Adware (RESOLVED)

  1. 28-01-2006  #1
    TKING
    TKING is offline Full Member

    Adware (RESOLVED)

    Dear all,

    First Messsage

    When I turn my computer on it loads a pop up box with pornographic images asking you to click on one of the sites.

    I have run several anti spyware and adware programs which deletes the files (held in registry I believe), but when I turn my computer off then on again the pop up box reappears. Using Spybot and similiar creates a circular pattern as I just cant get rid of them. I turned system restore off and on which probably wasn't a wise move. My log is as follows and I would appreciate any instructions you may offer

    HKLM\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000001} -> Spyware.AutoSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
    :mozilla.6:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.7:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.11:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.12:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.27:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.36:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.37:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.38:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.39:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.79:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.80:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.81:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.90:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
    :mozilla.91:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
    :mozilla.96:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
    :mozilla.97:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.102:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.120:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Counted : Cleaned with backup
    :mozilla.152:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.153:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.154:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.183:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.184:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.185:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.186:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.187:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.188:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.189:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\vcb36r8q.default\coo kies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    C:\Documents and Settings\Client\Local Settings\Temp\lf_72C.tmp -> Downloader.Dluca.ci : Cleaned with backup
    C:\Documents and Settings\Client\Local Settings\Temp\lf_730.tmp -> Downloader.Dluca.ci : Cleaned with backup
    C:\Documents and Settings\Client\Local Settings\Temp\lf_73C.tmp -> Downloader.Dluca.ci : Cleaned with backup
    C:\Documents and Settings\Client\Local Settings\Temp\lf_744.tmp -> Downloader.Dluca.ci : Cleaned with backup
    C:\Documents and Settings\Client\Local Settings\Temp\lf_74C.tmp -> Downloader.Dluca.ci : Cleaned with backup
    C:\Documents and Settings\Client\Local Settings\Temp\lf_754.tmp -> Downloader.Dluca.ci : Cleaned with backup
    C:\Documents and Settings\Client\Local Settings\Temp\lf_75C.tmp -> Downloader.Dluca.ci : Cleaned with backup
    C:\oldc\RECYCLED\NPROTECT\00003955.TXT -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\oldc\RECYCLED\NPROTECT\00003956.TXT -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\oldc\RECYCLED\NPROTECT\00003957.TXT -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\oldc\WINDOWS\Cookies\terry king@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\oldc\WINDOWS\Cookies\terry king@112.2o7[3].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\oldc\WINDOWS\Cookies\terry king@ad.au.doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\oldc\WINDOWS\Cookies\terry king@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    C:\oldc\WINDOWS\Cookies\terry king@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\oldc\WINDOWS\Cookies\terry king@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\oldc\WINDOWS\Cookies\terry king@stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\oldc\WINDOWS\Cookies\terry king@tiscover.oewabox[1].txt -> Spyware.Cookie.Oewabox : Cleaned with backup
    C:\oldc\WINDOWS\Cookies\terry king@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    C:\Program Files\Common Files\System\ms1src.exe -> Downloader.Dluca.ci : Cleaned with backup
    C:\Program Files\sym\dialers\sexy_blondes_au\sexy_blondes_au. exe -> Dialer.Generic : Cleaned with backup


    ::Report End

    Best Regards
    TKING

  3. 28-01-2006  #2
    VopThis
    VopThis is offline Senior Member (Canada)
    Please post a HijackThis log - see the 'Read First Procedures' here:

    http://www.d-a-l.com/help/showthread.php?t=32403
  4. 28-01-2006  #3
    TKING
    TKING is offline Full Member
    Quote Originally Posted by VopThis
    Please post a HijackThis log - see the 'Read First Procedures' here:

    http://www.d-a-l.com/help/showthread.php?t=32403
    Dear Vop,

    Not sure how i did it but I have removed the adware - at least the scans by spybot, adaware and noadware are not picking the threat up anymore.

    Thanks for responding to my request for help
    TKING
  5. 29-01-2006  #4
    VopThis
    VopThis is offline Senior Member (Canada)
    Save 20% on AVG Internet Security 2012 Suite!
    Not sure how i did it but I have removed the adware
    Very good news. An absense of DETECTABLE problems does not guarantee that problems are not still there or are in a position to reinfect. Still recommend that you submit a HJT log.


    Note:

    You will never see 'NoAdware' recommended in these forums. There are much better CONSISTENTLY REPUTABLE tools than that out there, in my opinion. Some better choices are the free MS Antispyware tool, SpySweeper, Spyware Doctor, Winpatrol.

    NoAdware Adware/Spyware remover - initially considerered a rogue program - see here http://www.adwarereport.com/mt/archives/000023.html . The latest version has since apparently mended its ways: see note http://www.spywarewarrior.com/rogue_...e.htm#naw_note
    http://castlecops.com/startuplist-6393.html
+ Reply to Thread
« HiJack this Log please! | DrWatson Postmortem Debugger Error! »