We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
spyware/redirection problem
Comments
-
is Malwarebytes rebooting when its done ??
did you click Remove Selected ??
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected
bit confused again (lol, sorry getting late!)
can i remove the bits that malware finds in normal mode? haven't removed anything that it's picked up as of yet, didn't want to run before i could walk so to speak0 -
Ok,
A few things to do and a question too.
Removal of lines
Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:
O16 - DPF: !!0CFA086E-6336-4D95-B6AA-90F564E99631} (TNSClicker.Clicker) - http://www.shopandscan.com/TNSClicker.CAB
Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
Please do a scan with Kaspersky Online Scanner
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Click on the Accept button and install any components it needs.- The program will install and then begin downloading the latest definition files.
- After the files have been downloaded on the left side of the page in the Scan section select My Computer
- This will start the program and scan your system.
- The scan will take a while, so be patient and let it run.
- Once the scan is complete, click on View scan report
- Now, click on the Save Report as button.
- Save the file to your desktop.
- Copy and paste that information in your next post.
Question Are there multiple accounts on this computer?
If there are you should run Anti Malware on each account. Also you should update Antimalware as it is currently on definition 1226 and you are using 1225.0 -
I think I may have it - Tea Timer.
Please disable Spybot S&D’s TeaTimer protection, because it is known to interfere with our fixes.
You can enable it again after you're clean.
Open Spybot and click on 'Mode' then click 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Now run a full scan with Malwarebytes0 -
I noticed you had twext.exe in your log. I have just read this thread on the PC Pro messageboard:
http://www.pcpro.co.uk/phpbb/viewtopic.php?t=299387
This guy had exactly the same symptoms that you describe (being asked for his full password) so I did a search on your log and found it. He doesn't explain how he diagnosed it though.
I don't know anything else about this, other than the same file cropping up in both threads. Hope this is useful.
Personally I only use a Limited account for day-to-day use. I don't understand the details but I am reasonably sure this prevents 'nasties' installing themselves without me knowing (because they can't). I only use Admin to install / uninstall stuff and don't surf the net while using Admin.0 -
Malwarebytes is brilliant I use it regualry I just picked up two malwares tonight
It picks up things my av/firewall didnt
Folders Infected:
C:\Windows\System32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\Windows\System32\drivers\hldrrr.exe (Rootkit.Agent) -> Quarantined and deleted successfully.0 -
I noticed you had twext.exe in your log. I have just read this thread on the PC Pro messageboard:
http://www.pcpro.co.uk/phpbb/viewtopic.php?t=299387
This guy had exactly the same symptoms that you describe (being asked for his full password) so I did a search on your log and found it. He doesn't explain how he diagnosed it though.
Thanks for this - SdFix took that file out.0 -
Reluctant_spender wrote: »Ok,
A few things to do and a question too.
Removal of lines
Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:
O16 - DPF: !!0CFA086E-6336-4D95-B6AA-90F564E99631} (TNSClicker.Clicker) - http://www.shopandscan.com/TNSClicker.CAB
Question Are there multiple accounts on this computer?
If there are you should run Anti Malware on each account. Also you should update Antimalware as it is currently on definition 1226 and you are using 1225.
hi there
in work till this evening so will have another look later
with regards to the shopandscan, this is something which we require on our pc and do not want deleting. we are part of an online research panel for the tns group whereby we scan our shopping to receive point/vouchers each week and have done this for a few years, im assuming if i tick it, it will be removed?
re your question, there's only one account on the computer0 -
evening guys
since ive been home ive gone into spybot and unticked the teatimer and have just ran a "full scan" on malware, the latest log is belowMalwarebytes' Anti-Malware 1.28
Database version: 1225
Windows 5.1.2600 Service Pack 3
03/10/2008 18:42:01
mbam-log-2008-10-03 (18-41-58).txt
Scan type: Full Scan (C:\|)
Objects scanned: 112538
Time elapsed: 1 hour(s), 6 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{D2DF9AD1-ADD7-4AB9-A931-6407F1306C48}\RP329\A0079547.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\System Volume Information\_restore{D2DF9AD1-ADD7-4AB9-A931-6407F1306C48}\RP330\A0079560.exe (Trojan.FBrowsingAdvisor) -> No action taken.
whilst im here, we've also had avg pop up with an alert which ive removed to the vault0 -
by the way, ive left malware up, can someone let me know if i can tick the two items and remove them (if this is the right thing to do, i wont touch anything till im told)!0
-
Yes, tick them and remove them.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.2K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.9K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards