Jump to content


Photo

Spyware keeps reinstalling, can't remove, HELP!


  • Please log in to reply
1 reply to this topic

#1 cassianius

cassianius

    Member

  • New Member
  • Pip
  • 1 posts

Posted 24 July 2004 - 12:11 PM

O.K. So here's the deal. I've tried Spybot, Ad-aware, CWShredder, and even downloaded a free firewall program; and to no avail! While these programs are successful at detecting and removing the spyware while the computer is left on, the spyware reinstalls itself once I've rebooted the computer and hijacks IE with a weird website and a pop-up ad stating that I've got spyware on my computer and should click the pop-up to get it removed (can you believe the nerve of these A-holes! They create the problem and then want your money to fix it! Sort of like the mafia or something!). In the URL it says "About:Blank," which to my knowledge is a common type of hijacker.

So anyways, I remove the spyware with the above programs, reboot my computer again, and when I open IE sure enough the god-damn sleazy bastard About:Blank website shows up with those same insulting spyware removal pop-up ads. It's a viscous cycle!

I've got my HijackThis log posted below. Keep in mind that this is the log that appears once I've removed the spyware with the above software, so hopefully someone can find the reason why it keeps reinstalling itself upon reboot somewhere in this log.

YOU"RE MY ONLY HOPE! PLEASE HELP ME! :eek: :unsure: :grrr: :wtf:
__________________________________________________________

Logfile of HijackThis v1.98.0
Scan saved at 9:31:45 AM, on 7/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\System32\gearsec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB

I APPRECIATE ANYONE TAKING THEIR PRECIOUS TIME TO HELP ME OUT WITH THIS! THANKS IN ADVANCE! :wave:

#2 fluffy2298

fluffy2298

    Member

  • New Member
  • Pip
  • 1 posts

Posted 11 August 2004 - 04:24 AM

i am having the exact same problem, if anyone knows what we should do please help~>




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button