spyware infection...please help

ace1 · 24-11-2005, 08:42 PM

HI,

Can anyone help me....

I suppose my computer has been affected with a spyware or a ad aware...
My browser is automatically openining some siters which are advertisements.

i have used hijackthis to find out the problems . after fixing those problems i am still receiving it.
the two files shownin hijackthis log files are not getting deleted.

i am sendibg the log file....

Logfile of HijackThis v1.99.1
Scan saved at 8:31:06 PM, on 11/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\abc\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.10
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.10
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = /4.3.10
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8B028D4-FB39-44A7-BC4E-C07F92CA9834}: NameServer = 203.94.227.70 203.94.243.70
O20 - Winlogon Notify: avpe32 - C:\WINDOWS\SYSTEM32\avpe32.dll
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\m4ju0e19eh.dll

in this log file the first six are automatically changing its value even iafter deleting it.
the last two dll files are not getting deleted. of that avpe32.dll is not there in system32(not even hidden)
the second dll file is automatically genereated every time comp boots. so this file changes everyttime.

after thororugh scan i came across a folder in system32 . its zonelabs. it contains a file called vsmon.exe.
i have treid hard to delete this file but its giving me erroer that its been used by some other programs.
i have even tried this in safe mode.

pleas e do help me.

swatkat · 24-11-2005, 11:23 PM

Hi,
Looks like Look2Me infection. Download Webroot Spysweeper Trial and install it. (Download link is on right side of the page)

Boot in Safe Mode. Run WebRoot SpySweeper, click "Options" button. Here click "Sweep Options" tab, and here select all the Hard Disk Partitions. In the "Where to sweep" option box, select "Sweep all folders on the selected drives". In the "What to sweep" option box, make sure all the items are selected. Then click "Sweep Now" button and click "Start" and remove any malware it may find.

Restart the PC. Now, download L2MFix from any one of these two locations:-
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the "Install" button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for "Run Find Log" by typing 1 and then pressing Enter. After a while Notepad opens up with a log. Copy the contents of the log and post it here.

sumit_ind · 25-11-2005, 06:02 PM

try AD- AWARE SE EDITION

anandk · 25-11-2005, 07:24 PM

anytime u have spyware problems scan ur pc with atleast 2 good anti-spys, and let them take care of the detection and removal problem.

i suggest any 2 of the following freeware
microsoft anti-spyware
spyware doctor v 3.1
adaware

Popular Categories

Popular Articles

Content Categories

Sister Sites

Follow Us

Facebook Channels

Digit Magazine