://empnads.com/servlet/ajrotator.../vh?z=enternet

DAMNIT DAMNIT SOB!!

[SirDice]

If I click on the first link I get bombarded with questions "Do you wish to install WinFixer".. (I don't use IE but Firefox)

I just looked at winfixer.. You should be able to deinstall it through Add/Remove Software..

[dalek]

Hi

To remove Winfixer you need to download and run Vundofix

This site has some steps (follow in that order) to remove the infections.http://www.blifaloo.com/info/virus_removal.php

recommend you get the MVPS HOSTS file if you are using IE, also it wouldn't hurt to get Spywareguard this works well with MSAS Beta and Spybot S & D.

Something to consider also is your System Restore Points, these will save infections in memory and will become active each time you boot .up.http://support.microsoft.com/default...b;en-us;264887

Recommend you go back to safe mode turn off/disable system restore and run your scans again, it may find some of those which were sitting in a restore point.

[Pugiv]

Well after trying just about every spyware/adware program, it seems the only solution was the MVPS host file. Thanks for the link.
I still cant believe that none of the major adware programs have added these signatures to their database.
Thanks again for helping out