Page 1 of 3
Goddamned fucking Spyware Bullshit
Posted: 2004-10-31 12:57am
by Dillon
Has any else had their computer over run with spyware recently, that even Ad-Aware and Spybot S&D can't seem to purge?
Whenever I run Ad-Aware, it indicates hundreds of pieces of spyware on my system, and yet it refuses to delete most of them.
The results seem to be random pop ups, and little stupid programs installing themselves called things like "Faces of Bush" and "Create a Monster".
I assumed it was a result of my recent installing of a new so called spy ware free version of Kazza, until my friend told me she was having the same problems, and all she had installed was MSN Messenger.
Therefore, I'm guessing it's an MSN Messenger exploit, and uninstalling MSN Messenger seems to do nothing.
Has anyone else had this problem, and if so, were you able to fix it?
Any help would be very much appreciated.
Posted: 2004-10-31 12:58am
by Tech^salvager
Run Ad-aware and Spybot in Safe Mode.
Posted: 2004-10-31 01:02am
by Dillon
D'oh!
I can't believe I hadn't thought of that.
Ok, I'll try that.
*Hopes it'll work*
Posted: 2004-10-31 01:49am
by Ace Pace
observer_20000 wrote:D'oh!
I can't believe I hadn't thought of that.
Ok, I'll try that.
*Hopes it'll work*
For those it dosn't want to delete, try deleting with Hi-jack this.
Don't forget Spybot Search and Destroy, it catchs other stuff as well.
Posted: 2004-10-31 02:16am
by Einhander Sn0m4n
Post a Hijackthis log.
Posted: 2004-10-31 02:50am
by Dillon
Ok, it's telling me it might not be safe to remove certain things, so here's a screen shot of the log.
So what should I be removing?
Posted: 2004-10-31 03:20am
by Einhander Sn0m4n
AAAAAAAAAAAGGGHHHH!!!!!
You took a SCREENSHOT!? I can't do anything with that at all! Post a log please
Posted: 2004-10-31 03:29am
by Dillon
Posted: 2004-10-31 03:38am
by Einhander Sn0m4n
Here's a Railgun...
...and here are your TARGETS! wrote:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s <== OPTIONAL; SOMEWHAT RESOURCE-HOGGISH
O4 - HKLM\..\Run: [LoadQM] loadqm.exe <== SLAUGHTER THIS PIG!
O4 - HKLM\..\Run: [SESync] "C:\PROGRAM FILES\SED\SED.EXE"
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [Create A Monster] C:\Program Files\Kudd.com\createAMonster.exe -run
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe <== System Restore Doesn't Work.
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
Scan with SpybotSD and Ad Aware, and rip out everything it finds!
Happy hunting!
EDIT: Your little website at the bottom of your posts has earned from me a resounding (put your nuke goggles on)...
ROTFLMMFGDQQAO!!!!
Posted: 2004-10-31 04:16am
by Dillon
Einhander Sn0m4n wrote:Here's a Railgun...
...and here are your TARGETS! wrote:
*snip*
*Takes railgun and starts blasting spyware and other assorted bullshit mercilessly, only to realize Kenny got caught in the crossfire*
Scan with SpybotSD and Ad Aware, and rip out everything it finds!
Happy hunting!
Man, my computer feels so... clean. Thanks a lot!
EDIT: Your little website at the bottom of your posts has earned from me a resounding (put your nuke goggles on)...
ROTFLMMFGDQQAO!!!!
Glad you like it! Despite the over aggressive writing style on my site, positive feedback is always appreciated.
Posted: 2004-10-31 10:55am
by Kreshna Aryaguna Nurzaman
I can't help you with your current spyware problem, but to prevent anymore spyware in the future, you may want to change your browser to Opera. So far no spyware has managed to install itself on my hard drive
, except once
when I was browsing using Internet Explorer 
.
Never, never use that fucking IE!!!!
Posted: 2004-10-31 11:11am
by darthdavid
Kreshna Aryaguna Nurzaman wrote:I can't help you with your current spyware problem, but to prevent anymore spyware in the future, you may want to change your browser to Opera. So far no spyware has managed to install itself on my hard drive
, except once
when I was browsing using Internet Explorer .
Never, never use that fucking IE!!!!
He's already using firefox. And incase you didn't notice, this appears to be a MSN exploit, nothing to do with his browser. So shoo opera whore.
Posted: 2004-10-31 11:16am
by Ace Pace
darthdavid wrote:
He's already using firefox. And incase you didn't notice, this appears to be a MSN exploit, nothing to do with his browser. So shoo opera whore.
So hes using Firefox, does that mean we Opera whores can't try to convert him?
Posted: 2004-10-31 11:58am
by DPDarkPrimus
Einy, what about this?
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\David\Desktop\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Driver Services] msdrvs32.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Filetopia] C:\PROGRA~1\FILETO~1\FILETO~1.EXE /TRAY
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Windows Driver Services] msdrvs32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows Driver Services] msdrvs32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Posted: 2004-10-31 12:06pm
by Tech^salvager
Ace Pace wrote:darthdavid wrote:
He's already using firefox. And incase you didn't notice, this appears to be a MSN exploit, nothing to do with his browser. So shoo opera whore.
So hes using Firefox, does that mean we Opera whores can't try to convert him?
No IE rules
Posted: 2004-10-31 12:08pm
by Ace Pace
Tech^salvager wrote:
No IE rules
So does that mean the IE whores can be flamed? repetedly?
Posted: 2004-10-31 12:15pm
by Tech^salvager
Ace Pace wrote:Tech^salvager wrote:
No IE rules
So does that mean the IE whores can be flamed? repetedly?
Go ahead if you so like.
Posted: 2004-10-31 12:25pm
by Kreshna Aryaguna Nurzaman
Ace Pace wrote:darthdavid wrote:
He's already using firefox. And incase you didn't notice, this appears to be a MSN exploit, nothing to do with his browser. So shoo opera whore.
So hes using Firefox, does that mean we Opera whores can't try to convert him?
VADER: What is thy bidding, my master?
EMPEROR: There is a great exploit in the MSN.
VADER: I have felt it.
EMPEROR: We have a new enemy -- observer_20000.
VADER: Yes, my master.
EMPEROR: He could destroy us.
VADER: He's just a user. Firefox can no longer protect him from Spywares.
EMPEROR: The MSN exploit is strong with him. The observer_20000 must not become a Jedi.
VADER: If he could be turned to Opera, he would become a powerful ally.
EMPEROR: Yes. Yes. He would be a great asset. Can it be done?
VADER: He will join us or die, my master.
Posted: 2004-10-31 03:32pm
by Einhander Sn0m4n
Tech^salvager wrote:Ace Pace wrote:Tech^salvager wrote:
No IE rules
So does that mean the IE whores can be flamed? repetedly?
Go ahead if you so like.
Oh shit.
He actually said it.
1. Security Holes Inherent in Design. A web browser must never have direct access to core OS components.
2. Security Holes Due to Sloppy Coding.
I think that's all of them.
3. Less Features than the Competition. Built-in Popup Blocker? Several YEARS late. PNG support? Nope. Tab Browsing? Only with a new frontend like Avant.
4.
IE Deliberately Breaks Web Standards With Its Own 'De-Facto' "Standard".
5.
BROWSER HIJACKERS!!!
Think I shall stop, or shall I continue?
6.
IE is Microsoft's WEAPON OF MONOPOLY ENFORCEMENT.
7.
IE JUST PLAIN FUCKING SUX0RZ T3H STDed WEENIE!!!
Posted: 2004-10-31 03:41pm
by Tech^salvager
4. IE Deliberately Breaks Web Standards With Its Own 'De-Facto' "Standard".
6. IE is Microsoft's WEAPON OF MONOPOLY ENFORCEMENT.
Too bad your going to have to live with it. muwhahahaha
Posted: 2004-10-31 03:41pm
by Einhander Sn0m4n
O4 - HKLM\..\Run: [Windows Driver Services] msdrvs32.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" <== OPTIONAL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [Windows Driver Services] msdrvs32.exe
O4 - HKCU\..\Run: [Windows Driver Services] msdrvs32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
Posted: 2004-10-31 03:43pm
by Einhander Sn0m4n
Posted: 2004-10-31 03:44pm
by Tech^salvager
ROFLMAO
Posted: 2004-10-31 03:45pm
by darthdavid
Tech^salvager wrote:4. IE Deliberately Breaks Web Standards With Its Own 'De-Facto' "Standard".
6. IE is Microsoft's WEAPON OF MONOPOLY ENFORCEMENT.
Too bad your going to have to live with it. muwhahahaha
Not on linux dingle-berry!!!
Posted: 2004-10-31 03:47pm
by Tech^salvager
darthdavid wrote:Tech^salvager wrote:4. IE Deliberately Breaks Web Standards With Its Own 'De-Facto' "Standard".
6. IE is Microsoft's WEAPON OF MONOPOLY ENFORCEMENT.
Too bad your going to have to live with it. muwhahahaha
Not on linux dingle-berry!!!
oh yeah!
I could!
