Im looking for a good cheap spyware/adware program if anyone knows one.

My fiances little brother stayed over the other night and decided to blowup my PC while I was asleep.

I cant seem to get rid of whatever is in here.

My antivirus shows no threats, but there is an add on in my manage addons for the IE7 that wont allow me to remove only disable it. Everytime I load the browser up it is re-enabled and starts throwing popups at me.

I went through the registry and didnt find anything off the wall to my eyes, but there is something in here eating at my system.

Any help would be appreciated.

First of all. Use Firefox.

Secondly. Spybot and adaware are great. I'm sure others will recommend some good ones to. Those are both free.

I wish I could help but whenever my computer gets something nasty, I reformat. It's not often and I can't remember the last time it happened but if I'm in doubt, I start all over.

Any time a family member or friend calls me for help I usually spend hours on the phone with them and even then, the problem is never completely gone. Seriously, if you have the discs, just backup your computer and do a fresh install. Fresh installs take time but so does completely removing all that spyware garbage. Even when you do remove the crap, the time it took you will most likely be on par with that of a fresh install.

Your best line of defense would be to run firefox instead of IE. It even took care of my ISP-Provider's search page... Btw, spybot would have its own version of process viewers/etc in advanced mode. Might help if your trying to fix things. I too have had people go IE porn surfing on my computer, its a pain in the ass. Lyric surfing seems to do it too, or games...

No such issues with people using my browser since firefox, I feel like I am not one with the window. On the other-hand on my mom's computer, she was content with clicking the "install me now" button on the fake popup, installing the software and slowing the computer as it logs keystrokes most likely.... But, the issues seem to stop if you just cooperate.

im having a huge problem with my computer at the moment!..... more or less the same thing as l1ve but its disabling me deleting it with avg... it got into my WIN32 folder and multiplied all over my system.... i did the netstat -a thing in cmd and i have someone keylogging me:cry: any help? and it deleted the firefox .exe so im using IE now

ok ok my computer is now spyware free!.... i used spybot search and destroy and i found 14 virus's with 52 entries....

shoot computer with shot gun.

Buy new one.

Says the tech support guy. Hmmm

lol..

sorry, just bitter lately....

adaware is good. I hear Hijackthis! is a good application as well, but I havent tried it out for myself yet.

adaware, hijackthis, and spybot have not been able to nuke this yet.

Its into the registry pretty good. I however have pinpointed what the problem is. Its a spyware/keylogger named "Virtumonde". I fucking hate this thing with a passion already. Im going to fuck around with it a bit more, but if I can wipe it out I will reformat.

I was hoping I wouldnt have to do that, because I hate moving all my files to a removable harddrive, wipe it out, reformat, put my shit back on, update my drivers, install all my programs, and let steam run for 60 hrs....

I hear ya man...

I do it on almost a weekly basis here with my machines at work... but we have the whole process pretty streamlined it isnt quite as much of a hassle as it is to do it on your home computer.

main annoyance to me is getting all of the drivers installed... make sure you got those in hand when you're ready to wipe (if you end up having to do so)

http://www.symantec.com/security_response/writeup.jsp?docid=2003-120914-4108-99&tabid=2

To get rid of some of these I do the most annoying thing of all. Write a .bat file.

ive deleted this same virus this week myself got baby in arms ill tell u how i got rid of it later tonight

sorry man ive been meaning to post here when you first did your post but ive been really busy lately doing financial aid shit and looking for employment.

anyways your going to need a program called spybot search and destroy, Microsoft process explorer, hijackthis, combofix and vundofix


http://vundofix.atribune.org/ if this finds it then great! it didnt find mine tho

http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe Doesnt delete the virus but it helps cause it installs the windows recovery console that your going to use to delete the files. http://www.bleepingcomputer.com/combofix/how-to-use-combofix

I used another program from microsoft to kill and suspend winlogon.exe, ieexplorer and explorer then deleted the files that showed up using hijackthis http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

first run spybot make sure its still on ur comp(which it will be) then run hijackthis post a log here.
then run combofix it shouldnt take that long before it restarts but after restart it took me 20-30 min to finish the log.
once u post the hijackthis log i will tell u what u gotta delete and we can go from there. you can call me or i can call you so we can do this realtime if needed, do keep in mind i watch my daughter at night so i might now be available for some time. After i got this all deleted i found like 5 other varients of virii and i suggest you get avg 8.0 cause this fucker catches everything so far.

First of all never use IE, I don't care what version it is (unless absolutely required by a poorly designed site such as your bank, etc.)

Run Spybot as already suggested.

Install Firefox
Install and use the NoScript (https://addons.mozilla.org/en-US/firefox/addon/722) Addon
optionally install Adblock (https://addons.mozilla.org/en-US/firefox/addon/1865) also

And don't click suspicious things. But NoScript helps with that blocking most classes of infections such as embedded iFrames and XSS vulnerabilities that do nasty things.

He no click, wee little man click.

sadly not using ie wont fix this problem nor will just "use spybot" spybot tells u the virus is there ,u "clean/remove" it and boom when u restart it has a different name. Once u remove it my way it still is there under lsass.exe (a major windows exe) windows will crash when u try to delete it from this. So sadly my way is the only way to remove it but its hard as fuck to remove took me 2 1/2 days just to find a way to remove the first part and another 4 hours to remove the second.

Microsoft live one care seemed to nuke this fucker out of existance.

Its still there under a different name now! boo

Logfile of HijackThis v1.99.1
Scan saved at 11:08:00 AM, on 5/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Razer\CopperHead\razerhid.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Razer\CopperHead\razerofa.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thegng.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\CopperHead\razerhid.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [141fe468] rundll32.exe "C:\WINDOWS\system32\oocdtdif.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200875311968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200875298609
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jre/6u5-b15/jinstall-6u5-windows-i586-jc.cab?AuthParam=1209062477_606e91fe5755d5058518df 1fbc70ffff&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jre/6u5-b15/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

ok....

1. go and search "stinger" in google its a lil program made by mc afee to get rid of most known virus's

2.if that doesnt work then search for Vcleaner its a program by AVG its a cmd run one and its decent enough

3.if any of that doesnt work download mc afee via torrent (mc afee blew mine away)