Spyware, Viruses, & Security forum

General discussion

Spyware Problem

Hi Ive tried mostly every program to remove my viruses and spyware yet none worked so I formated my PC and installed Windows XP Upgrade yet I got spyware again which blocks google.com, ask.com, yahoo.com, mostly all search engines except live.com and it also blocks Task Manager I think its my modems fault ever time I plug it in this happens

Help anyone? And can my DSL Modem be infected with a Virus or Spyware?

Thanks
josex26

Discussion is locked
You are posting a reply to: Spyware Problem
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Spyware Problem
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
"Everytime I plug my modem in it happens."

In reply to: Spyware Problem

Are you implying that before using the modem you could visit those sites? That seems unlikely.

I really don't think your DSL modem is infected in such a way that it infects your PC when you connect it. But it's not clear what does happen.

- What do you mean with "block"? What happens if you type www.google.com in the address bar? Or www.google.fr (that's the French one)? What exactly do you mean with "blocks Task Manager"?
- Does it happen also if you disconnect the modem from Internet, so all is strictly local?
- What version of XP is the XP upgrade (XP, XP SP1, XP SP2, XP SP3)? Did you activate the firewall before connecting to the Internet?
- Tell which antivirus you installed before you connected to Internet. after reinstalling Windows XP.

Kees

Collapse -
Answers

In reply to: "Everytime I plug my modem in it happens."

I can get on google yet when I try to search (Put a keyword) it doesn't show the results. I've used Spy Doctor, Super Anti-Spyware, Stopzilla, Ad-ware, Spy Hunter, AVG, and Avast. When I mean it blocks Task Manage it says "Task Mangager has been disabled by your administrator" which I never did and I am running on SP2 Home Edition. And yes pop up some times still show up even without Modem Connection. And my explorer has been crashing alot lately.

Collapse -
Re: answers

In reply to: Answers

Jose,

Disabling of Task Manager certainly points to malware. A very clear instruction on how to enable it again is in http://ask-leo.com/why_is_my_task_manager_disabled_and_how_do_i_fix_it.html

Then use it to get a list of all running processes. Maybe one of them is the culprit. Then kill it. Once you know what it is, it might be possible to remove it. But, of course, it's possible the virus is removed already, and this is just a setting it set when it still existed.

I've never heard of a virus intercepting search results. Try what happens if you run IEXPLORE -EXTOFF (must be IE7) from the start>run box. Or try another browser like Firefox. Post your findings.

Kees

Collapse -
Task Manager

In reply to: Re: answers

I looked at guide and im trying it now yet when I run gpedit.msc my computer said it can't find it and I should check if I spelled it correct. Yet the spyware is worse a bubble in bottom is tells me I am infected and it says click here for more info (probably virus or spyware)

thanks
josep1

Collapse -
Better Browser

In reply to: Task Manager

Ive also found a better browser that allows me to use google for some reason its call TheWorld 2.2
Id why it works its ie based

Collapse -
Read through the article.

In reply to: Task Manager

It says gpedit.msc is only available in Windows XP Pro. Continue with the manual method.

Such a popup as you get might point to the Smidfraud or related malware. That's serious. Please post the full and exact litteral text of the message that pops up. Then some of the expert mods here will take it over.

Kees

Collapse -
Spyware

In reply to: Read through the article.

i only got half because it went away
"slow Computer Speeds!
Slow Operation speed might have been cause by spyware" i didn't get the rest because it went away to fast

josex26

Collapse -
I would give the following a try.......

In reply to: Spyware

Operating Systems: Microsoft

Collapse -
Thanks

In reply to: I would give the following a try.......

I pretty sure it did 60 Removed

Thanks im not ganna try Super Anti-Spyware its slow and i already used didn't help
Task Manager still disabled tho

Collapse -
Did you reboot your computer......

In reply to: Thanks

after running MalwareBytes?? IF NO - pls. reboot

Collapse -
Task Manager has been disabled by your administrator

In reply to: Thanks

Collapse -
Task Manager

In reply to: Thanks

Thanks task manager works malware bubble gone let me see if i can change spyware warning background

Collapse -
Malwarebytes info

In reply to: I would give the following a try.......

I Purchased Malwarebytes and turned on protection but xxyywwww.dll keep turning on and its Malware how can i destory it for sure?

Collapse -
You didn't have to purchase MBAM........

In reply to: Malwarebytes info

as the FREE version also fixes malware problems....... Do you have the latest update ?

Open Malwarebytes and go to Scanner. Check: Perform FULL scan > click on scan.

As you are done, could you pls. post the LOG of the scan.

Collapse -
Log

In reply to: You didn't have to purchase MBAM........

Malwarebytes' Anti-Malware 1.21
Database version: 971
Windows 5.1.2600 Service Pack 2

1:00:06 PM 7/20/2008
mbam-log-7-20-2008 (13-00-06).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 11528
Time elapsed: 15 minute(s), 33 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 3
Registry Keys Infected: 40
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
D:\WINDOWS\444.470 (Trojan.DNSChanger) -> Unloaded process successfully.
D:\WINDOWS\portsv.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
D:\WINDOWS\system32\aqdhxhyr.dll (Trojan.Vundo) -> Unloaded module successfully.
D:\WINDOWS\system32\xxyywwww.dll (Trojan.Vundo) -> Unloaded module successfully.
D:\WINDOWS\system32\abbaebcbfccec.dll (Trojan.Agent) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67275a41-a5cc-49a7-8ba4-f741c9981a77} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{67275a41-a5cc-49a7-8ba4-f741c9981a77} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{edbd181e-eb47-4e49-ad41-f9e524943a07} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{edbd181e-eb47-4e49-ad41-f9e524943a07} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\abbaebcbfccec (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{db036a52-3a88-466b-bd39-05a6d9d9b18a} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{db036a52-3a88-466b-bd39-05a6d9d9b18a} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\ppo.ob (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5f2b8ee3-5b51-4424-a4bd-6c0595c40007} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{587097ab-a686-4c3b-83a7-2b8e2d47868e} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{51e30bdc-0e41-4aed-8fbe-7813cb42497b} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51e30bdc-0e41-4aed-8fbe-7813cb42497b} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ppo.ob.1 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\423b2b70 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: d:\windows\system32\xxyywwww -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: d:\windows\system32\xxyywwww -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
D:\WINDOWS\system32\xxyywwww.dll (Trojan.Vundo) -> Delete on reboot.
D:\WINDOWS\system32\wwwwyyxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\wwwwyyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\klrwla.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\aqdhxhyr.dll (Trojan.Vundo) -> Delete on reboot.
D:\WINDOWS\system32\ryhxhdqa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\abbaebcbfccec.dll (Trojan.Agent) -> Delete on reboot.
D:\WINDOWS\444.470 (Trojan.DNSChanger) -> Quarantined and deleted successfully.
D:\WINDOWS\portsv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\ndisuioo.sys (Rootkit.Agent) -> Delete on reboot.
D:\WINDOWS\system32\iifddEww.dll (Trojan.BHO) -> Delete on reboot.
D:\WINDOWS\system32\ppobo.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.


Marianna how can i get the malware to stop coming on my computer?

Collapse -
Log is looking GOOD !!!

In reply to: Log

Did you reboot your computer AFTER the scan was done ? IF NOT - pls. do !

Is your computer fully updated?

Maybe it would be a good idea to run:

Secunia: Online Software Inspector

http://secunia.com/software_inspector/


Keep your Anti Virus updated !

Keep your MBAM updated - maybe you have seen, as you purchased it, that you can set it to protect your computer. Go to > Protection >
Scheduling > check it.

Near the bottom: click on " Start Protection".

Download: CCleaner
http://www.majorgeeks.com/download4191.html
http://www.ccleaner.com/
Once installed, disable your protection programs that could prevent registry changes, run CCleaner click the Windows tab

Select the following:
Internet Explorer:
Temp Internet
History
Recently Typed URLs
Delete Index.dat files

System:
Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Old Prefetch Data

Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click Run Cleaner (bottom right) then Exit (reboot)

UNcheck all other defaults.

As your computer is now CLEAN - run CCleaner

Also:

Restore Point creating

? Create a new Restore Point:
- Go to Start -> All Programs -> Accessories -> System Tools -> System Restore.
- When the utility opens, select "Create a new restore point" and click Next
- Name the restore point - something like "After infection cleaned" or "After cleaning"
- Click Create.

? Delete the old Restore Points:
- Go to Start -> All Programs -> Accessories -> System Tools -> Disk Cleanup. Click Ok.
- Click the "More Options" tab.
- Where it states "System Restore" - click Clean up.
- All of the old Restore Points will be deleted EXCEPT for the one you just created.

Collapse -
(NT) What kind of Firewall do you have?

In reply to: Log

Collapse -
firewall

In reply to: What kind of Firewall do you have?

I have don't have a firewall at all sure i get one?

Collapse -
Firewall

In reply to: I would give the following a try.......

Collapse -
Firewall

In reply to: Firewall

I downloaded the firewall yet it was slowing me down and it was blocking everything anything better?

Collapse -
Installing and Configuring ZoneAlarm

In reply to: Firewall

Once you have downloaded the free ZoneAlarm application, you can install it just like you would any other application. Once the installation is finished, it will ask you to register the program so they can keep you up to date on product developments, but you can opt out of promotional email.

When you open the free ZoneAlarm application for the first time, it will walk you through the steps to configure the program. This is one of the things that make ZoneAlarm a popular choice among home users, because it's easy to do it correctly. Once you complete the simple setup questions, you can be almost certain that your firewall is configured properly.


Maybe this link will make it "easier" ?

http://www.scambusters.org/freezonealarm.html

Collapse -
I also would suggest........

In reply to: I would give the following a try.......

downloading and installing:

SpywareBlaster 4.1

# Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
# Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
# Restrict the actions of potentially unwanted sites in Internet Explorer.

Download here: http://www.javacoolsoftware.com/spywareblaster.html


and

SpywareGuard 2.2

SpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

http://www.javacoolsoftware.com/spywareguard.html

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.