Paul_J
Member
Registered: 6th Jun 02
Location: London
User status: Offline
|
I hate spyware shite...
You go to remove it and it gets 5x worse... the harder you try to remove it all - the more bullshit installs itself, the more pop ups you get and the more clogged up your system gets. It's fucking pissing me off 
I've got Spy Bot, Adaware, Spyware Guard, Spyware blaster, Antivirus and firewall programs... Yet I still get bogged down with this bullshit!
My Pc was completely clean and fine... then the other day someone posted a link to some site and loads of pop ups and shite came up. Closed them all and thought nothing much of it. Then As I'm using the pc I randomly see this thing flash up on the screen like an installer...
Next thing I know I'm getting constant pop ups.
I used all my spyware tools found the shitty things and removed them. However, it was clean for a couple of secs and then I was getting the same pop ups plus more!
Removed them again... Now more pop ups and a fucking wank search bar on my internet explorer. Removed that and then another different one appears...
Removed ALL that lot and supposedly installed more protection (after reading several articles on the net from forums) - Also installed google's search bar (so that no others can install themself)
and not only did I get all that shit + a whole load more... but some fucking wank dialer thingy has installed itself on my pc called global Eaccess or something?
I'll be using the internet then it'll cut me off and say 'please wait' - and a dialer comes up trying to connect to SIXA? Thankfully I'm connected to the uni network for my internet, not a phone line - so it never works. but I can't seem to remove this piece of shite... whatever I do I seem to remove it and then it comes back again  ffs...
Ran Hi jack this on my pc ...
Logfile of HijackThis v1.98.2
Scan saved at 16:10:25, on 26/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\winupupdate1.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\bsplyr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\lifpcuqg.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\t?skmgr.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Documents and Settings\Administrator\Application Data\bsuu.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Bla\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corsasport.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.corsasport.co.uk/
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\svohost.exe
O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Update] winupupdate1.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKLM\..\Run: [BS Mediaplayer] bsplyr.exe
O4 - HKLM\..\Run: [Microsoft Update Debugger] wincfg32.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WindowsRegKey upd4te2d4te] cyypqsdsy.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall] Sygate.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\wincoz32.exe
O4 - HKLM\..\Run: [amneilh] C:\WINDOWS\System32\lifpcuqg.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\geaccess.exe -N
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKLM\..\RunServices: [BS Mediaplayer] bsplyr.exe
O4 - HKLM\..\RunServices: [Windows Update] winupupdate1.exe
O4 - HKLM\..\RunServices: [Microsoft Update Debugger] wincfg32.exe
O4 - HKLM\..\RunServices: [WindowsRegKey upd4te2d4te] cyypqsdsy.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] Sygate.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKCU\..\Run: [Microsoft Update Debugger] wincfg32.exe
O4 - HKCU\..\Run: [WindowsRegKey upd4te2d4te] cyypqsdsy.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] Sygate.exe
O4 - HKCU\..\Run: [Tqfuw] C:\WINDOWS\System32\t?skmgr.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Teep] C:\Documents and Settings\Administrator\Application Data\bsuu.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185XXUS
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.156.31.79/100039/uk/ringtone/ringtone.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/061436d1442f3a834318/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
so fucking cluttered with bullshit rubbish now 
I'm going to try to remove that last one (as it has the word global) - but all this fucking bullshit really really gets on my nerves ... 
|
CorsAsh
Member
Registered: 19th Apr 02
Location: Munich
User status: Offline
|
^^^ Essay
|
CorsAsh
Member
Registered: 19th Apr 02
Location: Munich
User status: Offline
|
Prob easier to format drive and start over unfotunately, have just had to do that on mine
|
Paul_J
Member
Registered: 6th Jun 02
Location: London
User status: Offline
|
yes
|
Ev0s
Member
Registered: 22nd Jan 04
Location: South Scotland
User status: Offline
|
think you need to have a look at your registry. Loads of things running there that should nto be eg O4 - HKCU\..\Run: [WindowsRegKey upd4te2d4te] cyypqsdsy.exe
O4 - HKLM\..\RunServices: [Microsoft Update Debugger] wincfg32.exe
These look like virus's to me.
|
CraigyG
Member
Registered: 20th Oct 02
Location: Newcastle Upon Tyne
User status: Offline
|
IE is pants Firefox is the way to go 
|
Paul_J
Member
Registered: 6th Jun 02
Location: London
User status: Offline
|
I've got a 3000 64 bit chip, but my pc feels as slow as my 900 mhz amd at home thanks to all the clutter that installs itself on there...
Just checked spam guard and noticed some software had enabled all unsigned and types of activeX things to run automatically!!! no wonder things were getting installed left right and center when surfing the net
|
Coblet
Member
Registered: 26th Jun 04
Location: Camberley, Surrey
User status: Offline
|
Cut it off at the source. Stop using Internet Explorer in any shape or form and get Firefox, it's vastly superior and has a google bar, popup blocker etc built in.
Delete any references to it, stop the processes etc etc and then just stop using IE after the restart.
|
greengoddess
Member
Registered: 17th Jun 03
Location: Northern Ireland, formerly Enfield North London
User status: Offline
|
the best thing to do is wipe your drive as said above then get a copy of Norton Ghost and back up your fresh install with all your favourites and programs setup how u want it, then when things go wrong like this just pop your copy in and its back to how it was when u first installed everything!.The only problem is that u need to keep it updated so u dont lose too much or have a second drive for storing important stuff, so u only have windows and programs on drive c.
|
Jamie
Member
Registered: 1st Apr 02
Location: Aberdeen
User status: Offline
|
quote:
Originally posted by CraigyG
IE is pants Firefox is the way to go
Just downloaded it
Everything loads up so much faster now, must have a ton of spyware back on my harddrive, shame AdWare & PestPatrol cant find it 
|
