Should be burned alive, then shot twice. What a headache, finally got rid of it. I think.

I'll help you

what did you do/use ?

I'll help you too.

Should be burned alive, then shot twice. What a headache, finally got rid of it. I think.
I agree, spyware is a huge problem at my job! :(

Then again, of those Pfizer Client Services idiots didn't insist on allowing EVERY SINGLE CLIENT to have local admin rights, the problem wouldn't be as rampant!

I'll help you

what did you do/use ?

Well I used the symantec tool in safe mode, didn't work. Hijack this in safe mode wouldn't delete the registry keys, so i just added the urls the spyware would load for the popups to my hosts file resolving to 127.0.0.1, and they don't popup anymore. :D

Well I used the symantec tool in safe mode, didn't work. Hijack this in safe mode wouldn't delete the registry keys, so i just added the urls the spyware would load for the popups to my hosts file resolving to 127.0.0.1, and they don't popup anymore. :D
So in reality, the spyware is still there in the system! :D

Post a hijack this log.

yep ...coworker had some of that ...there wasn't anything special on the system
so away it went

Logfile of HijackThis v1.99.1
Scan saved at 9:37:36 PM, on 9/13/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINNT\System32\NT_USDM.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\foobar2000\foobar2000.exe
C:\hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
F1 - win.ini: run= E:\WESTWOOD\C&C95\INSTICON.EXE
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINNT\Cursors\infosrv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [hpsjbmgr] C:\SCANJET\PrecisionScanLT\hpsjbmgr.exe
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINNT\READREG /PSCONV={NO} /NO_DEFPS
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Startup: NT_USDM.LNK = C:\WINNT\System32\NT_USDM.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125233914086
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C07D619C-8203-4596-8E24-A4145E96C79E}: NameServer = 207.69.188.187 207.69.188.186
O20 - Winlogon Notify: infosrv - C:\WINNT\Cursors\infosrv.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE

Also, have you tried using MS Anti Spyware? It's da best!

Also, have you tried using MS Anti Spyware? It's da best!

Nope. I've run spybot & adaware tho. Also updated scan from housecall.trendmicro.com

O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINNT\Cursors\infosrv.dll

O20 - Winlogon Notify: infosrv - C:\WINNT\Cursors\infosrv.dll



b7.

It's still there. :(

Nope. I've run spybot & adaware tho. Also updated scan from housecall.trendmicro.com


I really like MS antispyware also but it still didn't get rid of that Winfix crap ..just reinstalled after it 'removed'/quarantined it




oh and i can't help at all with that Hijack report..sorry :(

Nope. I've run spybot & adaware tho. Also updated scan from housecall.trendmicro.com
Give it a try then. It also has many other little tools in addition to the spyware scanner that lets you weed out spyware. Also use the Browser Restore feature.

oh and i can't help at all with that Hijack report..sorry :(

He's got help. :thumb:

He's got help. :thumb:


You rock.

You rock.

U too. :D

Get a room you two:D

Also, have you tried using MS Anti Spyware? It's da best!
:nod:

It's got ALOT of stuff that no matter how many of scans I ran with other apps, it still wouldn't clean it up

Get a room you two:D

:o

:o

http://img.photobucket.com/albums/v335/knudjm/bolt.gif

try this manual removal, i had a stubborn trojan and this fixed the problem:

http://forum.aumha.org/viewtopic.php?start=0&t=13276

Also, have you tried using MS Anti Spyware? It's da best!

I love it! The Advanced Tools are awesome.

Does it get rid of Winfixer?

Dunno how it got on but man what a pain.

Actually my computer died before I fixed it LOL. I'm so lazy when it comes to computers anymore, it's like I've lost all interest in working on them.

Actually my computer died before I fixed it LOL. I'm so lazy when it comes to computers anymore, it's like I've lost all interest in working on them.

Amen! :nod:

guys, i was looking for winfixer removal solution over one week and here we go! finally found it: winfixer removal (http://www.spyware-removal-guideline.com/winfixer-removal)