-
November 9th, 2006, 04:44 PM
#1
Junior Member
Spyware infected computer need help removeing
Hello all,
I have a computer which is giving me a message in the system tray telling me "This computer is infected with spyware... blah blah blah." I have attached the hard drive to another computer and scaned it using NAV corp edition, AVG, and ad-aware. None of the programs have found any problems with the harddrive... weird. The computer will pop up porn adds about once every 10 min just for fun..
Does anyone have any ideas about what im dealing with here, I need to try and fix this one instead of reinstalling the O/S...
-
November 9th, 2006, 04:47 PM
#2
Put the drive back.. Boot windows into safe mode then run a HijackThis scan.. Post the log here..
Oliver's Law:
Experience is something you don't get until just after you need it.
-
November 9th, 2006, 04:55 PM
#3
-
November 9th, 2006, 07:56 PM
#4
Junior Member
Nasty...
I found a couple processes running - pmmon.exe and pmmsgr.exe, both were flagged as spyware by a google search.
Found a link to http://www.lavasoftsupport.com/index.php?showtopic=1844
which advised how to remove the offending "scumware." I did all the steps and it reinstalled itsself 30 seconds after windows loaded. Persistant little bugger... Right now I have AVG antispy working on it (again) and it has found
adware.intcodec
Anyone know how to kill this one?
-
November 9th, 2006, 08:50 PM
#5
Junior Member
Hijack this!
Here is the log
12:49 PM 11/9/2006Logfile of HijackThis v1.99.1
Scan saved at 3:48:37 PM, on 11/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QualityCodec\pmsngr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QualityCodec\pmmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4734044c-7427-43d8-adbe-df942e52bef2} - C:\Program Files\QualityCodec\isaddon.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
-
November 9th, 2006, 09:03 PM
#6
How people treat you is their karma- how you react is yours-Wayne Dyer
-
November 9th, 2006, 09:28 PM
#7
Junior Member
-
November 9th, 2006, 09:31 PM
#8
its a short form of Morganlefay
Its how I sign my posts
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
November 10th, 2006, 09:29 AM
#9
Your HijackThis log seems awfully short...
To remove the little bugger.. Boot to safe mode.. Make sure none of it's processes are running (check with taskmanager). Kill them if necessary. Then follow the removal instructions.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
November 10th, 2006, 12:38 PM
#10
Originally Posted by FNFiveseveN
I found a couple processes running - pmmon.exe and pmmsgr.exe, both were flagged as spyware by a google search.
Found a link to http://www.lavasoftsupport.com/index.php?showtopic=1844
which advised how to remove the offending "scumware." I did all the steps and it reinstalled itsself 30 seconds after windows loaded. Persistant little bugger... Right now I have AVG antispy working on it (again) and it has found
adware.intcodec
Anyone know how to kill this one?
Hi
You can try
Pocket KillBox is a program that can be used to get rid of files that stubbornly refuse to allow you to delete them.
Usage Information:
Download this file, extract it, and run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted.
http://www.bleepingcomputer.com/files/killbox.php
and Stinger http://vil.nai.com/vil/stinger/
You may want to disable your System Restore and flush the saved points, as you are infected anyway's you are not going to do a system restore, so any of these nasties could still be in a restore point.
http://www.kellys-korner-xp.com/xp_restore.htm
PC Registered user # 2,336,789,457...
"When the water reaches the upper level, follow the rats."
Claude Swanson
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|