pop up adverts and system running slow or crashing

gill07

hi
only thing of my web search i have found is smiley central

albertross_2

uninstall it,

then

IE, tools, internet options, advanced, untick "enable 3rd party browser extensions", ok

If 1stdialer is also mentioned in add/remove, uninstall that as well 1st.

turn off system restore(start help sys restore), turn on system restore, empty recycle bin

upload c:\windows\system32\service.exe to http://www.virustotal.com/ and see if it finds anything. post back results.


, then do some scans..

post back results, and another hijackthis log when the scanners have done their jobs.

Donnie

gill07 wrote: »

hi
only thing of my web search i have found is smiley central

You can't be serious. We can see the entries all over your Hijack This report.

Examples:
C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
C:\PROGRA~1\MYWEBS~1\bar\6.bin\m3SrchMn.exe
C:\WINDOWS\system32\service.exe
R3 - URLSearchHook: (no name) - !!00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - !!00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
O3 - Toolbar: My &Search Bar - !!0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O3 - Toolbar: My Web Search - !!07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\6.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\6.bin\m3SrchMn.exe" /m=2 /w
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE

I got bored after that, but there's more.

pchelpman

I take it this is a Dell machine? Dells can come pre-loaded with this MyWay/MyWebSearch malware straight from the factory and it can be a horrendous process to remove it. Often it's not as simple as just using the Control Panel and there's usually no uninstaller.

This on another site where I'm a member ... a discussion that started a couple of years ago ...

http://www.castlecops.com/postx135256-0-0.html

You get the idea.


As members here have remarked this system is riddled with that malware, other Trojans and more than one dialer that should be removed immediately.

It is in need of much fixing but I won't be posting any more suggestions. It could become too confusing. Others seem to have that in hand.


PCH

gill07

it is a packard bell. is it worth me going through the things that others have told me to try.

gill07

albatross- results of virus total check
TR\agent.90112.G
Application\playmp3z
Adware.Mirar
Trojan.Agent.90112.G
running scans now will post back results
thank you for your help

pchelpman

Well, as it's a PB then the MyWay/MyWebSearch malware probably arrived from the outside so maybe "removable" as others have suggested.

Yes, please use all free removal tools and fixing programs. Here are some of the most popular ones ...


Superantispyware > http://www.superantispyware.com/

AVG Anti Spyware > http://free.grisoft.com/doc/5390/us/frt/0?prd=asf

TrojanHunter > http://www.misec.net/

Spybot Search & Destroy > http://www.safer-networking.org/

Ad Aware > http://www.download.com/Ad-Aware-2007-Free/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5

Ccleaner > http://www.ccleaner.com/ [ensure you install it WITHOUT the optional Yahoo Toolbar download. You must untick/uncheck the relevant box on download]



Note ... Combofix is also excellent BUT DO NOT USE IT unless under the guidance of someone who really knows what this program will do. I have seen at least one user try it on his own and end up in a worse state.


PCH

Donnie

I'm happy to defer to anyone named pchelpman.

gill07, have you fixed the problems highlighted in the HijackThis log?



Here's a useful guide; http://forums.majorgeeks.com/showthread.php?t=35407


Personally, I favour a re-format when infected. I like the feeling of having a completely clean machine.

pchelpman

Donnie wrote: »

Personally, I favour a re-format when infected. I like the feeling of having a completely clean machine.

I was erring this way too given that Gill's machine is so badly infected.


PCH

Donnie

It's not too bad. Your goal is to remove the dodgy .exe files and the files that have been installed to run on start up of your machine.

The reason why I tend to choose re-format is for peace of mind and that it allows me to install only what I need.

It allows for a more responsive experience, especially on older machines.
But a re-install may prove just a daunting for you, as we may have to talk you through the installation of new programs and the backing up of Drivers etc.

I just don't have the inclination to do on my own that right now. Especially if I'm not sure the OP is even following the instruction.

So, over to you pchelpman.