1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Spyware, Malware and other nastys

Discussion in 'General Software' started by Taz100420, Mar 30, 2008.

  1. Taz100420

    Taz100420

    Joined:
    Oct 26, 2006
    Messages:
    1,927 (0.68/day)
    Thanks Received:
    100
    Location:
    Fremont, Ohio
    Ok so I turn on the computer and low and behold, my comp is loaded with all kinds of wares. I used Spybot but still have tons of wares. I fixed em and restarted. Spybot didnt do CRAP! I need a free ware remover and was wondering if anyone can point me towards a GOOD one and not spybot.:shadedshu
  2. Taz100420

    Taz100420

    Joined:
    Oct 26, 2006
    Messages:
    1,927 (0.68/day)
    Thanks Received:
    100
    Location:
    Fremont, Ohio
    Oh and something disabled my task manager and I cant remember how to turn it back on lol
  3. acperience7

    Joined:
    Nov 26, 2007
    Messages:
    258 (0.11/day)
    Thanks Received:
    31
    I use spydefense, spywareblaster, and Ad-aware. I know that Spydefense is no longer supported though. I never find more than 6 infections during my scans.
  4. Taz100420

    Taz100420

    Joined:
    Oct 26, 2006
    Messages:
    1,927 (0.68/day)
    Thanks Received:
    100
    Location:
    Fremont, Ohio

    Spybot found 72!!!!! Fixed em and did nothing. Ill try one of them.
  5. anticlutch

    anticlutch New Member

    Joined:
    Sep 9, 2006
    Messages:
    995 (0.35/day)
    Thanks Received:
    32
    Location:
    SoCal
    Have you tried booting into safe mode and then running Spybot? Generally speaking, Spybot's been doing an excellent job for me...
  6. Taz100420

    Taz100420

    Joined:
    Oct 26, 2006
    Messages:
    1,927 (0.68/day)
    Thanks Received:
    100
    Location:
    Fremont, Ohio
    No but Ill try after Ad-aware updates. But some spyware disabled Task Manager, anyone know how to re-enable it?
  7. acperience7

    Joined:
    Nov 26, 2007
    Messages:
    258 (0.11/day)
    Thanks Received:
    31
    In regards to your Task Manager issue, I found(Google) this:


    There is a registry hack to enable or disable Windows NT TaskManager. The same registry hack applies to Windows 2000 and Windows XP.

    Hive: HKEY_CURRENT_USER
    Key: Software\Microsoft\Windows\CurrentVersion\Policies\System
    Name: DisableTaskMgr
    Type: REG_DWORD
    Value: 1=Enablethis key, that is DISABLE TaskManager
    Value: 0=Disablethis key, that is Don't Disable, Enable TaskManager

    As part of the enhanced management available in Windows 2000 and Windows XP, rather than risking a registry change, as an administrator you can enable or disable Windows 2000 Pro or Windows XP Pro's TaskManager using Group Policy Editor. This can be applied to the local policy. Note: if you are trying to override your organizations group policy, you can't. As soon as you re-authenticate to the domain, the domain or OU Group Policy will rewrite the registry setting. But if the TaskManager was accidently disabled or you need to control this item for a set of standalone boxes this is for you:

    * Click Start
    * Click Run
    * Enter gpedit.msc in the Open box and click OK
    * In the Group Policy settings window
    o Select User Configuration
    o Select Administrative Templates
    o Select System
    o Select Ctrl+Alt+Delete options
    o Select Remove Task Manager
    o Double-click the Remove Task Manager option

    And as I mentioned above, since the policy is Remove Task Manager, by disabling the policy, you are enabling the Task Manager.

    Got XP Home - use the registry edit.
    Taz100420 says thanks.
  8. Taz100420

    Taz100420

    Joined:
    Oct 26, 2006
    Messages:
    1,927 (0.68/day)
    Thanks Received:
    100
    Location:
    Fremont, Ohio
    I got it to work for one try and does the same thing. I have to go in and do it everytime. Man this spyware NEEDS to come off!!!!
  9. Ehstii New Member

    Joined:
    Jun 19, 2007
    Messages:
    607 (0.23/day)
    Thanks Received:
    34
    Location:
    The Shore, New Jersey
    theres a program called uniblue power suite which works really well. also registry mechanic, ad-aware se, and clean up 4.0.

    i use all of those at my job to clean out computers.

    but what you want to do:

    1. install the programs you want to use to clean out your computer
    2. disable system restore(start>all programs>accessories>system tools>system restore)
    3. boot in safe mode(F8 on boot).
    4. run the installed apps for cleaning
    5. if it asks your to reboot after a scan make sure you reboot into safe mode, because if you dont and reboot into normal mode, you can get reinfected if its not all cleaned out.
    6. run scans a second time just to make sure everything is out.
    7. reboot normally.
    8. if you can find clean up 4.0 run that last in normal mode. cleans everything out.(if you cant find it let me know. i have it, its free_ware)

    any other questions, feel free to just ask.



    EDIT: also if you can, take your hard drive out and run an external virus scan from another computer. it usually works better and faster.
    Last edited: Mar 30, 2008
    Taz100420 says thanks.
  10. jonmcc33

    jonmcc33 New Member

    Joined:
    Mar 25, 2008
    Messages:
    580 (0.25/day)
    Thanks Received:
    40
    Location:
    Fort Myers, FL
    I highly discourage registry utilities. They do more harm than good.
  11. Ehstii New Member

    Joined:
    Jun 19, 2007
    Messages:
    607 (0.23/day)
    Thanks Received:
    34
    Location:
    The Shore, New Jersey
    i didn't mean registry booster, i meant registry mechanic.


    registry mechanic is by far the best for people who don't know how to manually clean out their registry and it does no harm. its 100% legit and needs no configuration.

    yes there may be ALOT of non-legit "registry boosting" programs out there that are spyware but registry mechanic is not one of them. i use it in a computer repair shop. if it was bad, i wouldn't use it nor would any other techs that i know that work in numerous computer repair shops.


    but anyway, if those programs cant help you Taz100420, than it looks like its time to backup your data and go with a fresh install.




    definitely let us know how it turns out for you though =]
    Taz100420 says thanks.
  12. Taz100420

    Taz100420

    Joined:
    Oct 26, 2006
    Messages:
    1,927 (0.68/day)
    Thanks Received:
    100
    Location:
    Fremont, Ohio

    Ok I got most the spyware out and the rest is up to the registry cleaning and Im sure thatll do it.

    And ya know, I forgot all about registry mechanic. Ive used it in the past when this happened lol
  13. beyond_amusia

    beyond_amusia New Member

    Joined:
    Feb 20, 2007
    Messages:
    1,140 (0.42/day)
    Thanks Received:
    63
    Location:
    Baltimore, Maryland
    unplug your ethernet cable while scanning, because some of that softare will re-download itself while you scan or remove it.
  14. Taz100420

    Taz100420

    Joined:
    Oct 26, 2006
    Messages:
    1,927 (0.68/day)
    Thanks Received:
    100
    Location:
    Fremont, Ohio
    Im on dial up:eek:
  15. jonmcc33

    jonmcc33 New Member

    Joined:
    Mar 25, 2008
    Messages:
    580 (0.25/day)
    Thanks Received:
    40
    Location:
    Fort Myers, FL
    Yes, that's the program I have experience with myself. It gave no performance increase, never fixed any "problems" and actually caused problems (contrary to your statement that it does no harm). There's no reason to spend the extra money on a program like that.
  16. beyond_amusia

    beyond_amusia New Member

    Joined:
    Feb 20, 2007
    Messages:
    1,140 (0.42/day)
    Thanks Received:
    63
    Location:
    Baltimore, Maryland
    And ALL that managed to install??? Now HOW is it that MALWARE can be so little and do so much, while everything else is large and bloated??? :confused: Oh well.... I hope you manage to remove all that stuff... I personally recomend you start having 'safe browsing' lol. Why not run a virtual PC for the more dangerous stuff? :p
  17. Taz100420

    Taz100420

    Joined:
    Oct 26, 2006
    Messages:
    1,927 (0.68/day)
    Thanks Received:
    100
    Location:
    Fremont, Ohio
    well there is four other ppl that use this comp too and they are not too smart about what they do on it and it makes me mad b/c I have to figure out whats wrong lol
  18. Taz100420

    Taz100420

    Joined:
    Oct 26, 2006
    Messages:
    1,927 (0.68/day)
    Thanks Received:
    100
    Location:
    Fremont, Ohio
    Ok I used registry mechanic and of course you need to buy it and I dont have the extra $$ but I downloaded APKs registry cleaner and found 91 entrys and need some info from those that used it.
  19. Ehstii New Member

    Joined:
    Jun 19, 2007
    Messages:
    607 (0.23/day)
    Thanks Received:
    34
    Location:
    The Shore, New Jersey
    its free-ware

    you can buy it, but theres no need.
  20. jonmcc33

    jonmcc33 New Member

    Joined:
    Mar 25, 2008
    Messages:
    580 (0.25/day)
    Thanks Received:
    40
    Location:
    Fort Myers, FL
    It's $29.95 at their website. If it's freeware then you downloaded it from the wrong place.

    http://www.pctools.com/registry-mechanic/

    That's $30 onto the additional TCO of Windows and doesn't do any good. :shadedshu
  21. Ehstii New Member

    Joined:
    Jun 19, 2007
    Messages:
    607 (0.23/day)
    Thanks Received:
    34
    Location:
    The Shore, New Jersey
    well, there was a free-ware version around. they must have gotten rid of it.
  22. GJSNeptune

    GJSNeptune New Member

    Joined:
    Apr 24, 2007
    Messages:
    2,571 (0.97/day)
    Thanks Received:
    105
    Location:
    Ohio
    Run HijackThis! and paste your log here for analysis. You can use the program to then block services/processes.

    For future reference, Spybot and Ad-Aware are no longer a must-have spyware apps, unless you use them post-infiltration. Spyware Doctor is a good app to have, especially if you have problems to get rid of.

    For a clean system, all you really need is Firefox, CCleaner, and Spywareblaster. You can also get Windows Defender for scans.
    Taz100420 says thanks.
  23. Taz100420

    Taz100420

    Joined:
    Oct 26, 2006
    Messages:
    1,927 (0.68/day)
    Thanks Received:
    100
    Location:
    Fremont, Ohio
    HERES THE LOG:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 11:43:42 AM, on 3/31/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\sbwltbxa.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\ngluvktw.exe
    C:\Program Files\PowerISO\SCDEmuApp.exe
    C:\WINDOWS\system32\regsvr32.exe
    C:\PROGRA~1\COMMON~1\SSEMBL~1\userinit.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Alan.ALANS-BITCH\Desktop\HiJackThis_v2.exe

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
    O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
    O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
    O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
    O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
    O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
    O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
    O2 - BHO: (no name) - {59c811fc-1dd2-11b2-be2d-98590a374d16} - C:\WINDOWS\dsbmjady.dll
    O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
    O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
    O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
    O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
    O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
    O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
    O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
    O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
    O4 - HKLM\..\Run: [uxknexup] regsvr32 /u "C:\Documents and Settings\All Users.WINDOWS\Application Data\uxknexup.dll"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [User] "C:\PROGRA~1\COMMON~1\SSEMBL~1\userinit.exe" -vt yazb
    O4 - HKLM\..\Policies\Explorer\Run: [9B2n7pwMID] C:\WINDOWS\ngluvktw.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{87D6FD0D-F843-49FF-8634-1A44DEEF005B}: NameServer = 209.244.0.3 209.244.0.4
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

    --
    End of file - 4386 bytes


    I couldnt put it to the link, it was a dead link for me. But here it is
  24. GJSNeptune

    GJSNeptune New Member

    Joined:
    Apr 24, 2007
    Messages:
    2,571 (0.97/day)
    Thanks Received:
    105
    Location:
    Ohio
    Oops. I had an extra character.

    http://www.hijackthis.de

    Basically, have it analyzed and use the program to block/fix/remove the items the analysis show to be unsafe etc. Looks like there are quite a few.
    Taz100420 says thanks.
  25. Taz100420

    Taz100420

    Joined:
    Oct 26, 2006
    Messages:
    1,927 (0.68/day)
    Thanks Received:
    100
    Location:
    Fremont, Ohio
    Oh thank you! I have a basic idea now on what to delete.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page