Alright so here we go... There seemed to be a new spyware, and I ran spybot and Ad-Aware and they don't seem to catch it. Basically it was a spyware that redirected me to this website: http://www.securitysafeguards.net/ It basically says a spyware was found and that people were accessing my computer prompting me to download some anti-spyware program. After closer inspection I found this was just a website and some cruel attempt to make me download some program. Initially I thought it was a windows message but if you look closely it looks very much similar to windows messages (security centre) but there are no microsoft tags anywhere on the website. Basically its a spyware website. I think it is in someway related to this little thing running on my toolbar. Which I cannot exit or delete or see on my task manager. Its on the bottom right corner the little handicap thing. It says "Virus Alert!" and flashes. I cannot right click, but if i do click it it will open a window which links me to a website advertising "spyguard". Please refer to Screenshot 2 I also think its some way related to this program highlighted in my add/remove controls. For some reason I cannot uninstall it, as it is all in weird symbols. I folllow the directions but i think some error stops it. Refer to Screenshot 1. Help please. Thanks HJT Log: Logfile of HijackThis v1.97.7 Scan saved at 6:21:04 PM, on 27/03/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\iTunes\iTunes.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE D:\Downloads\HijackThis.exe O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Research (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139187735443 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file) is the TROJ_PUPER.BI trojan, and is likely responsible for hijacking your browser. Removal instructions can be found here.
If that doesnt get rid of the program, then try booting up in safe mode and see if you can uninstal it that way.
hmm can i get any more help? The safe mode uninstallation does not work, i think its missing an uninstall file. and the other tip on removing the trojan seems unclear to me.... thanks. the little thing on the bottom right is still there.
Remove CCCleaner, and any other anti-spyware app that you have. Install Microsoft Defender, run it and remove whatever it finds. If this does not help, try the TrendMicro suggestion. Before you start any of the steps at TrendMicro, disable the System Restore service by going to Start | Run | services.msc | and look for the service I listed | double click the service | Click Stop and than disable. Since you have Windows XP, follow the instructions for XP. First, stop the service running for this spyware app which is explained in the first step and than proceed to remove the registry entires.
wow the situation just increased a whole different level. I come home to my computer and I find this Spyware Quake installed. I'm like wtf. I didn't do anything. I don'tk now if its a hacker or if its something I have no clue. But for sure its related to that **** parasite program that was shown o nmy first screenies. So yea if anyone can help me out some more. I'm going to try that trend micro thing... but windows defender didn't do anything. screenie attached. I tried uninstalling and disabling, deleting the folder, etc. And when i restart it just reinstalls itself. This spyware/virus is starting to piss me off. thanks. ps. the trend micro doesn't seem to find the trojan. There is something about a pattern needed. How do I implement the pattern onto the trend micro anti-spyware program (trial version?)
Personally, I like the NOD32 antivirus solution. It's fast and has a low overhead. You can download a free trial here.
well the nod32 seems to have worked. Is it reliable as a way for anti-spyware and anti-virus. Would I be able to rely on this as my only anti-spyware/anti virus?
As far as I can tell, NOD32's detection rate is top-notch for both viruses and spyware/adware. However, if I were you I'd keep at least Spybot S&D around.
I personaly would suggest Spyware Blaster and Spyware Guard. Blaster prevents known websites from downloading onto your computer, and Guard will notify you of any changes that were made to internet explorer (home page change, new buttons, etc.)
alright... can i install CC cleaner or will the spyware write it self into that also? (I noticed that the spyware wrote it iself into ad-aware.... )
sorry to but in here, but are any of those free by any chance? and i mean not just free trail periods
I know that a lot of people have their favorite anti-spyware apps, I do, Goober does, etc, so what I would do is try them, figure out what you like and what works best for you and use only that application. I'll have to try this NOD program.
Yes, I would agree to that too. The only reason why I suggest Spyware xxxxx because its like an internet condom.
Ger... thats what everyone says when I say that. But when you look at everything in life there is almost always a safty barrier between you and whatever you are doing (i.e. riding a bike most wear a healmet, rock climbers normally have a harness and rope) why should the internet be any different? No matter how safe you try to be, there is always that chance that you get redirected a problem site, and imo i would rather be safe than sorry about this. </:rant>
