Solve : spywarebomb?

1.	Solve : spywarebomb?
Answer» how do i get rid of this THING, every two days seems to show up and dont know which software to kill it for good i hope lol adaware & spybot dont kill it sytem mechanic says it removes it, but shows up again in two days ? what am i to do ? any info plzWhat OS do you have? Do you have any other protection? Go ahead and post a HijackThis log and we'll take it from there.have xp home, with system mechanic 6 pro , adaware pro, ETRUST pestpartol 5, REGISTRY mechanic, ashampoo - photo commander, antispyware, winoptimizer & burning studio 6, ms office 2003 pro, aol/yahoo/windows live messengers, winamp & limewire pro the ashampoo one didnt work either, now trying a-squared anti-malware i see it in the registry, when i scan with spytron of system mechanic, but can't delete it (dont know which files it is in), Quote from: CBMatt on July 13, 2007, 11:53:56 AM Go ahead and post a HijackThis log and we'll take it from there. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 1:33:04 PM, on 7/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\hmsam\Local Settings\Temporary Internet Files\Content.IE5\M72V9DV4\HiJackThis_v2[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe" O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182927150374 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182927172195 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by129fd.bay129.hotmail.msn.com/activex/HMAtchmt.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{7345C513-0818-48BD-A4B4-8AC56A09D709}: NameServer = 204.239.167.3,204.239.167.13 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe -- End of file - 4794 bytes Quote from: hmsam on July 13, 2007, 12:00:01 PM have xp home, with system mechanic 6 pro , adaware pro, etrust pestpartol 5, registry mechanic, ashampoo - photo commander, antispyware, winoptimizer & burning studio 6, ms office 2003 pro, aol/yahoo/windows live messengers, winamp & limewire pro the ashampoo one didnt work either, now trying a-squared anti-malware i see it in the registry, when i scan with spytron of system mechanic, but can't delete it (dont know which files it is in), I notice you have Limewire Pro. Did you PURCHASE this? Regardless, downloading files off P2P networks is highly risky and not advised. You should probably uninstall this software so that you are not affected again. Also, none of the software you have sounds like an AV, correct me if I am WRONG but it is advised, as I am sure Chris will tell you to get - AVG Anti-Virus Free. (Direct .exe Link).Your log looks clean to me. Perform a scan online with Panda ActiveScan and post a log here. Also, download SUPERAntiSpyware and Spybot - Search & Destroy, update them and scan with them in Safe Mode (one at a time!). Let us know the results of your scans. DeltaSlaya is right...I can't tell you to get rid of it, but you might want to reconsider using LimeWire. The program itself isn't considered malicious, but some of things you download through this client may be unsafe, and are likely contributors to your infection. Many downloads are also considered illegal, as they infringe on copyright laws. Quote from: DeltaSlaya on July 13, 2007, 06:37:08 PM Also, none of the software you have sounds like an AV, correct me if I am wrong but it is advised, as I am sure Chris will tell you to get - AVG Anti-Virus Free. (Direct .exe Link). Actually, they already have Kaspersky, which is a respectable anti-virus. Personally, I prefer AVG, but what they have is sufficient, so there's no need. They could certainly go for some better anti-spyware, though.Sorry, it's just that their AV wasn't mentioned here: Quote have xp home, with system mechanic 6 pro , adaware pro, etrust pestpartol 5, registry mechanic, ashampoo - photo commander, antispyware, winoptimizer & burning studio 6, ms office 2003 pro, aol/yahoo/windows live messengers, winamp & limewire pro and yea now that I look it indeed is in their HJT log.No worries. They probably forgot to mention it. hmsam, do you update Kaspersky and scan with it on a regular basis?it updates every three hrs and scans constantly by itself, because of kaspersky's antihacker makes it scans from the attacks of the helken attacks scans full on friday mornings spybot does not work, never tried superantispyware as mentioned above oh i also installed the cleaner professiona from moosoft, found nothing tooTry removing SpywareBomb in Safe Mode and then scan with System Mechanic since it seems to be able to detect the program. If it still exists, you should also delete C:\Program Files\SpywareBomb, as well as the various files listed here... http://www.emsisoft.com/en/malware/?Adware.Win32.SpywareBomb Use Pocket KillBox if you have to. Once you've done all of this, try the Panda ActiveScan and post your results.RogueRemover is supposed to remove spywarebomb, it on their list. If it's returning after a couple of days then you should review your downloading habits as antivirus & antispyware programs won't protect you from rogue programs or pups.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Answer»

how do i get rid of this THING, every two days seems to show up and dont know which software to kill it for good i hope lol

adaware & spybot dont kill it

sytem mechanic says it removes it, but shows up again in two days ?

what am i to do ?

any info plzWhat OS do you have?
Do you have any other protection?

Go ahead and post a HijackThis log and we'll take it from there.have xp home, with system mechanic 6 pro , adaware pro, ETRUST pestpartol 5, REGISTRY mechanic, ashampoo - photo commander, antispyware, winoptimizer & burning studio 6, ms office 2003 pro, aol/yahoo/windows live messengers, winamp & limewire pro

the ashampoo one didnt work either, now trying a-squared anti-malware

i see it in the registry, when i scan with spytron of system mechanic, but can't delete it (dont know which files it is in),
Quote from: CBMatt on July 13, 2007, 11:53:56 AM

Go ahead and post a HijackThis log and we'll take it from there.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:33:04 PM, on 7/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\hmsam\Local Settings\Temporary Internet Files\Content.IE5\M72V9DV4\HiJackThis_v2[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182927150374
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182927172195
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by129fd.bay129.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{7345C513-0818-48BD-A4B4-8AC56A09D709}: NameServer = 204.239.167.3,204.239.167.13
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 4794 bytes
Quote from: hmsam on July 13, 2007, 12:00:01 PM

have xp home, with system mechanic 6 pro , adaware pro, etrust pestpartol 5, registry mechanic, ashampoo - photo commander, antispyware, winoptimizer & burning studio 6, ms office 2003 pro, aol/yahoo/windows live messengers, winamp & limewire pro

the ashampoo one didnt work either, now trying a-squared anti-malware

i see it in the registry, when i scan with spytron of system mechanic, but can't delete it (dont know which files it is in),

I notice you have Limewire Pro. Did you PURCHASE this? Regardless, downloading files off P2P networks is highly risky and not advised. You should probably uninstall this software so that you are not affected again.

Also, none of the software you have sounds like an AV, correct me if I am WRONG but it is advised, as I am sure Chris will tell you to get - AVG Anti-Virus Free. (Direct .exe Link).Your log looks clean to me. Perform a scan online with Panda ActiveScan and post a log here. Also, download SUPERAntiSpyware and Spybot - Search & Destroy, update them and scan with them in Safe Mode (one at a time!). Let us know the results of your scans.

DeltaSlaya is right...I can't tell you to get rid of it, but you might want to reconsider using LimeWire. The program itself isn't considered malicious, but some of things you download through this client may be unsafe, and are likely contributors to your infection. Many downloads are also considered illegal, as they infringe on copyright laws.

Quote from: DeltaSlaya on July 13, 2007, 06:37:08 PM

Also, none of the software you have sounds like an AV, correct me if I am wrong but it is advised, as I am sure Chris will tell you to get - AVG Anti-Virus Free. (Direct .exe Link).

Actually, they already have Kaspersky, which is a respectable anti-virus. Personally, I prefer AVG, but what they have is sufficient, so there's no need. They could certainly go for some better anti-spyware, though.Sorry, it's just that their AV wasn't mentioned here:

Quote

have xp home, with system mechanic 6 pro , adaware pro, etrust pestpartol 5, registry mechanic, ashampoo - photo commander, antispyware, winoptimizer & burning studio 6, ms office 2003 pro, aol/yahoo/windows live messengers, winamp & limewire pro

and yea now that I look it indeed is in their HJT log.No worries. They probably forgot to mention it.

hmsam, do you update Kaspersky and scan with it on a regular basis?it updates every three hrs and scans constantly by itself, because of kaspersky's antihacker makes it scans from the attacks of the helken attacks

scans full on friday mornings

spybot does not work, never tried superantispyware as mentioned above

oh i also installed the cleaner professiona from moosoft, found nothing tooTry removing SpywareBomb in Safe Mode and then scan with System Mechanic since it seems to be able to detect the program. If it still exists, you should also delete C:\Program Files\SpywareBomb, as well as the various files listed here...
http://www.emsisoft.com/en/malware/?Adware.Win32.SpywareBomb

Use Pocket KillBox if you have to. Once you've done all of this, try the Panda ActiveScan and post your results.RogueRemover is supposed to remove spywarebomb, it on their list.
If it's returning after a couple of days then you should review your downloading habits as antivirus & antispyware programs won't protect you from rogue programs or pups.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Solve : spywarebomb?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment