Jump to content


Photo

Can't download CWShredder, hijackthis spybot


  • This topic is locked This topic is locked
8 replies to this topic

#1 Jonnyg

Jonnyg

    Member

  • New Member
  • Pip
  • 4 posts

Posted 20 May 2004 - 03:24 AM

I've been having some trouble with what I think is somw spyware/malware, but I'm a bit new to this so I may be wrong.

I first noticed the problem when my Internet Explorer home page kept changing to "******.outhost.info", no matter how many times I changed it back in the options.

My Notron AV doesn't seem to pick this up, but now notifies me every now or then that my PC keeps being infected with "Backdoor.Hackdefender".

I ran a freescan on the Mcafee site which listed a number of items, mostly "Startpage-AX"

I tried to get hold of one or other of SpybotSD1.3, HijackThis or CWShredder but Internet Explorer just shut down completely whenever I went to a site to download them.

I have got Ad Aware 6 which cleaned up some items, and this seems to have stopped the alteration of my Home page, and also I can now visit the spyware download sites without a it shutting down. So far so good.

However, I still can't download them, because every time I do, once 99% of it is dowloaded I get an error saying that it can't copy from the source file and hence the download isn't saved. I tried the miniremoval_coolwebsearch_killer tool, but it didn't detect anything.

Naturally I don't feel terribly comfortable. AdAware seems to pick up 5 or 6 new things every hoour or two, and I suspect something on my PC is helping them. It's driving me up the wall and I would really appreciate any help.
:(

#2 Jonnyg

Jonnyg

    Member

  • New Member
  • Pip
  • 4 posts

Posted 21 May 2004 - 06:03 AM

OK I think I had a dose of HackerDefender and one or two other things.

I removed HackerDefender using the instructions posted by Winhelp here:

http://www.spywarein...p?showtopic=505

I was then able to download and run CWShredder, Spybot S&D and HijackThis.

I think my system is now clean. However, I would be eternally grateful if someone in the know could look at my Hijackthis log file below and let me know if there is anything else I should worry about.

Thanks

Logfile of HijackThis v1.97.7
Scan saved at 13:01:37, on 21/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\FRNDSL\FRNDSL.exe
C:\Program Files\Misc Security Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://213.159.118.228/sp.
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://213.159.118.228/sp.
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://213.159.118.228/sp.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.euro.dell.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Misc Security Programs\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System Network Service] C:\WINDOWS\svhost.exe -sr -0
O4 - HKLM\..\Run: [ScanSoft Product Registration Reminder] "C:\Program Files\ScanSoft\OmniPageSE\EregEng\NAVBrowser.exe" /r /i "C:\Program Files\ScanSoft\OmniPageSE\EregEng\NavLoad.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...362/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF36960E-5A13-4D2E-90AF-B2C1E61BD9F7}: NameServer = 194.97.173.125 194.97.3.83

#3 Jonnyg

Jonnyg

    Member

  • New Member
  • Pip
  • 4 posts

Posted 21 May 2004 - 06:03 AM

OK I think I had a dose of HackerDefender and one or two other things.

I removed HackerDefender using the instructions posted by Winhelp here:

http://www.spywarein...p?showtopic=505

I was then able to download and run CWShredder, Spybot S&D and HijackThis.

I think my system is now clean. However, I would be eternally grateful if someone in the know could look at my Hijackthis log file below and let me know if there is anything else I should worry about.

Thanks

Logfile of HijackThis v1.97.7
Scan saved at 13:01:37, on 21/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\FRNDSL\FRNDSL.exe
C:\Program Files\Misc Security Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://213.159.118.228/sp.
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://213.159.118.228/sp.
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://213.159.118.228/sp.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.euro.dell.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Misc Security Programs\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System Network Service] C:\WINDOWS\svhost.exe -sr -0
O4 - HKLM\..\Run: [ScanSoft Product Registration Reminder] "C:\Program Files\ScanSoft\OmniPageSE\EregEng\NAVBrowser.exe" /r /i "C:\Program Files\ScanSoft\OmniPageSE\EregEng\NavLoad.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...362/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF36960E-5A13-4D2E-90AF-B2C1E61BD9F7}: NameServer = 194.97.173.125 194.97.3.83

#4 Taz71498

Taz71498

    Advanced Member

  • Retired Staff
  • PipPipPip
  • 225 posts

Posted 21 May 2004 - 09:38 AM

I have gone to the experts on this and this is basically what they say:

Your computer has been compromised in a way which makes it very hard to recover it to uncompromised state with 100% assurance. The OS itself has been altered and is lieing to you, and to any software that you run (thus an anti-virus, firewall, whatever cannot be trusted as they only see what the OS tells them).

If you would like, I can send one of the experts here and maybe give you some kind of help. My suggestion, if you don't have anything really important on your computer, then just reformat. If you do have things that are really important then just say so and I will flag an expert to try to help you out.

#5 Jonnyg

Jonnyg

    Member

  • New Member
  • Pip
  • 4 posts

Posted 21 May 2004 - 03:28 PM

Holy C**P. And everything seemed to be fine now.....

I don't really mind refomatting, the only things of importance are a few saved games and some holiday snaps. I'm not too sure how to go about the reformatting and reinstallation job, as I have a Dell PC and hence only the reinstallation CD rather than a full XP. ANy advice on this would be helpful.

What happened to my PC, how has it been compromised so badly and how can I tell my OS is LYING?

Thanks

#6 Taz71498

Taz71498

    Advanced Member

  • Retired Staff
  • PipPipPip
  • 225 posts

Posted 21 May 2004 - 04:34 PM

I will send an expert here to help you and to answer you question.

#7 Taz71498

Taz71498

    Advanced Member

  • Retired Staff
  • PipPipPip
  • 225 posts

Posted 21 May 2004 - 09:06 PM

Hello,

This is new to me. I haven't dealt with this yet and am still learning. I talk with the expert and this is basically what they said:

I would inform the user of the possibility that his system could be compromised in ways that may not be readily apparent. Tell him he NEEDS to change all his passwords and that a complete format of the hard drive and reinstall of windows is the only way to be completely sure his machine is clean.

I am not saying you should do this, but it is probably the best way. I have a laptop with winxp and did not have the original disk of winxp either. I had the manufact. disk. What happens is this: (Usually the disk will have instructions on how to do this)

Put the cd in the cdrom. My directions told me to hold down the "C" key while the computer is booting and then you release when you see the name of the manufat. come up. Just follow the directions on the screen. Don't attempt to stop the process until it is done or you could damage the system.

This will restore your computer to it's original state when you bought it.

My suggestions about the pictures if you want to save them is to copy them to disk.
Games I think would be a loss. Sorry. You can always reinstall and start again like me son did. Sorry.

This is completely up to you on what you want to do. Hard decision I know. I choose to redo mine for different reasons. But I also knew there was nothing on my computer that I really cared that much about.

If you do this, and when you get back online, I highly suggest reading this link and using the suggestions to help keep your computer clean:

How did I get infected

Also, when reinstallation is done, go straight to Windows Update and update all critical updates.

Remember, do what the experts suggest, CHANGE ALL PASSWORDS.

#8 JArnoldOK

JArnoldOK

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 21 May 2004 - 09:37 PM

Johnny You are still infected


O4 - HKLM\..\Run: [System Network Service] C:\WINDOWS\svhost.exe -sr -0


Your not going to be able to get rid of this in either safemode Nor Cwshredder, or other market scanners, I have posted a topic At this url:

http://www.spywarein...?showtopic=1522

#9 bigjohn

bigjohn

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 21 May 2004 - 09:52 PM

forget

Edited by bigjohn, 21 May 2004 - 09:53 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button