Spyware?

Discussion in 'Windows Desktop Systems' started by ~bk, Oct 3, 2004.

  1. ~bk

    ~bk I Political User

    Messages:
    3,768
    Location:
    Canada
    Everytime I launch IE, these two search bars pop-up. I don't use IE but my parents do sometimes. I did a Spybot - Search and Destroy.. found like 5 problems and I fixed them. But still, they pop-up. Any ideas?

    Your help is greatly appreciated. [​IMG]
     
  2. ~bk

    ~bk I Political User

    Messages:
    3,768
    Location:
    Canada
    Okay, I've some how fixed the bottom bar. But the top one is still showing.
     
  3. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    post a HijackThis log and I can take a look.
     
    ~bk likes this.
  4. ~bk

    ~bk I Political User

    Messages:
    3,768
    Location:
    Canada
    Here:

     
  5. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    Fix these:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cfmccjjbwrvbiyxssc.us/Ap...vVbREom5zD0.php
    O2 - BHO: (no name) - {88B28A89-B431-C8D9-1B65-CCEA5851D23F} - C:\PROGRA~1\INTER4~1\CLOCK RULE.exe
    O4 - HKLM\..\Run: [Name Creative] C:\PROGRA~1\chicidledeaf\extragluecdrom.exe
    O4 - HKLM\..\Run: [Rule up great owns] C:\Documents and Settings\All Users\Application Data\comp 32 rule up\comp1.exe

    Also, run this uninstaller, http://lop.com/new_uninstall.exe MessengerPlus installs lop.com crap if you allow it to, one reason I definitely recommend against it.

    Reboot into safemode, and delete:

    C:\Documents and Settings\All Users\Application Data\comp 32 rule up\ <--folder
    C:\Program Files\chicidledeaf\ <--folder
    C:\Program Files\INTER4~1\ <--folder that begins with inter4

    Reboot normally and post a new log. All of this spyware was installed via MessengerPlus.
     
  6. ~bk

    ~bk I Political User

    Messages:
    3,768
    Location:
    Canada
    sh!t! via Messenger Plus! [​IMG]

    Will do what you said and let you know.
     
  7. ~bk

    ~bk I Political User

    Messages:
    3,768
    Location:
    Canada
    Those bars are now removed. Here's the new log. Everything seems fine to me.

     
  8. ~bk

    ~bk I Political User

    Messages:
    3,768
    Location:
    Canada
    Oh and I don't know why but when I did that uninstaller thing, all my bookmarks were gone from Firefox. [​IMG]

    Is it possible to recover them?
     
  9. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    never heard of that, is the bookmarks.html file still in C:\Docs and settings\<username>\Application Data\Mozilla\Firefox\default.xyz\ ?
     
  10. ~bk

    ~bk I Political User

    Messages:
    3,768
    Location:
    Canada
    Yeah, it's still there.
     
  11. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    try and redirect Firefox to use it.
     
  12. ~bk

    ~bk I Political User

    Messages:
    3,768
    Location:
    Canada
    How do I redirect it?

    edit: Nevermind, got it.
     
  13. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    did it work? I've never seen that uninstaller affect firefox.
     
  14. ~bk

    ~bk I Political User

    Messages:
    3,768
    Location:
    Canada
    Yeah, the bookmarks are back. [​IMG]
    I don't know why it happened. It gave me a warning when I used it to close all your internet browsers, maybe something happened in between.