Why ooo why, we cannot get rid oF SPYWARE
I go through the registry and REMOVE Homeold..keys and about blank, as a start page. I clean it out and THEN THE DAMN THING COMES, BACK..what is the mother file. I can't find it. Why is it so hard to get rid of the BEAST won't DIE.
Why can anyone explain to me why we EVEN bother to get rid of the 'BAD' dll..files then they come back???? Please let me know, please!
:help:
Why can anyone explain to me why we EVEN bother to get rid of the 'BAD' dll..files then they come back???? Please let me know, please!
:help:
0
Comments
But yeah, if the dead keeps rising again... I'd say reformat.
Concur or die! :shoot:
:help:
Logfile of HijackThis v1.99.1
Scan saved at 11:45:31 AM, on 4/13/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\VISIONEER\PAPERPORT\CONFIG\EREG\REMIND32.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
O2 - BHO: (no name) - {6FC323E3-AB85-11D9-82FE-00D0AA02346E} - C:\WINDOWS\SYSTEM\NFBEOL.DLL (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-CA\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_20_0.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Search - {C9DFA762-E64F-CB43-0214-AEC9D5A4793C} - C:\WINDOWS\Cxqefexw.dll (file missing)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\YAHOO!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [RHSI SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /1
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\RunServices: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunServices: [MSMSGS] "C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" /background
O4 - HKCU\..\RunServices: [RHSI SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\RunServices: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /1
O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKCU\..\RunServices: [ctfmon.exe] ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\Visioneer\PaperPort\Config\Ereg\REMIND32.EXE
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Startup: Reboot.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - (no file)
O9 - Extra button: Rogers Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - (no file)
O9 - Extra 'Tools' menuitem: Rogers &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O12 - Plugin for .dcr: C:\PROGRAM FILES\SYMPATICO\COMMUNICATOR\PROGRAM\PLUGINS\NP32DSW.DLL
O12 - Plugin for .wmv: C:\PROGRAM FILES\SYMPATICO\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O12 - Plugin for .asx: C:\PROGRAM FILES\SYMPATICO\COMMUNICATOR\PROGRAM\PLUGINS\npdsplay.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {217234FC-041F-4F27-84AB-8329440C4DED} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3ca.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O18 - Filter: text/html - {6FC323E2-AB85-11D9-82FE-00D0C54E91F5} - C:\WINDOWS\SYSTEM\NFBEOL.DLL
O18 - Filter: text/plain - {6FC323E2-AB85-11D9-82FE-00D0C54E91F5} - C:\WINDOWS\SYSTEM\NFBEOL.DLL
Sorry I'm really not really that great with computer stuff..could you tell me what reformat means?
I would get rid of the following in hijackthis:
C:\WINDOWS\SYSTEM\KERNEL32.DLL -- this I'm not too sure about. If you had Windows XP, then definately axe this.
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
O2 - BHO: (no name) - {6FC323E3-AB85-11D9-82FE-00D0AA02346E} - C:\WINDOWS\SYSTEM\NFBEOL.DLL (file missing)
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Startup: Reboot.exe
I would run a lavasoft (lavasoft.de) ad-aware scan afterwards.
To remove dead entries in your add/remove programs, click Start -> Run. Type Regedit in the box and click OK. Expand HKEY_LOCLA_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL. Look for your "search uninstall" in there and delete it.
Reformatting is usually the coined term for reinstalling your operating system from scratch. Now since you use Windows 98, it's not as easy as Windows XP. Reformatting will erase all data, unless you make a backup onto a CD or something.
If this is what you want, I can list the steps.
Now with Windows 98 what exactly is wrong with this apart from the obvious that is SUCKS..i know. My kids have begged for Windows xp. Looks like they will win.
I have many times deleted the search unistall from registry and it keeps coming back..like the terminator! delete --- comes back --- delete comes back..
Is this what I should delete?, because I don't have windows xp..I have windows 98..???
C:\WINDOWS\SYSTEM\KERNEL32.DLL -- this I'm not too sure about.
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
Let me know how to reformat, I will get a backup disk.
But reformatting is easy, just pop in the win 98 cd and reboot, it will ask if you want to boot with disc and you click whtvr key it asignes to yes, wala your now reinstalling windows and it will reformatt in whtvr formatt win 98 uses. Beware this is scary the first time!
Before proceeding with a reformat, make sure you have backed up any important documents, work, etc., and it would behoove you to download the latest Windows 98 drivers for your hardware (your network card driver or modem driver is the most important). However, sometimes they are already included with Windows 98.
1. First, make sure your CD-ROM drive is set to be the first boot device. You can test this out by putting in your Win98. If you get a screen that says something along the lines of "Install Windows 98 SE from CD-ROM", then you'll know you're set... if not, let me know so I'll write up how to check that. But first, choose to boot to the DOS prompt - we're not installing Windows 98 yet.
2. At the prompt, type: Format C:
3. Select "Yes" when asked are you sure. Wait a few minutes for the drive to format itself - it's basically erasing all data on your C: drive, including Windows itself.
4. Restart your computer, with the Windows 98 SE CD loaded, and select the option which allows you install it. The rest should be self-explanatory. Just follow the on-screen instructions.
I haven't done a Windows 98 install in years, so the text you see on your screen may look slightly different.
Since I'm sooo lazy myself I'm gonna let hubby do this sH*t. Cuz it's sooo anoying. I will let you know whut the hell happened ..soonner or later...bye for now.
Thanxs for the generous help.
And furthermore it's all a joke. Reformat spyware; viruses what the H**ll is next!
Are you going to reformat, or have you? If you want, Windows XP is about 90-140 bucks depending on if you get home or pro edition. If I were you I'd probably stick with the Home edition, the Pro offers nearly nothing, just 2 things that are blue instead of green (atleast what you will notice). If you buy Windows XP take into consideration there are upgrade, oem, and retail versions. Upgrade will require you to keep you windows 98 cd, oem is the cheapest and will not require windows 98, and the retail can do anything. I recommend the OEM, cheapest over all. Same product once up and running.
Once you get some of the problems fixed, or you reformat make sure you keep up the simple maintenance work.
1. Install Ad-Aware SE ---FREE
2. Install SpyBot Search and Destroy ---FREE
3. Install some antivirus software ---Pay for something, or get Avast FREE, Avast is probably just as good or better than the popular Norton
At the minimum do the above, and make sure the programs are run every so often and updated.
~~~Hope this helps.~~~
Check this site and it's self explanatory.
It should help you get rid of it.
do not reformat your computer. You guys are giving her bad advice
Remove the following:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
O2 - BHO: (no name) - {6FC323E3-AB85-11D9-82FE-00D0AA02346E} - C:\WINDOWS\SYSTEM\NFBEOL.DLL (file missing)
O3 - Toolbar: Search - {C9DFA762-E64F-CB43-0214-AEC9D5A4793C} - C:\WINDOWS\Cxqefexw.dll (file missing)
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" /background
O4 - HKCU\..\RunServices: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunServices: [MSMSGS] "C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" /background
O4 - Startup: Reboot.exe
O18 - Filter: text/html - {6FC323E2-AB85-11D9-82FE-00D0C54E91F5} - C:\WINDOWS\SYSTEM\NFBEOL.DLL
O18 - Filter: text/plain - {6FC323E2-AB85-11D9-82FE-00D0C54E91F5} - C:\WINDOWS\SYSTEM\NFBEOL.DLL
now, reboot into safe mode.
In safe mode, find and delete the following files:
C:\WINDOWS\SYSTEM\NFBEOL.DLL
REBOOT.EXE (search for it)
C:\WINDOWS\SYSTEM\cmmpu.exe
start with that. This will be a multi step removal.
Reboot, and post a new log.
DO NOT REFORMAT - you do not have to! This can be removed!
Spyware probally comes from the Fact that Microsoft wants you to upgrade and has installed a foolproof source ; which is spyware. My kids have nothing to do with this spyware. Spyware is now a way in which you can can sucked into the vortex of computers.... :drinkup:
OMG! Now I don't know who to believe!
I have removed and deleted to no avail! most files I delete come back as another incarnation of a DLL file. The beast won't die I say! :shoot: Really now I'm confused!
I remove spyware for a living and belong to a professional spyware removal association (www.a-sap.org), so believe me when I say that my only interest is helping you remove the spyware from your computer. Let's start with the steps I gave you and then we'll go from there.
Not to mention, I've known him for quite some time and he knows what he's talking about. Follow his directions and he will walk you through getting rid of this problem.
The rest of you guys need to stop giving advice if you don't know what to do.
Each of these forums has one or two moderators that are supposed to be taking care of people who need help. THATS WHY YOU WERE MADE MODS! Do your jobs or give up the d*mn positions! I'm sorry for this outburst, but this has got to stop. Because it's going to drive people away from this site. it's alright to help someone if you research the problem and think the answer you give will help. And if your going to try to help--stay with it till its done or you can't find the answer to the problem. Then tell the person that you've done all you can do and ask for someone else to step in. That's all I have to say on the subject.
Ok, so I have to look at this better. Spyware is NOT put out by Microsoft..then why AntiSpyware installed to more updated = Windows =.. In any case no one as answered WHY, is it that I can clean out my Registry 24/7 and the evil stuff comes back? whY?? I even installed Webroot which does a sweep then SAYS it's quarantied everything, only to come back! Does this make sense, its rather anoying!
If you know about spyware why the hell has this stuff here!
Primesuspect I read your article and your article proves that the spyware was somehow downloaded through our computer without us unaware of the beast. When you say that companies put this software on our system for us to go to their site ; it is what is happening actually about blank takes over and the damn thing start blinking on our screen so much so that out start bar disapears. We are then at a screen that keeps flashing and I'm thinking how the hell can this be good we can't even click on anything and our whole system screws up! So how the hell can this be good for these dumb jerks!
What????! I think you should re-read my posts, your way off topic here.
:urawes: