Help.. spyware removal. Now with my HT log :D.

Discussion in 'adware, spyware & hijack cleaning' started by LukaszJ, Dec 31, 2003.

Thread Status:
Not open for further replies.
  1. LukaszJ

    LukaszJ Registered Member

    Joined:
    Dec 31, 2003
    Posts:
    57
    I lately got some **** on my cmop that changes my home page to some echm.com site and ads some search **** on the bottom of IE. I tried using latest versions of Adaware and Spybot but that **** still keeps coming back.
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Re:Help.. spyware removal

    Hi LukaszJ,

    Download and run: http://www.merijn.org/files/CWShredder.exe
    Then reboot and follow these instructions
    http://www.wilderssecurity.com/showthread.php?t=15913
    Since you already ran Spybot S&D and AdAware, step 3 will do.

    Regards,

    Pieter
     
  3. LukaszJ

    LukaszJ Registered Member

    Joined:
    Dec 31, 2003
    Posts:
    57
    Re:Help.. spyware removal

    Thank you again :D.
     
  4. LukaszJ

    LukaszJ Registered Member

    Joined:
    Dec 31, 2003
    Posts:
    57
    Heres the log:

     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi LukaszJ,

    Found it. lop.com :p

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    O4 - HKLM\..\Run: [eareest] C:\DOCUME~1\admin\DANEAP~1\stthfrqu.exe -QuieT

    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

    Then reboot and delete:
    C:\DOCUMENTS AND SETTINGS\admin\DANEAP~1\stthfrqu.exe
    (DANEAP~1 should be something like Application Data)

    Regards,

    Pieter
     
  6. LukaszJ

    LukaszJ Registered Member

    Joined:
    Dec 31, 2003
    Posts:
    57
    Youre a lifesaver :D.
     
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Glad we could help. :)

    Have a great 2004,

    Pieter
     
  8. LukaszJ

    LukaszJ Registered Member

    Joined:
    Dec 31, 2003
    Posts:
    57
    One more question:

    There is that socalled "removal utility" on the lop.com site, does it really remove it or just installs some more **** ?

    PS: And a happy 2004 for you guys doing here a great job too.
     
  9. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    It removes some things, but leaves others in.

    AdAware and Spybot do a better job then their own removal tool. :rolleyes:
    And they have problems enough finding and removing the randomized BHO and Toolbar dll´s.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.