Author Topic: spaiwer (Read 5426 times)

vladgd · « **on:** April 22, 2008, 06:57:04 PM »

so i go to mininova, a site im pretty sure is safe.

few minutes later, my firefox is minimized and i get a popup stating that i MUST download the program to protect myself from spyware. i click no, and thats that. but knowing spyware, it put something on my computer whether i click yes or no.

i go around on the internet and find this

http://www.spywareremove.com/removeErrorDoctor.html

i have the trial software of the "spyware removal program" the site reveres and i scan, and i find the location of this thing. but im tempted into deleting it because of where it is.

im not exactly sure its a good idea to just delete those two folders, and im not fuckin going to spend any money to delete this bitch.

i try scanning on the website i just linked, and i don't find anything, so whats the deal.

i mean, i don't browse random internet sites, i don't google search ANYTHING, and still i get this bullshit.

requesting moar help from peoples smarter than i am.

Spectere · « **Reply #1 on:** April 22, 2008, 07:30:15 PM »

Meh, just delete them. Windows doesn't keep any critical system files in those folders. Just be sure to match up the GUIDs (the hex characters inside the curly braces) or you might delete another program's installer (which wouldn't be a big deal, actually, unless you wanted to modify the installation without reinstalling).

vladgd · « **Reply #2 on:** April 22, 2008, 07:36:36 PM »

files deleted, computer didn't go "lolkazplode" will make another post in a day or two to note if i have any problems/everythings okiedokie.

help appreciated, im not one to go deleting random folders in folders that look important.

so i guess now, i owe bobbias a pizza for last time, and i owe spectere a pizza for this.

Spectere · « **Reply #3 on:** April 22, 2008, 08:00:38 PM »

Sweet. I love pizza.

Bobbias · « **Reply #4 on:** April 23, 2008, 03:14:39 AM »

Lol, well, I was gonna say that you should have made a hijackthis scan and posted it in case there happened to be something else on your computer. (HJT is the very first thing I do when I suspect malware of any kind, since more often than not, it can catch some indication that somethings amiss, and anything serious enough to bypass HJT likely is bad enough to have a noticeable effect.)

vladgd · « **Reply #5 on:** April 23, 2008, 04:08:58 AM »

link plox

Spectere · « **Reply #6 on:** April 23, 2008, 11:15:43 AM »

http://www.spywareinfo.com/~merijn/programs.php

Bobbias · « **Reply #7 on:** April 23, 2008, 12:30:00 PM »

Damn, beat me to it.

But yeah, I've found HJT to be absolutely indispensable for getting rid of spyware and such.

vladgd · « **Reply #8 on:** April 23, 2008, 05:29:10 PM »

wellp, just in case

Code: [Select]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:59 PM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\vlad\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5723 bytes

Spectere · « **Reply #9 on:** April 23, 2008, 09:33:04 PM »

Everything looks good to me.

If you have any questions about a particular process, Google it. Y'all might lern sumthin!

vladgd · « **Reply #10 on:** April 23, 2008, 09:56:30 PM »

Quote from: Spectere on April 23, 2008, 09:33:04 PM

If you have any questions about a particular process, Google it. Y'all might lern sumthin!

actually i do, but having other peoples input never hurt.

(yea i said i never look up anything on a search engine, but if the link says something like "cnet.com/whatever" i know its safe)

spectere.net

Author Topic: spaiwer (Read 5426 times)

vladgd

spaiwer

Spectere

Re: spaiwer

vladgd

Re: spaiwer

Spectere

Re: spaiwer

Bobbias

Re: spaiwer

vladgd

Re: spaiwer

Spectere

Re: spaiwer

Bobbias

Re: spaiwer

vladgd

Re: spaiwer

Spectere

Re: spaiwer

vladgd

Re: spaiwer