god damn spyware

lancer

There is no answer!
Political Access
Joined
7 Oct 2004
Messages
3,093
Please read and be astonished, i just formatted and reinstall xp pro at work and within 5 mins my computer was ransacked by spyware, i updated it fully sp2 etc.. then antivirus norton. Then i downloaded both ms antispyware and spybot ran both, and they found about 50 instances between them, now there are a few sons-a-bi'atches still clinging on, anyone have any suggestions about which programs to use to get all the spyware out. oh and yes it was ms internet explorers fault, as i opened it for the updates, now i'm using firefox again.

please help, i'm on my 5 scan and its still finding the buggers.:cry:
 
you should run the spybot resident to have real time protection against spyware

if you want to post a highjack this log, there are some people here that will try to help you clean the computer

as far as what happened being ie's fault, I don't think this happens while getting updates.
 
i dont see how you can get spyware within 5 mins after reformatting. are you sure you formatted it?
 
i dont see how you can get spyware within 5 mins after reformatting. are you sure you formatted it?

why i asked if he zero the drive out? or just uses a quick formate. Have seen weird thinsg happen with a quick formate. (IE files that shoudnt be there show up) and how many drives you have any chance you installed something to another drive laced with spyware?
 
Hard to believe that spyware could even hold on with a quick format.

There has to be something you're doing to have that junk showing up after 5 minutes. It's not like you plug a network cable in and all the bugs on the internet run straight toward you! :p In all my reformat/reinstalls, I never plugged into the network before loading my antivirus, firewall and spyware programs. I always kept those installers available on a disk so that I wouldn't have to get online to download them first.
 
VenomXt said:
why i asked if he zero the drive out? or just uses a quick formate.

Both A Quick format and a non quick format will erase all files on the drive. The only difference is wether or not the hard disk will be scanned for bad sectors or not.
 
yeah i know all this thats why its so strange, the spyware attached itself when i went onto msn, not during the updates, just to clarify.

i did a full format, so no chance old stuff could ave stayed. heres a hijack log
 

Attachments

  • hijackthis1.txt
    5 KB · Views: 127
  • SpybotSD.Report.txt
    13.6 KB · Views: 208
I'm not sure yet, but this may be what cruised in:

http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html

Fix these:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = //searchmiracle.com/sp.php
F2 - REG: system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [tF4f3nS] pifupapi.exe
O4 - HKLM\..\Run: [xchgil] c:\windows\system32\otgbctq.exe
O4 - HKCU\..\Run: [covpRhe3W] penecsnp.exe

oh, and do this in safe mode. then run adaware, anti-spyware, and spybot in safe mode.
 
Last edited:
Nail.exe is a bad one. It adds randomly generated files into the Prefetch folder. Not easy to get rid of the traditional way.
 
If you downloaded a key thingy for norton, sometimes they come with something called crack.exe....when you open it you will have 50+ spyware files to deal with. Its worth it to format again
 
muzikool said:
Nail.exe is a bad one. It adds randomly generated files into the Prefetch folder. Not easy to get rid of the traditional way.

disable prefetch. done. am I wrong Muzi? I could be... ;)

From command prompt: del c:\windows\prefetch\*.* /q
then head into regedit -


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters

Change the value of EnablePrefetcher to 0

Possible settings:

0—Disable
1—Application Launch Prefetch
2—Boot Prefetch
3—Prefetch everything
 
then he'd be left without prefetch...and whatever was putting data in pre fetch would still be on the box
 
Last edited:
perris said:
then he'd be left without prefetch

temporarily for sure. I don't think it's enabled in safe mode anyway. Once all cleaned out, just reenable in the reg.

If you have less than 512megs of RAM - leave her disabled.
 
I think whatever is entering data to prefetch would still be active when he turned it back on
 
Mastershakes said:
exactly perris. so we would only reenable it once she's cleaned.
ah...I'm at work skimming and I missed that part of your post...good job
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back