spyware ****!! Help please if you can...

Discussion in 'System Security & Infection Support' started by ruslanb76, May 13, 2008.

  1. ruslanb76

    ruslanb76 pivo prosim VIP Member

    Joined:
    Jul 17, 2004
    Messages:
    442
    Likes Received:
    5
    Location:
    usa
    So I have a program called antispyspider that continuosly redirects my browser and has put up a new wall paper telling me I'm under attack and yadda yadda yadda. My task manager has been disabled and I can't seem to get rid of it. I've used Spybot, Adaware, SuperAntispyware and tried to use Smitfraudfix, but it will not let me delete registry values as it has taken over my task manager and admin settings. Any ideas? Startup takes about 10 minutes and everything is just screwy in general.
     
    ruslanb76, May 13, 2008
    #1
    1. Advertisements

  2. ruslanb76

    spike228 ST 38 VIP Member

    Joined:
    Jul 18, 2004
    Messages:
    2,256
    Likes Received:
    18
    Location:
    Honolulu, Hawaii
    Try doing what you have already attempted in safe mode.


    An antivirus scan might help too. Unfortunately, these type of things aren't always fully deleted when removed, so they may resurface at some random time. I suggest you back up everything thats important then reformat.
     
    spike228, May 13, 2008
    #2
    1. Advertisements

  3. ruslanb76

    ruslanb76 pivo prosim VIP Member

    Joined:
    Jul 17, 2004
    Messages:
    442
    Likes Received:
    5
    Location:
    usa
    so i've repeatedly tried to get rid of the bad files with superantispyware and others but they just come on back. So now I'm think about reinstalling windows. Can I just reinstall windows on my "C" drive while leaving all the other virtual drives on the same hard drive alone? Would it be just easier to reformat and reinstall everything? Biggest pain is getting internet up and running with Time Warner Cable as this happened to me before. Also how do I find my password when I use outlook express to access my roadrunner email account? Any other tips for an easier install?
     
    ruslanb76, May 14, 2008
    #3
  4. ruslanb76

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Likes Received:
    35
    Location:
    Ann Arbor, Mi
    Have you tried using HijackThis and posting the log here? That might be a good first step.
     
    Fenis-Wolf, May 15, 2008
    #4
  5. ruslanb76

    ruslanb76 pivo prosim VIP Member

    Joined:
    Jul 17, 2004
    Messages:
    442
    Likes Received:
    5
    Location:
    usa
    Here is the logfile generated.
    Don't know why I can't paste it in this page....
     

    Attached Files:

    ruslanb76, May 15, 2008
    #5
  6. ruslanb76

    ruslanb76 pivo prosim VIP Member

    Joined:
    Jul 17, 2004
    Messages:
    442
    Likes Received:
    5
    Location:
    usa
    any ideas anyone? I am thinking I I have made some kind of progress although my internet access is spotty. Popups and general slow system have made it hard. Also I can't access certain websites...they just don't load. This one does;) so I guess it is meant for me to get help here..
     
    ruslanb76, May 17, 2008
    #6
  7. ruslanb76

    ruslanb76 pivo prosim VIP Member

    Joined:
    Jul 17, 2004
    Messages:
    442
    Likes Received:
    5
    Location:
    usa
    any ideas anyone? I am thinking I I have made some kind of progress although my internet access is spotty. Popups and general slow system have made it hard. Also I can't access certain websites...they just don't load. This one does;) so I guess it is meant for me to get help here..
     
    ruslanb76, May 17, 2008
    #7
  8. ruslanb76

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Likes Received:
    35
    Location:
    Ann Arbor, Mi
    This should all go:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
    O4 - HKLM\..\Run: [BM0f95b787] Rundll32.exe "C:\WINDOWS\system32\soabvpok.dll",s

    O4 - HKLM\..\Run: [0ca6841b] rundll32.exe "C:\WINDOWS\system32\cjxcgbbw.dll"
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://81.175.116.204/activex/AMC.cab

    O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
     
    Fenis-Wolf, May 19, 2008
    #8
  9. ruslanb76

    ruslanb76 pivo prosim VIP Member

    Joined:
    Jul 17, 2004
    Messages:
    442
    Likes Received:
    5
    Location:
    usa
    Done as you suggested Fenis. I'm getting there but everything is still acting really slow and internet is real finicky about what it wants to open (sites) and how fast it wants to do them.
     
    ruslanb76, May 19, 2008
    #9
  10. ruslanb76

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Likes Received:
    35
    Location:
    Ann Arbor, Mi
    Once those entries are gone, boot into safe mode (F8 right after the BIOS screen) and run your antispyware/antivirus tools there. That should help a lot.
     
    Fenis-Wolf, May 20, 2008
    #10
  11. ruslanb76

    Zeus Moderator

    Joined:
    Jun 20, 2005
    Messages:
    2,006
    Likes Received:
    33
    Location:
    Virginia
    Also if the machine is running slow you might want to defrag it.
     
    Zeus, May 21, 2008
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.