Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Adware / Pop-ups by cpmsky

Oct 5, 2008 8:17AM PDT

My computer was overrun by "RON ads by cpmsky". I used the advice from one of the Vista threads and ran HJT in Safe mode. I deleted the one line that had cpmsky in it. It was in the 02 section with a file named "TAEGUEWMPWR.DLL" associated with it. I'm still not sure if the ADWARE is gone but I ran HJT again and see the following lines that are suspect. I can attached the whole log file if neccessary but these are the only ones that look out of place. Any help in assesing these two is greatly appreciated. Thanks much!

02-BHO:(no name)-{7E853D72-626A-48EC-A868-BA8D5E23E045}-(no file)

04-HKLM\..\Run:[bcduhafeyzrczjwo]C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\taeguewmpwr.dll

Discussion is locked

- Collapse -
Please Follow These Steps..
Oct 5, 2008 11:22AM PDT

Please follow the steps below to download and run a couple of free malware scanners on your computer. Use them in the order I give them. The error you're seeing frequently is the result of malware.

First, use the free Malwarebytes instructions below:

Please download Malwarebytes' Anti-Malware from the link below:

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
____________________

After finishing with the tool above, please download, install, update, then run a full system scan with the free SuperAntispyware program from the link below. Delete everything it finds.:

SUPERAntispyware Removal Tool

After running the tools above, it should remove the HJT entries you've mentioned.. If it doesn't, then you'll need to post your log at one of the specialize forums in the link below.. We don't analyze them on these forums.

http://forums.cnet.com/5208-6132_102-0.html?forumID=32&threadID=255339&messageID=2533167

Hope this helps...

Grif

- Collapse -
Other tools
Oct 7, 2008 6:48AM PDT

Those are both good tools, you might also wanna check out Ad-Aware 2008, Spybot Search & Destroy, AVG Anti Virus 8, Avast 4.8, or Avira AntiVir all can be found within the top downloads on Download.com and are free to use.

- Collapse -
One more tool and comments on the files
Oct 8, 2008 2:08PM PDT

I agree with Grif and husker86 on the tools they suggested. One other tool to consider if you're feeling adventurous is Microsoft's Process Explorer (http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx). It is basically an advanced version of task manager that gives much more detailed information. However, if you happen to be a gamer I seem to remember reading somewhere that it can conflict with games that use the Securom protection. I'm not sure if anything has been done to correct the conflicts at this point in time. There is an interesting, imo, webcast from Mark R. on that site that talks about advanced malware cleaning. It runs a little over an hour and can be found by clicking on Mark's webcasts on the left-hand side of that page.

I think you're right about those two lines from HJT, jadavid30. The first is a browser helper object (BHO) that points at nothing and the second is trying to register that dll for a file that I could find no information about. The HKLM is for the HKEY_LOCAL_MACHINE section of the registry. Hope this helps.

- Collapse -
Thanks
Oct 10, 2008 10:49AM PDT

I ran the two programs suggested first and it found and deleted a number of other Malware entries and files. Havn't gotten around to the others yet. I'm not getting the Pop-Ups anymore - but the two entries listed in my first post are still there when I run HJT. If I have any more problems I'll move to the other applications suggested. Thanks much for your time and assist...

- Collapse -
Process explorer
Oct 10, 2008 4:03PM PDT

Thanks for updating us on your progress so far, jadavid30. At this point I would seriously consider using the MS Process Explorer program that I mentioned in my last post. It will show you the relationships between the programs that are running and may help you track them down so that you can remove all traces of the malware. As I mentioned the video is very informative but the drawback is that it is over an hour long. Mark R. goes through some examples on it about what malware can do and how it can hide on your system. I will mention the caveat again that it may conflict with certain DRM protection but you may not even run into that conflict. Please keep us updated as it is appreciated.