|
annoying ass spyware
Anyone else get this ? It hi-jacked my start page and goes to about:blank but it's a webpage page full of search words and even has a spyware advertisement pop-up! I tried several things but can't get rid of it! :feels-hot
|
bump anyone?
|
spybot???
|
run adaware, spyboy S & D advanced, Hi-jack this and run through your registry to get all the shit out. also, delete all your cookies and cache.
|
Yep...I used thisNo Spy X and it removed it.I tried all the others and they won't remove it permanantly.
Also I did this Turn off your system restore. You have to disable the active desktop, but it has to be done via the registry. That's the spyware porngraph uses. Annoying as shit, I know. HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer Add a DWORD value called NoActiveDesktop and set the data to 1. Restart, you're set. |
29.95? i'd format before paying $30 :)
|
Hi-Jack this has always done the trick (free mini app that lists all the startup and registry spots).. just be careful not to deactivate the wrong files :thumbsup
http://www.spywareinfo.com/~merijn/downloads.html |
Quote:
|
I might if I get desperate enough :)
|
You didn't go to one of 12dicks' pages did you? He claims he's already found an exploit in the new MS patch.
|
it takes me to my about:blank page but it isnt blank, it has tons of search words and popups
|
this seemed to get rid of it for now, although it has come back in the past....... it might have been since i didnt double check the files were deleted:
Here is the URL if some of this comes out fucked up http://forums.us.dell.com/supportfor...ssage.id=13809 Important: Create a folder on the C: drive called C:\HJT. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary. Please delete the old copy (including the zip copy) so it can't be used. hahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahaha Reboot to safe mode (F8 on boot) and delete the following files/folders:- NOTE: To avoid the risk of any of the above not being found due to them having the 'Hidden' attribute, first make sure that in Folder Options > View hidden and operating system files are set to show: How to Show Hidden/System Files : http://www.xtra.co.nz/help/0,,4155-1916458,00.html Folder > C:\Program Files\Common files\WinTools\ All contents (BUT not the folder itself) > C:\documents and settings\claudette allen\local settings\temp\ -- all contrents-- Reboot hahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahahahahahahahahahahahahaha hahahahahahahahahahahahahaha Check these in hijackthis, AND WITH ALL OTHER WINDOWS CLOSED, fix checked. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\kfiif.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\kfiif.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\kfiif.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\kfiif.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\kfiif.dll/sp.html (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\kfiif.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038 R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: (no name) - {C4B42104-8016-4F96-A1BD-2AF627BE9410} - C:\WINDOWS\System32\kfiif.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe The following have randomly named file names, and as such are normally malware, UNLESS you know what they are, and they are from a safe source, please check for removal. O4 - HKLM\..\Run: [OP61nF] C:\documents and settings\claudette allen\local settings\temp\OP61nF.exe Then Reboot to safe mode (F8 on boot) and delete the following files/folders:- (Check to make sure they have gone) NOTE: To avoid the risk of any of the above not being found due to them having the 'Hidden' attribute, first make sure that in Folder Options > View hidden and operating system files are set to show: How to Show Hidden/System Files : http://www.xtra.co.nz/help/0,,4155-1916458,00.html Folder > C:\Program Files\Common files\WinTools\ All contents (BUT not the folder itself) > C:\documents and settings\claudette allen\local settings\temp\ -- all contrents-- Then Reboot and post a fresh log for me to check. |
| All times are GMT -7. The time now is 01:02 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123