We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
pc help.....had spyware i think???
crystal9
Posts: 3,813 Forumite
in Techie Stuff
please forgive me if this is in the wrong place.here goes....last night when going to close pc down i found 2 new desktop icons which was gay fettish s*x ive no idea how they got there i tried deleted these and empty recyle bin but they just kept comming back
.then the pc went really funny blue screen with loads of writing saying something about spyware and it was harming my pc eventually after it happening about 4 times i managed to get on here and download google pack which has spy doctor did a test and at the mo it all seems fine.
what id like to know is how did i get that on pc (when i only really use here,ebay,shopping tesco etc. and also is the google pack the best to have.
i already have mc afee anti virus set up.
well hope you understand what im saying and sorry its a long post but would love it if someone could explain in ENGLISH lol whats best to have.
have now given up smoking since feb 13th 2014 loving the money I'm saving
0
Comments
-
Download, install, update and run a Quick Scan using Malwarebytes' AntiMalware. When completed, choose Remove Selected.0
-
thanks, have downloaded now and doing scan whats different about this? i seem to have so much stuff on here now and ivr not got a clue what i need. doing scan and its saying 66 infected items so far and yet my others never came up with this have now given up smoking since feb 13th 2014 loving the money I'm saving0
-
doing scan and its saying 27 infected items so far and yet my others never came up with this
That's because it's a great product and also free.
Also spyware is best kept in check by using a multi-pronged strategy i.e.using several products with different modes of action.
It seems to be THE program to use to get rid of nasties, certainly for the time being.Move along, nothing to see.0 -
thanks, have downloaded now and doing scan whats different about this? i seem to have so much stuff on here now and ivr not got a clue what i need. doing scan and its saying 66 infected items so far and yet my others never came up with this
Removed Selected? Re-booted?
Let have a look at what you have installed on your PC.
Go to this website, read the Quick Start Guide and produce a Log for reproduction here.0 -
That's because it's a great product and also free.
Also spyware is best kept in check by using a multi-pronged strategy i.e.using several products with different modes of action.
It seems to be THE program to use to get rid of nasties, certainly for the time being.
ok thank you, it ended up with 66 infected ive removed them now.
so having this now an the followering is ok??
mcafee,
spyware doctor,
norton security scan (which came with google pack)
picasa (which came with google)
ccleaner
and windows firwall??have now given up smoking since feb 13th 2014 loving the money I'm saving0 -
Removed Selected? Re-booted?
Let have a look at what you have installed on your PC.
Go to this website, read the Quick Start Guide and produce a Log for reproduction here.
sorry im dumb, but i did quick scan and do you want me to copy this and list here?have now given up smoking since feb 13th 2014 loving the money I'm saving0 -
If you can post the Malwarebytes log along with Hijack this. Doing this may highlight some infections that don't show up in a Hijack Log.0
-
Malwarebytes' Anti-Malware 1.30
Database version: 1360
Windows 5.1.2600 Service Pack 3
03/11/2008 21:41:35
mbam-log-2008-11-03 (21-41-35).txt
Scan type: Quick Scan
Objects scanned: 49366
Time elapsed: 10 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 42
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 16
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\LPVideo.dll (Trojan.FakeAlert) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\!!9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\!!87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\!!6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\!!2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\!!741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\!!147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\!!07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\!!07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\!!07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\!!3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\!!9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\!!00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\!!56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\!!56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\!!59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\!!68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\!!9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\!!1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Rapid Antivirus (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\!!13450066-7ac5-4217-bc75-724602624225} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\!!27f088b5-fb82-40b0-9f71-cbdb5f22a6a1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f5de3865-4fa3-4b88-8cfc-924fc7062aa6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\!!9f2c20c1-43db-4ed2-8b6a-3dbafdbab4a8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\!!9f2c20c1-43db-4ed2-8b6a-3dbafdbab4a8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\!!9f2c20c1-43db-4ed2-8b6a-3dbafdbab4a8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eecd0bf6-c2e5-4231-a14a-a161751f1bb5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lpvideo.lpvideoplugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lpvideo.lpvideoplugin.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lpvideo.xmldomdocumenteventssink (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lpvideo.xmldomdocumenteventssink.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\LPVideoPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\LPVideo.DLL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\InternetGameBox.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\InternetGameBox (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\LPVideoPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Rapid Antivirus (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\InternetGameBox.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\language (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv3_en.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv3_es.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv3_fr.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\NoS2F.bin (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\skins\skinv3.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Rapid Antivirus\loader.exe (Rogue.RapidAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LPVideo.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\vpnsiqpphg_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vpnsiqpphg_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
think this is what you meanhave now given up smoking since feb 13th 2014 loving the money I'm saving0 -
Three things to do;
1.
Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)-
Double-click
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browser-
Click
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser-
Click
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
2.
Download HostsXpert.zip- Extract (unzip) HostsXpert.zip to a a permanent folder on your hard drive such as C:\HostsXpert
- Double-click HostsXpert.exe to run the program.
- Click "Make Hosts Writable?" in the upper left corner (Only If available).
- Click "Restore Microsoft's Hosts file" and then click "OK".
- Click the X to exit the program.
3.
Please do a scan with Kaspersky Online Scanner
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Click on the Accept button and install any components it needs.- The program will install and then begin downloading the latest definition files.
- After the files have been downloaded on the left side of the page in the Scan section select My Computer
- This will start the program and scan your system.
- The scan will take a while, so be patient and let it run.
- Once the scan is complete, click on View scan report
- Now, click on the Save Report as button.
- Save the file to your desktop.
- Copy and paste that information in your next post.
This last one will take a while - It has a good detection rate but does not remove files.
Post back only the Kaspersky log.0 -
right ok thanks, was last post no good?Reluctant_spender wrote: »Three things to do;
1.
Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)- Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
2.
Download HostsXpert.zip- Extract (unzip) HostsXpert.zip to a a permanent folder on your hard drive such as C:\HostsXpert
- Double-click HostsXpert.exe to run the program.
- Click "Make Hosts Writable?" in the upper left corner (Only If available).
- Click "Restore Microsoft's Hosts file" and then click "OK".
- Click the X to exit the program.
3.
Please do a scan with Kaspersky Online Scanner
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Click on the Accept button and install any components it needs.- The program will install and then begin downloading the latest definition files.
- After the files have been downloaded on the left side of the page in the Scan section select My Computer
- This will start the program and scan your system.
- The scan will take a while, so be patient and let it run.
- Once the scan is complete, click on View scan report
- Now, click on the Save Report as button.
- Save the file to your desktop.
- Copy and paste that information in your next post.
Post back only the Kaspersky log.have now given up smoking since feb 13th 2014 loving the money I'm saving0 - Double-click ATF-Cleaner.exe to run the program.
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.8K Mortgages, Homes & Bills
- 177.5K Life & Family
- 258.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards