Goddamned fucking Spyware Bullshit

[Dillon]

Has any else had their computer over run with spyware recently, that even Ad-Aware and Spybot S&D can't seem to purge?

Whenever I run Ad-Aware, it indicates hundreds of pieces of spyware on my system, and yet it refuses to delete most of them.

The results seem to be random pop ups, and little stupid programs installing themselves called things like "Faces of Bush" and "Create a Monster".

I assumed it was a result of my recent installing of a new so called spy ware free version of Kazza, until my friend told me she was having the same problems, and all she had installed was MSN Messenger.

Therefore, I'm guessing it's an MSN Messenger exploit, and uninstalling MSN Messenger seems to do nothing.

Has anyone else had this problem, and if so, were you able to fix it?

Any help would be very much appreciated.

[Tech^salvager]

Run Ad-aware and Spybot in Safe Mode.

[Dillon]

D'oh!

I can't believe I hadn't thought of that.

Ok, I'll try that.

*Hopes it'll work*

[Ace Pace]

D'oh!

I can't believe I hadn't thought of that.

Ok, I'll try that.

*Hopes it'll work*

For those it dosn't want to delete, try deleting with Hi-jack this.
Don't forget Spybot Search and Destroy, it catchs other stuff as well.

[Einhander Sn0m4n]

Post a Hijackthis log.

[Dillon]

Ok, it's telling me it might not be safe to remove certain things, so here's a screen shot of the log.



So what should I be removing?

[Einhander Sn0m4n]

AAAAAAAAAAAGGGHHHH!!!!!

You took a SCREENSHOT!? I can't do anything with that at all! Post a log please

[Dillon]

Oh, ok. Sorry.

Here's the log file.

http://geocities.com/observer_20000/hijackthis.log

[Einhander Sn0m4n]

Here's a Railgun...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s <== OPTIONAL; SOMEWHAT RESOURCE-HOGGISH
O4 - HKLM\..\Run: [LoadQM] loadqm.exe <== SLAUGHTER THIS PIG!
O4 - HKLM\..\Run: [SESync] "C:\PROGRAM FILES\SED\SED.EXE"
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [Create A Monster] C:\Program Files\Kudd.com\createAMonster.exe -run
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe <== System Restore Doesn't Work.
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE

Scan with SpybotSD and Ad Aware, and rip out everything it finds! Happy hunting!


EDIT: Your little website at the bottom of your posts has earned from me a resounding (put your nuke goggles on)...

ROTFLMMFGDQQAO!!!!

[Dillon]

Here's a Railgun...

*snip*

*Takes railgun and starts blasting spyware and other assorted bullshit mercilessly, only to realize Kenny got caught in the crossfire*

Scan with SpybotSD and Ad Aware, and rip out everything it finds! Happy hunting!

Man, my computer feels so... clean. Thanks a lot!

EDIT: Your little website at the bottom of your posts has earned from me a resounding (put your nuke goggles on)...

ROTFLMMFGDQQAO!!!!

Glad you like it! Despite the over aggressive writing style on my site, positive feedback is always appreciated.

[Kreshna Aryaguna Nurzaman]

I can't help you with your current spyware problem, but to prevent anymore spyware in the future, you may want to change your browser to Opera. So far no spyware has managed to install itself on my hard drive , except once when I was browsing using Internet Explorer .

Never, never use that fucking IE!!!!

[darthdavid]

I can't help you with your current spyware problem, but to prevent anymore spyware in the future, you may want to change your browser to Opera. So far no spyware has managed to install itself on my hard drive , except once when I was browsing using Internet Explorer .

Never, never use that fucking IE!!!!

He's already using firefox. And incase you didn't notice, this appears to be a MSN exploit, nothing to do with his browser. So shoo opera whore.

[Ace Pace]

He's already using firefox. And incase you didn't notice, this appears to be a MSN exploit, nothing to do with his browser. So shoo opera whore.

So hes using Firefox, does that mean we Opera whores can't try to convert him?

[DPDarkPrimus]

Einy, what about this?

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\David\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Driver Services] msdrvs32.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Filetopia] C:\PROGRA~1\FILETO~1\FILETO~1.EXE /TRAY
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Windows Driver Services] msdrvs32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows Driver Services] msdrvs32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

[Tech^salvager]

He's already using firefox. And incase you didn't notice, this appears to be a MSN exploit, nothing to do with his browser. So shoo opera whore.

So hes using Firefox, does that mean we Opera whores can't try to convert him?

No IE rules

[Ace Pace]

No IE rules

So does that mean the IE whores can be flamed? repetedly?

[Tech^salvager]

No IE rules

So does that mean the IE whores can be flamed? repetedly?

Go ahead if you so like.

[Kreshna Aryaguna Nurzaman]

He's already using firefox. And incase you didn't notice, this appears to be a MSN exploit, nothing to do with his browser. So shoo opera whore.

So hes using Firefox, does that mean we Opera whores can't try to convert him?

VADER: What is thy bidding, my master?

EMPEROR: There is a great exploit in the MSN.

VADER: I have felt it.

EMPEROR: We have a new enemy -- observer_20000.

VADER: Yes, my master.

EMPEROR: He could destroy us.

VADER: He's just a user. Firefox can no longer protect him from Spywares.

EMPEROR: The MSN exploit is strong with him. The observer_20000 must not become a Jedi.

VADER: If he could be turned to Opera, he would become a powerful ally.

EMPEROR: Yes. Yes. He would be a great asset. Can it be done?

VADER: He will join us or die, my master.

[Einhander Sn0m4n]

No IE rules

So does that mean the IE whores can be flamed? repetedly?

Go ahead if you so like.

Oh shit.

He actually said it.

1. Security Holes Inherent in Design. A web browser must never have direct access to core OS components.

2. Security Holes Due to Sloppy Coding. I think that's all of them.

3. Less Features than the Competition. Built-in Popup Blocker? Several YEARS late. PNG support? Nope. Tab Browsing? Only with a new frontend like Avant.

4. IE Deliberately Breaks Web Standards With Its Own 'De-Facto' "Standard".

5. BROWSER HIJACKERS!!!


Think I shall stop, or shall I continue?

6. IE is Microsoft's WEAPON OF MONOPOLY ENFORCEMENT.

7. IE JUST PLAIN FUCKING SUX0RZ T3H STDed WEENIE!!!

[Tech^salvager]

4. IE Deliberately Breaks Web Standards With Its Own 'De-Facto' "Standard".
6. IE is Microsoft's WEAPON OF MONOPOLY ENFORCEMENT.

Too bad your going to have to live with it. muwhahahaha

[Einhander Sn0m4n]

O4 - HKLM\..\Run: [Windows Driver Services] msdrvs32.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" <== OPTIONAL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [Windows Driver Services] msdrvs32.exe
O4 - HKCU\..\Run: [Windows Driver Services] msdrvs32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

[Einhander Sn0m4n]

4. IE Deliberately Breaks Web Standards With Its Own 'De-Facto' "Standard".
6. IE is Microsoft's WEAPON OF MONOPOLY ENFORCEMENT.

Too bad your going to have to live with it. muwhahahaha

/me squirts milk out of nose


LOLOLOLOLOL!!! NO WE'RE NOT YOU GODSDAMNED FUCKTARD! FIREFOX IS GAINING EVERY DAY ON IE! W00T!

[Tech^salvager]

ROFLMAO

[darthdavid]

4. IE Deliberately Breaks Web Standards With Its Own 'De-Facto' "Standard".
6. IE is Microsoft's WEAPON OF MONOPOLY ENFORCEMENT.

Too bad your going to have to live with it. muwhahahaha

Not on linux dingle-berry!!!

[Tech^salvager]

4. IE Deliberately Breaks Web Standards With Its Own 'De-Facto' "Standard".
6. IE is Microsoft's WEAPON OF MONOPOLY ENFORCEMENT.

Too bad your going to have to live with it. muwhahahaha

Not on linux dingle-berry!!!

oh yeah!
I could!