Guru3D.com Forums

Go Back   Guru3D.com Forums > General > Operating Systems
Operating Systems Is Windows 2000, XP or Vista giving you a hard time ? Wanna try out Linux ?


Reply
 
Thread Tools Display Modes
Driving Me Up the Walls!! Help Please....
Old
  (#1)
Hiro1000
Maha Guru
 
Videocard: GTX 670
Processor: Intel 3870K
Mainboard:
Memory: 8GB DDR3 1600
Soundcard: Realtek HD Audio
PSU: 650 Watt Modular
Default Driving Me Up the Walls!! Help Please.... - 04-16-2007, 23:00 | posts: 2,603

Ok, I am very skilled at computers and what not. But for some odd reason I think I had downloaded an infected installation file that was filled with some adware/spyware bull crap. So I ran the trifecta of scans. Spybot, Adaware, and Counterspy. Got rid of most of it. Reboot and rescan. But there is something still remaining from the spy attack.




The thing at the end that blinks incessantly. The question mark and then the crossout signal thing on the far right. Over and over again and tries to launch to an adware site to download bull crap and what not. Ok So I use firefox, ran also Hijackthis and ran virus scans up the wazoo but I can't get this to go away. I also checked the startup and nothing is wrong. But for all intensive purposes I post below my startup.



Just to provide as much as possible. Here is the hijackthis file as well.

Quote:
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Gaim\gaim.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Hiro1000\Desktop\hijackthis_sfx\HijackThi s.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Gaim] C:\Program Files\Gaim\gaim.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
I also notice that Windows Defender refuses to start or do anything really. Which is odd. But if any other info is needed I can surely post it.

Please help get rid of this thanks alot.

Hiro1000
   
Reply With Quote
 
Old
  (#2)
Arthas
Master Guru
 
Arthas's Avatar
 
Videocard: Leadtek 9600GT 1GB @ 22"
Processor: A64 3200+ 939-pin
Mainboard: Asus A8N-SLI
Memory: 2GB G.Skill
Soundcard: Onboard :\
PSU: HEC 475W
Default 04-17-2007, 03:29 | posts: 386 | Location: Israel

A friend of mine had that virus on his old computer(Windows XP PRO)
this virus could not be deleted even in safemode or DOS, what we did is downloaded AVG Anti Spyware and it went off, no other anti spyware could do that job, gl.

p.s
try doing that in normal mode and in safe mode.
if that doesn't work you can only reinstall windows because that virus infects all the computer programs and duplicates it self.
   
Reply With Quote
Old
  (#3)
rpeter381
Member Guru
 
rpeter381's Avatar
 
Videocard: NVIDIA GeForce GTX 550 Ti
Processor: 3.30 gigahertz AMD Phenom
Mainboard: FOXCONN A76GMV 1.0
Memory: 8192 Megabytes
Soundcard:
PSU: 700 Watt
Default 04-17-2007, 22:02 | posts: 49 | Location: uk

Try running the free version of superantispyware. http://superantispyware.com/
Also look here if it fails http://www.xp-vista.com/remove-SpyLock
   
Reply With Quote
Old
  (#4)
volkov956
Ancient Guru
 
volkov956's Avatar
 
Videocard: 7970 HD GHZ
Processor: ES 4GHZ Six Core 12MB
Mainboard:
Memory: 16GB DDR3 1600
Soundcard: SB XFI Elite Custom
PSU: 750 EPS
Default 04-18-2007, 08:39 | posts: 5,988 | Location: Канад

wow in the last week 3 people have brought me computer with taht sucker on there i starting to wonder why or where everyone getting it
   
Reply With Quote
 
Old
  (#5)
Hiro1000
Maha Guru
 
Videocard: GTX 670
Processor: Intel 3870K
Mainboard:
Memory: 8GB DDR3 1600
Soundcard: Realtek HD Audio
PSU: 650 Watt Modular
Default 04-18-2007, 12:43 | posts: 2,603

Well I said F it and reformatted. That sucker is one tough SOB. I tried one final rally, safe mode bunch of scans, deleting the files I knew were a part of it. Nope couldn't get it. The ba$t@rd replicates itself over and over and changed the icon. Meh, I needed a reformat anyways. Thanks for the help guys I appreciate it.
   
Reply With Quote
Old
  (#6)
ManofGod
Maha Guru
 
Videocard: XFX R9 290 Reference
Processor: AMD FX 8350 at 4.6GHz
Mainboard: ASRock 990FX Extreme 9
Memory: 16GB Visiontek DDR3 1333
Soundcard: On Board Sound
PSU: Thermaltake Smart M850W
Default 04-18-2007, 16:16 | posts: 879 | Location: Tonawanda, NY

For future reference, this would have cleaned it up: http://siri.geekstogo.com/SmitfraudFix.php

I ran that on 2 different machines with this problem recently and it worked great.

Joe
   
Reply With Quote
Old
  (#7)
Hiro1000
Maha Guru
 
Videocard: GTX 670
Processor: Intel 3870K
Mainboard:
Memory: 8GB DDR3 1600
Soundcard: Realtek HD Audio
PSU: 650 Watt Modular
Default 04-18-2007, 22:10 | posts: 2,603

Hey thanks for that, I will keep that on my usb key for future (hopefully not) occurrences.
   
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
vBulletin Skin developed by: vBStyles.com
Copyright (c) 1995-2014, All Rights Reserved. The Guru of 3D, the Hardware Guru, and 3D Guru are trademarks owned by Hilbert Hagedoorn.