A week ago, my computer was absolutely flooded with spyware. I started looking up everything on this kind of stuff, and I fixed basically everything I could with normal deleting, ad-aware, msconfig, etc. However, there's some file, registry value, something that makes Internet Explorer randomely connect to some poker/"anti-adware"/advertisement page even when my browser is closed. And it keeps going, so if I leave my computer for like 5 minutes, I come back to find that 10 IE windows are open.
So obviously, the last thing I need to do is fix it with hijackthis. I ran a scan, analyzed what it gave me, then deleted some stuff. I thought I'd won. I didn't. The ads keep popping up, and what's even more annoying is that one of the files that comes up on the report is called "Extra button: Your computer is infected with spyware." Every time I try to have hijackthis fix this, it reappears next time. There's something I'm not doing. I think it has to do with either the registry edit or another file I'm not deleting in the report. So if someone could either tell me what to delete, I'd appreciate it. Here's my report:
Logfile of HijackThis v1.98.2 Scan saved at 5:57:55 PM, on 11/6/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
[ November 06, 2004, 06:03 PM: Message edited by: Gosu ]
Posted by Alucard... (Member # 4924) on :
Hey, my boy Joe helps moderate WindowsXPCentral.com and there are several XP gurus there. I have forwarded on this page to have them find a solution, hopefully.
Posted by Gosu (Member # 5783) on :
No, I still use Windows 98...don't ask why.
Posted by Phanto (Member # 5897) on :
Do ctrl-al-dlt. What programs are running?
Posted by Alucard... (Member # 4924) on :
Micron is the man, and I am sure he knows 98 as well...
Posted by quidscribis (Member # 5124) on :
Go to here and download Spybot Search and Destroy. Run it on your computer. It will get rid of all your adware/spyware for you.
It also has an immunize feature that I'd strongly advise you use afterwards to protect your computer from future adware/spyware.
Good luck and let us know how it goes.
Posted by TMedina (Member # 6649) on :
When you run Ad-Aware and Spybot S&D, do it from a "safe mode" boot.
Also, try and close "WINVVX32.EXE" - I have a sneaking suspicion this is the sneaky bastard responsible.
Although, to be fair, I'm not sure what "MSGLOOP" is, either.
I see you're running a "hijack this" program - does your machine have a firewall running? That can be useful for tagging specific program files trying to access the 'net.
Also, just purge your Temporary Internet Files - when I had to trouble-shoot my aunt and uncle's machine, there were 8 trojans lurking.
-Trevor
Posted by newfoundlogic (Member # 3907) on :
I would use ad-aware, its possible the anti-adware you're currently using is part of the problem. I would also recommend against Spybot because I've heard bad things about that.
Posted by Boris (Member # 6935) on :
You also have a Virus on your system. Norton won't catch it, but AVG probably will. I've used it to get rid of similar problems on over 100 computers. There is a free version (You may have to dig through the site a little to find it, though), it works better than Norton IMO. It is slightly crippled (Won't run in safe mode(, but that shouldn't affect you too much. With Win98 it has a boot scanner that is kind of annoying, so you can keep that on or turn it off. Anyway, good luck.
Posted by Gosu (Member # 5783) on :
A virus....how?
Posted by Chris Bridges (Member # 1138) on :
The best way to use HijackThis is to run it, and open a browser window. Look for any program or file name you don't recognize and type it into Google. Odds are that some of them will bring up links to anti-virus or anti-spyware sites talking about them.
See? You ask a little question, and all of a sudden, all the geeks come out. Don't put the light on, though, or they'll all scatter. Shh!
Posted by Boris (Member # 6935) on :
quote: A virus....how?
It isn't "technically" a virus, which is why Norton won't grab it. I've seen programs that are downloaded automatically from certain websites which will change the way your web browser works. One required a scan with Ad-Aware, a virus-scan, and a change in home-page for IE. It was a pain to get rid of because it pointed IE's homepage to a page that downloaded the program if it wasn't detected.
Posted by TMedina (Member # 6649) on :
You have to carry a massive bag of tricks just to catch the spyware, never mind the bugs.
-Trevor
Posted by Tammy (Member # 4119) on :
Thanks for the link Chris.
I looked up everything currently running on my computer and found everything except this...mnyexpr.exe.
Does anyone have any idea what it is?
Posted by quidscribis (Member # 5124) on :
It looks like a Microsoft Money executable.
Whenever I find programs on my taskmanager that I don't know what they are and need to know, I google them. The results tell me whether it's friendly or malicious.
Posted by Tammy (Member # 4119) on :
Thank you! I'll google next time.
I forget how wonderful Google is!
Posted by Nato (Member # 1448) on :
Also, be careful disabling a lot of tasks as Boris woudl have you do. I imagine you want your system tray to run when your computer starts up, and don't kill taskmon, that's just the task monitor.
[ November 07, 2004, 08:45 PM: Message edited by: Nato ]
Posted by Boris (Member # 6935) on :
system tray runs without systray.exe. It's a waste of memory, taskmon is the same way.
![[Smile]](smile.gif)