Search:

Dear Forum Members

I want to use a P2P file sharing program. I have been hearing that file sharing programs are a source of spywares. Are there any safe ones? Is Kazaa safe?

Thank you
...

Thank You Jak and Happy New Year for U

Thameen

Dear Jak

Now a day has passed after the disappearance of the annoying alert and I still do not see it. Thats good.

I keep the keyloggers on purpose, I use then when I use my laptop outside...

I did the SmitFraudFix clean. Was not prompted for wininet.dll, here is the log:
SmitFraudFix v2.131

Scan done at 9:08:32.70, Mon 12/25/2006
Run from C:\SmitfraudFix
OS: Microsoft Windows XP...

Dear Jak3

Regarding your note about process.exe, I have followed the link you provided but I did not understand much of what the page said. I do not have a basic knowledge about how the windows...

Hey Jak3, here is the scan log:

SmitFraudFix v2.131

Scan done at 4:07:30.40, Mon 12/25/2006
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem...

Dear Jak3

Thank you for taking up my question and for your time.

I was not sure from the tutorial if I have to run all the online scans mentioned or just a one. I have run only the online...

Dear Forum Members

First let me wish you all a merry Xmas and a happy new year.

I have since yesterday been seeing the activities of a spyware. It appears in the form of repeated alert nitices...

Thanks Shaba for this information.

Thameen

Dear Shaba.

Since two days I had no pop ups. Thats of course due to your help and your valuable time and attention you gave me.

Thameen

Dear Shaba. I want to add that I did not see the pop ups since yesterday.

Thameen

Logfile of HijackThis v1.99.1
Scan saved at 12:14:03 ?, on 30/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:...

Hi Shaba.

I found the "instant access" folder and removed it. But I did not find it at "Add Remove Programs" where I looked for it first.

The keylogger I keep them because I use them now and...

Logfile of HijackThis v1.99.1
Scan saved at 11:16:33 ?, on 29/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:...

Hi Shaba. Here are the results of the online scan.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, November 29, 2006...

Dear Shaba.

Thank you very much. I think we got rid of it. After I did the last BL scan and did the rename, I used the net for a good time without seeing the malware pop ups.

I did remove the...

Dear Shaba. I did the BL scan again, and I found the same five files. I renamed the first file and rebootedm but in the second scan I found no more files. Could all the files been renamed in the...

Hi Shaba . I'm now taking it personal with this smart malware. I really will enjoy it when I crush it. I hope I will. But I do not want to give you extended trouble. If you see that we need to stop,...

GMEr Scan part III

.text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 10002D16
.text ...

GMER scan part II

.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 10002DA7
.text ...

Here is the GMEr scan part I

GMER 1.0.12.11889 - http://www.gmer.net
Rootkit scan 2006-11-26 11:18:48
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT 82167420 ...

Dear Shaba.

I did do the KillBox. It did not reboot automatically. I had to reboot it manually.

Here is the fresh HJT report, GMER report follows in another message. Thanks alot.

Logfile...

.text C:\WINDOWS\system32\svchost.exe[784] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[784]...

Dear Shaba. Although I turned off Word Wrap in the Txt file, but the format here in the post was crampy. I apologize for the inconvenience.




GMER 1.0.12.11889 - http://www.gmer.net
Rootkit...

Thank you again Shaba. It is indded very nice of you to give me your attention and your time. I do appreciate both.

Here is the startup scan, in the next scan it is the GMER log:

!. StartUp...

[>> Winlogon <<]
HMLM->AltDefaultDomainName - JABA-8345EAAE63
HMLM->AltDefaultUserName - NASRI
HMLM->AutoAdminLogon - Reg Data - Value does not exist
HMLM->DefaultDomainName - JABA-8345EAAE63 ...

Dear Shaba. Here is the WinPFind scan as per your instructions, the log is too long for this forum, so I will post it in two parts:

Logfile created on: 24/11/2006 04:05:44 Õ
WinPFind2 by...

Hi Shaba

Thank you for replying to my post and for your time analyzing my case.

I did remove the lines in HJT that you recommended.

I too found C:\WINDOWS\system32\mwsrvacc.exe and deleted...

Dear Forum members

I have a problem with the pop ups:

1. WayPointCash
2. em.gad and fp.gad

I used to have lots of spywares. I installed some antispy software and removed every thing...