Results 1 to 4 of 4
  1. #1
    Member afraidnotscared's Avatar
    Join Date
    Aug 2004
    Posts
    1
    Points
    0

    Default Cannot access e-mails, spyware pop-ups, homepage corrupt.

    My computer has many problems.

    I have tried steps 1-4 as suggested and my computer either would not let me run the programs (steps 2-4) or they were unsuccessful (step 1).

    The main problems are that when i try to access my homepage this site comes up:

    http://img.photobucket.com/albums/v8.../searchfor.jpg

    As do a number of pop-ups about spyware protection.
    I have tried to change this from my homepage but it doesn't work.

    When I try to access e-mails (in both hotmail and yahoo accounts) the same screen comes up immediately after I login, this also happens sporadically when I am using other websites.

    I have installed and ran latest editions of various programmes such as: Norton, Hijack this, Ad-Aware, Safeguard Pop-up Blocker, SpyDoctor, Spybot - Search and destroy and PcBugDoctor. Each time i run these they detect viruses which come back the next time i turn on my PC. Ad-Aware is the only one which makes a notable difference, it rids me of all of these problems until the next time i turn on my computer.

    Here is my Hijack this (v. 1.98.0) report:

    Logfile of HijackThis v1.98.0
    Scan saved at 22:16:15, on 17/08/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\SONY\SONICSTAGE\OMGJBOX.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS1980.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {985A0270-EEFA-11D8-87A5-000B593F6713} - (no file)
    O2 - BHO: (no name) - {48960121-F080-11D8-87A5-000BE68AAE51} - C:\WINDOWS\SYSTEM\PCD.DLL
    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
    O18 - Filter: text/html - {48960120-F080-11D8-87A5-000B89C60BCA} - C:\WINDOWS\SYSTEM\PCD.DLL
    O18 - Filter: text/plain - {48960120-F080-11D8-87A5-000B89C60BCA} - C:\WINDOWS\SYSTEM\PCD.DLL
    O20 - AppInit_DLLs: APITRAP.DLL
    O21 - SSODL: System - {941D7760-B0C3-11D8-87A5-000B6A29254D} - (no file)

    Appoligies for this (probably unnecessarily) lengthy post but any relevant help would be greatly appreciated. As you can see I have tried many times to get rid of this horrible virus, and, perhaps due to my own lack of technological merits...failed.

    Please help me you are very nice people.

  2. #2
    Jos
    Jos is offline
    Member Jos's Avatar
    Join Date
    Nov 2003
    Location
    OH,US,world
    Posts
    84
    Points
    1

    Default

    One thing, be sure to have a firewall up. I used to get those bogus pop-up warnings too. I use the firewall in XP. You could try this one: http://www.zonelabs.com/store/conten...eeDownload.jsp

  3. #3
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Before we clean your computer please read this first :-

    Do you have or have you had Kazaa installed on your computer ?

    This is my "canned" sermon...for Kazaa... if you no longer have it, some of it wont apply to you.

    If you have any concern at all for the security of your computer, you should uninstall Kazaa now

    It is the source of all your problems, now and in the future.....

    Read this about all the malware it contains......and malware/ spyware free alternatives.

    http://forums.winamp.com/showthread.php?threadid=64964

    Should you then decide to get rid of Kazaa....... do this.....

    Uninstall Kazaa from Add/remove programs in control panel....

    Do the same with P2P Networking .... it's a useless Kazaa add on that's been proven to slow down systems.......... If/when asked whether you also want to remove Altnet components, say 'Yes'

    Warning...Before running Kazaabegone Save any music files etc, thet you have in Kazaa shared folders ... once you run Kazaabegone ... these will be lost forever

    If you have removed Kazaa from your computer....run this program as well... kazaabegone <<< Click here it will remove all the rubbish left behind by the Kazaa uninstall.

    ---------------------
    That said.....

    Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    O2 - BHO: (no name) - {985A0270-EEFA-11D8-87A5-000B593F6713} - (no file)
    O2 - BHO: (no name) - {48960121-F080-11D8-87A5-000BE68AAE51} - C:\WINDOWS\SYSTEM\PCD.DLL

    O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

    O18 - Filter: text/html - {48960120-F080-11D8-87A5-000B89C60BCA} - C:\WINDOWS\SYSTEM\PCD.DLL
    O18 - Filter: text/plain - {48960120-F080-11D8-87A5-000B89C60BCA} - C:\WINDOWS\SYSTEM\PCD.DLL

    O21 - SSODL: System - {941D7760-B0C3-11D8-87A5-000B6A29254D} - (no file)


    Reboot then find and delete :-

    .....The entire contents of the C:\windows\temp folder ( Do NOT delete the folder itself)

    Then run Adaware again

    Then do yourself a favour ... download and install these 3 programs :-

    1. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
    2. SpywareGuard: http://www.wilderssecurity.net/spywareguard.html
    3. IE/Spyad: https://netfiles.uiuc.edu/ehowes/www/resource.htm

    Along with an anti-virus program and a firewall

    Theses will go a long way towards helping to keep your computer clean and safe.

    Let us know

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    One more thing ...

    Go to Start\Run

    Type in msconfig

    click "startup" tab

    retick Scanregistry, and reboot

    This will give you a backup of your registry in the case of serious problems...

    Leave it ticked and each day when you boot for the first time a backup will be made (you will always have backups for the last 5 days) after that they get overwritten.

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -