I hate this fucked up spyware shit!! help! - GoFuckYourself.com

deleteduser · 09-03-2004, 03:00 AM

I bought ad space on jamies-galleries.ocm and clicked some of his galleries. by opening a teenkelly gallery (not sponsor hosted) i really got fucked up.. ad ware and spyware tool all over the place (probably for european traffic only).

the problem is, i don't get rid of this shit. i tried ad aware, cwshredder, antivir xp, spy remover and xofspy - nothing helped yet.

i'm still getting popups to coolwebsearch and other shit, also porn sites and windows alerts telling me "modem not found" - dammit, i don't know what to do.

can anybody help me out here?
i am using firefox now, IE is dangerous

Babagirls · 09-03-2004, 03:02 AM

try this spyware removal program. couldnt hurt to try one more.

http://www.safer-networking.org/en/mirrors/index.html

deleteduser · 09-03-2004, 03:04 AM

forgot to list this one, but i tried it already

didnt help

Babagirls · 09-03-2004, 03:10 AM

well, the only way i know how to fix that is by reformating. i hope someone else has a better (and easier) solution for you. good luck.

Jaden · 09-03-2004, 03:13 AM

What about Hijack This???? That one seems to be able to get rid of the hard stuff

deleteduser · 09-03-2004, 03:14 AM

i thought it was just a scanner, not a remover?

EddiePulp · 09-03-2004, 03:18 AM

go to ipages.org

remove spyware

Claude · 09-03-2004, 03:19 AM

Spy Sweeper from webroot.com should take care of it.

lilspup · 09-03-2004, 03:20 AM

I swear by Bazooka This program is free! The only thing is, it tells you how to manually remove problems, which to me is a good thing. I learn more about the registry. Try it out!

Go to download.com and read the great reviews if you are unsure.

deleteduser · 09-03-2004, 03:26 AM

i just ran hijack this and deleted all the shit i found. i dodnt get a fu*king popup for like 10 minutes - maybe it helped? let's all hope

will try the other stuff if that one didnt work out!

Cassie · 09-03-2004, 06:24 AM

ctrl f!

i went through the same thing. had to reinstall my os cause deleting the registry keys did nothing.

desco · 09-03-2004, 08:20 AM

Hello,

Please follow these instructions closely....

1. Download this tool called AboutBuster

http://www.downloads.subratam.org/AboutBuster.zip

Unzip it to your Desktop.

Start About:Buster. Then hit update. A new screen should pop up. On that screen, hit Check for Updates. If it says it found an update, hit Download Updates. If it doesnt find an update, it will automatically tell you and exit.

Do nothing more with the program at this time.

2. Click here to download Ad-Aware and install. Open the program and click on "check for updates now" to make sure you have the latest reference file. If not, click *ok* and let it download and install the updates by clicking on *Finish* after the update download is completed. Exit the program.

3. Print out these instructions so you have them handy as most of the steps need to be done in Safe Mode and you may not be able to go online.

4. Make sure your PC is configured to show hidden files and folders....

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types." Now click "Apply to all folders." Click "Apply" then "OK."

5. Next, go to Start->Run and type "Services.msc" (without quotes) then hit OK.
Scroll down and find the service called "Network Security Service." (It may also be listed as Remote Procedure Call (RPC) Helper or Workstation NetLogon Service). When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and, under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.

6. Reboot to Safe Mode

Reboot into safe mode, this way:
Restart the computer
Immediately begin tapping the <F8> key.
Use the arrow keys to highlight Safe Mode and press the <Enter> key.

7. Scan with Hijack This and put checks next to all the following, then with all other windows closed click "Fix Checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jbfgh.dll/sp.html#96676

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jbfgh.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jbfgh.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jbfgh.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jbfgh.dll/sp.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jbfgh.dll/sp.html#96676

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {08513E59-0400-6BA4-A3DF-9337E2F8AE68} - C:\WINDOWS\system32\croh32.dll

O4 - HKLM\..\Run: [msbq.exe] C:\WINDOWS\system32\msbq.exe

O4 - HKLM\..\Run: [gpxeumncz] C:\WINDOWS\System32\sghwurb.exe

O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\a.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...22384e480b9c0d

Now, search for, and delete if found, (some files may not be present after previous steps) the following files:

C:\WINDOWS\system32\croh32.dll

C:\WINDOWS\system32\msbq.exe

C:\WINDOWS\System32\sghwurb.exe

8. Go to Start->Run and type Regedit then click Ok. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es and highlight Services in the left pane. In the right pane, look for any of these entries:

__NS_Service
__NS_Service_2
__NS_Service_3

If any are listed, right-click that entry in the right pane and choose Delete.

Again in Regedit, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot and highlight Root in the Left Pane. In the right pane, look for these entries (the number at the end should correspond to the first one you deleted above):

LEGACY___NS_Service
LEGACY___NS_Service_2
LEGACY___NS_Service_3

If you find it, right-click it in the right-pane and choose delete.

Remain in Safe Mode....

9. Double click on About:Buster to start the program. Hit Start and then Ok. The program should start scanning. When it's finished, hit Exit and reboot, again in Safe Mode. Run About:Buster once more to make sure everything is ok. Reboot into Safe Mode when finished.

10. Remaining in Safe Mode, configure Ad-aware for a customized scan, and let it remove any bad files found.....

Open Ad-aware then click the gear wheel at the top and check these options to configure Ad-aware for a customized scan:

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"

Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry," "Deep scan registry," "Scan my IE Favorites for banned sites," and "Scan my Hosts file."

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

Click "Proceed" to save your settings, then click "Start." Make sure "Full Scan" is ticked green, then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next." The bad files will be listed. Right click the pane and click "Select all objects" - This will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?"

11. Clean out temporary and TIF files.....

Delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example:

C:\WINDOWS\Temp\

C:\Temp\

C:\Documents and Settings\username\Local Settings\Temp\

Also delete your Temporary Internet Files, be sure to also select "delete all offline content."

Empty your Recycle Bin and reboot into normal mode.

12. Perform online virus scans at Trend Micro and Panda Software (See links below). Allow the programs to delete anything they may find. Reboot after each scan.

13. Download and install this free anti-Trojan program:
http://www.emsisoft.com/en/software/free/

Perform a scan and allow the program to remove anything it may find.

14. Go to the Windows Update site (see link below) to download and install ALL critical updates. Reboot when finished.

15. NOTE: Two possibly three files may have been deleted from your computer by the hijacker and may need to be replaced. Check to see if these are missing.

a. Control.exe

b. hosts (with no extension)

c. SDHelper.dll (if you are using Spybot Search & Destroy)

If control. exe is missing....

Go here:

http://www1.spywareinfo.com/~merijn/...s.html#control
and download the version of control.exe for your operating system. If you are running Windows 95/98/98SE/ME: copy it to C:\WINDOWS. Windows 2000, copy it to c:\winnt\system32\. For Windows XP, copy it to c:\windows\system32\.

Download the Hoster from here:

http://members.aol.com/toadbee/hoster.zip
Press 'Restore Original Hosts' and press 'OK'
Exit Program.
Note: if you were using a custom Hosts file you will need to replace any of those entries yourself

If you have Spybot S&D installed and SDHelper.dll is missing, replace it here:
URL=http://www1.spywareinfo.com/~merijn/winfiles.html#sdhelper
and download SDHelper.dll. Copy the file to the folder containing you Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy)

16. Additionally, Please check your ActiveX security settings. They may have been changed by this CWS variant to allow ALL ActiveX!! If they have been changed, reset your ActiveX security settings in IE as recommended here:
http://www1.spywareinfo.com/articles...ed/prevent.php

Fake Nick · 09-03-2004, 08:26 AM

lol@idiot with 28 posts in three years

deleteduser · 09-03-2004, 08:30 AM

everything is fine now, it took me 48h to get rid of this shit, but i can really recommend HijackThis! - worked for me. but you need a little knowledge when using it.

Vitasoy · 09-03-2004, 08:37 AM

Glad you got it removed, I can vouch for "hijackthis" manual removal baby! :-)

09-03-2004, 03:00 AM	#1
deleteduser Confirmed User Join Date: Sep 2001 Location: Europe Posts: 2,218	I hate this fucked up spyware shit!! help! I bought ad space on jamies-galleries.ocm and clicked some of his galleries. by opening a teenkelly gallery (not sponsor hosted) i really got fucked up.. ad ware and spyware tool all over the place (probably for european traffic only). the problem is, i don't get rid of this shit. i tried ad aware, cwshredder, antivir xp, spy remover and xofspy - nothing helped yet. i'm still getting popups to coolwebsearch and other shit, also porn sites and windows alerts telling me "modem not found" - dammit, i don't know what to do. can anybody help me out here? i am using firefox now, IE is dangerous __________________ ICQ #58981463 Promote my PornAccess Site: 2Chicks1Dick

09-03-2004, 03:02 AM	#2
Babagirls Text Writer Join Date: Feb 2001 Location: Wisconsin Posts: 18,812	try this spyware removal program. couldnt hurt to try one more. http://www.safer-networking.org/en/mirrors/index.html __________________ Need a Text Writer? Blogs\|Reviews\|Descriptions\|Paysites\|TGP's\|Stories ICQ: 397892500

09-03-2004, 03:04 AM	#3
deleteduser Confirmed User Join Date: Sep 2001 Location: Europe Posts: 2,218	forgot to list this one, but i tried it already didnt help __________________ ICQ #58981463 Promote my PornAccess Site: 2Chicks1Dick

09-03-2004, 03:10 AM	#4
Babagirls Text Writer Join Date: Feb 2001 Location: Wisconsin Posts: 18,812	well, the only way i know how to fix that is by reformating. i hope someone else has a better (and easier) solution for you. good luck. __________________ Need a Text Writer? Blogs\|Reviews\|Descriptions\|Paysites\|TGP's\|Stories ICQ: 397892500

09-03-2004, 03:14 AM	#6
deleteduser Confirmed User Join Date: Sep 2001 Location: Europe Posts: 2,218	i thought it was just a scanner, not a remover? __________________ ICQ #58981463 Promote my PornAccess Site: 2Chicks1Dick

09-03-2004, 03:13 AM	#5
Jaden Confirmed User Join Date: Feb 2004 Location: CO Posts: 151	What about Hijack This???? That one seems to be able to get rid of the hard stuff

09-03-2004, 03:18 AM	#7
EddiePulp Confirmed User Join Date: Mar 2004 Location: Australia iCQ:408018496 Posts: 1,332	go to ipages.org remove spyware __________________ I dont need a sig.

09-03-2004, 03:19 AM	#8
Claude Confirmed User Join Date: Apr 2003 Location: Europe Posts: 1,036	Spy Sweeper from webroot.com should take care of it.

09-03-2004, 03:20 AM	#9
lilspup Confirmed User Industry Role: Join Date: Aug 2004 Location: Portland, Oregon Posts: 716	I swear by Bazooka This program is free! The only thing is, it tells you how to manually remove problems, which to me is a good thing. I learn more about the registry. Try it out! Go to download.com and read the great reviews if you are unsure.

09-03-2004, 03:26 AM	#10
deleteduser Confirmed User Join Date: Sep 2001 Location: Europe Posts: 2,218	i just ran hijack this and deleted all the shit i found. i dodnt get a fuking popup for like 10 minutes - maybe it helped? let's all hope will try the other stuff if that one didnt work out! __________________ ICQ #58981463 Promote my PornAccess Site: 2Chicks1Dick*

09-03-2004, 06:24 AM	#11
Cassie Confirmed User Join Date: Mar 2003 Location: NJ Posts: 3,139	ctrl f! i went through the same thing. had to reinstall my os cause deleting the registry keys did nothing. __________________ ICQ: 309756847 ]

09-03-2004, 08:20 AM	#12
desco Registered User Join Date: Jun 2001 Location: Europe Posts: 28	Hello, Please follow these instructions closely.... 1. Download this tool called AboutBuster http://www.downloads.subratam.org/AboutBuster.zip Unzip it to your Desktop. Start About:Buster. Then hit update. A new screen should pop up. On that screen, hit Check for Updates. If it says it found an update, hit Download Updates. If it doesnt find an update, it will automatically tell you and exit. Do nothing more with the program at this time. 2. Click here to download Ad-Aware and install. Open the program and click on "check for updates now" to make sure you have the latest reference file. If not, click ok and let it download and install the updates by clicking on Finish after the update download is completed. Exit the program. 3. Print out these instructions so you have them handy as most of the steps need to be done in Safe Mode and you may not be able to go online. 4. Make sure your PC is configured to show hidden files and folders.... Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types." Now click "Apply to all folders." Click "Apply" then "OK." 5. Next, go to Start->Run and type "Services.msc" (without quotes) then hit OK. Scroll down and find the service called "Network Security Service." (It may also be listed as Remote Procedure Call (RPC) Helper or Workstation NetLogon Service). When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and, under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. 6. Reboot to Safe Mode Reboot into safe mode, this way: Restart the computer Immediately begin tapping the <F8> key. Use the arrow keys to highlight Safe Mode and press the <Enter> key. 7. Scan with Hijack This and put checks next to all the following, then with all other windows closed click "Fix Checked" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jbfgh.dll/sp.html#96676 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jbfgh.dll/sp.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jbfgh.dll/sp.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jbfgh.dll/sp.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jbfgh.dll/sp.html#96676 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jbfgh.dll/sp.html#96676 R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {08513E59-0400-6BA4-A3DF-9337E2F8AE68} - C:\WINDOWS\system32\croh32.dll O4 - HKLM\..\Run: [msbq.exe] C:\WINDOWS\system32\msbq.exe O4 - HKLM\..\Run: [gpxeumncz] C:\WINDOWS\System32\sghwurb.exe O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\a.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...22384e480b9c0d Now, search for, and delete if found, (some files may not be present after previous steps) the following files: C:\WINDOWS\system32\croh32.dll C:\WINDOWS\system32\msbq.exe C:\WINDOWS\System32\sghwurb.exe 8. Go to Start->Run and type Regedit then click Ok. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es and highlight Services in the left pane. In the right pane, look for any of these entries: __NS_Service __NS_Service_2 __NS_Service_3 If any are listed, right-click that entry in the right pane and choose Delete. Again in Regedit, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot and highlight Root in the Left Pane. In the right pane, look for these entries (the number at the end should correspond to the first one you deleted above): LEGACY___NS_Service LEGACY___NS_Service_2 LEGACY___NS_Service_3 If you find it, right-click it in the right-pane and choose delete. Remain in Safe Mode.... 9. Double click on About:Buster to start the program. Hit Start and then Ok. The program should start scanning. When it's finished, hit Exit and reboot, again in Safe Mode. Run About:Buster once more to make sure everything is ok. Reboot into Safe Mode when finished. 10. Remaining in Safe Mode, configure Ad-aware for a customized scan, and let it remove any bad files found..... Open Ad-aware then click the gear wheel at the top and check these options to configure Ad-aware for a customized scan: General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal" Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry," "Deep scan registry," "Scan my IE Favorites for banned sites," and "Scan my Hosts file." Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning." Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot." Click "Proceed" to save your settings, then click "Start." Make sure "Full Scan" is ticked green, then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next." The bad files will be listed. Right click the pane and click "Select all objects" - This will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?" 11. Clean out temporary and TIF files..... Delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example: C:\WINDOWS\Temp\ C:\Temp\ C:\Documents and Settings\username\Local Settings\Temp\ Also delete your Temporary Internet Files, be sure to also select "delete all offline content." Empty your Recycle Bin and reboot into normal mode. 12. Perform online virus scans at Trend Micro and Panda Software (See links below). Allow the programs to delete anything they may find. Reboot after each scan. 13. Download and install this free anti-Trojan program: http://www.emsisoft.com/en/software/free/ Perform a scan and allow the program to remove anything it may find. 14. Go to the Windows Update site (see link below) to download and install ALL critical updates. Reboot when finished. 15. NOTE: Two possibly three files may have been deleted from your computer by the hijacker and may need to be replaced. Check to see if these are missing. a. Control.exe b. hosts (with no extension) c. SDHelper.dll (if you are using Spybot Search & Destroy) If control. exe is missing.... Go here: http://www1.spywareinfo.com/~merijn/...s.html#control and download the version of control.exe for your operating system. If you are running Windows 95/98/98SE/ME: copy it to C:\WINDOWS. Windows 2000, copy it to c:\winnt\system32\. For Windows XP, copy it to c:\windows\system32\. Download the Hoster from here: http://members.aol.com/toadbee/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. Note: if you were using a custom Hosts file you will need to replace any of those entries yourself If you have Spybot S&D installed and SDHelper.dll is missing, replace it here: URL=http://www1.spywareinfo.com/~merijn/winfiles.html#sdhelper and download SDHelper.dll. Copy the file to the folder containing you Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy) 16. Additionally, Please check your ActiveX security settings. They may have been changed by this CWS variant to allow ALL ActiveX!! If they have been changed, reset your ActiveX security settings in IE as recommended here: http://www1.spywareinfo.com/articles...ed/prevent.php

09-03-2004, 08:26 AM	#13
Fake Nick So Fucking Banned Join Date: Jul 2004 Location: go troll goo! Posts: 7,708	lol@idiot with 28 posts in three years

09-03-2004, 08:30 AM	#14
deleteduser Confirmed User Join Date: Sep 2001 Location: Europe Posts: 2,218	everything is fine now, it took me 48h to get rid of this shit, but i can really recommend HijackThis! - worked for me. but you need a little knowledge when using it. __________________ ICQ #58981463 Promote my PornAccess Site: 2Chicks1Dick

09-03-2004, 08:37 AM	#15
Vitasoy GFY HALL OF FAME DAMMIT!!! Join Date: Oct 2003 Posts: 58,202	Glad you got it removed, I can vouch for "hijackthis" manual removal baby! :-) __________________ [email protected]