View Full Version : spyware coming back every day
Stijn
January 21st, 2004, 04:30 AM
After installing Spybalster and Ad-aware (for removal of spyware), I noticed, that some of the spyware is back in the PC every day. Do you have any idea how this can be prevented?
The log-file from Ad-aware6.0 is attached
Thanks
Pieter_Arntz
January 21st, 2004, 05:12 AM
Hi Stijn,
I think AdAware recognizes the Program folder of the Startportal (aka MS-Connect) dialer, but not the executable.
Please go to http://www.tomcoyote.org/hjt/, and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log as a .txt file, and copy and paste its contents into your next post.
Most of what it lists will be harmless, so do not fix anything yet.
Regards,
Pieter
Stijn
January 21st, 2004, 03:15 PM
Here is the log-file.
Thanks for your help.
Stijn
subratam
January 21st, 2004, 03:23 PM
hey stijn,
will you please download CWShredder (http://www.wilderssecurity.com/attachments/cwshredder1462.zip).
Unzip it and then closing all other windows except CWShredder please press the Fix button
After that reboot and post a fresh log here
thx
Pieter_Arntz
January 21st, 2004, 04:13 PM
Hi Stijn,
No need for CWShredder.
(Sub I want a word with you - >:( <= firm look)
Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Startportal/Portal/portal.html
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Diskstart] C:\WINDOWS\System32\hit.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) - http://dialxs.nl/install/dialxs.ocx
Then reboot into safe mode (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406) and delete:
C:\Program Files\Startportal <= entire folder
C:\Program Files\MyWay <= entire folder
C:\WINDOWS\System32\hit.exe <= the one that was bugging you.
Regards,
Pieter
Stijn
January 22nd, 2004, 07:13 AM
Hi Pieter,
It worked and problems are solved.
Thanks again for your help.
Stijn :)
Pieter_Arntz
January 22nd, 2004, 07:19 AM
My pleasure. :)
Pieter
vBulletin® Copyright ©2000-2009, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2009, Wilders Security Forums