Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: help posible spyware!

  1. #1
    Junior Member
    Join Date
    Dec 2005
    Posts
    17

    Angry help posible spyware!


    Is My Way search assistant spyware?

    I am wounding is My way search assistand spyware. It came with our computer from dell. I am wounding is this a browser High Jacker. The program comes from Myway.com, I also found a program call View Point Is this spy-ware it was detected by another companies program. Something is wrong with are computer I really need some help. I did some reasearch on my own, and found that My way search assistant is already listed as a different one in your program, It is in the PUPS Section. I remove parts of it, but I don't think I got it all, could this be cause me problems.
    Last edited by Sages8067; 2005-12-29 at 12:39.

  2. #2
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hi Sages8067
    In my opinion its borderline, not a program i would have on my pc's, Even the one that del includes.
    Your choice wherther to fix or not
    What version and when did you last update SpyBot ?

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,470

    Default

    Due to lack of a response this topic will be archived.
    If you need it re-opened please send a message to myself or Lonny with a link to this thread.
    Last edited by tashi; 2005-12-29 at 12:49. Reason: Re-Opened.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  4. #4
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Re-opened on request
    Lets get a closer look
    Please go here and follow instructions.
    Before you post a log
    http://forums.spybot.info/showthread.php?t=288
    Post the hjt log here in this thread.
    Someone will then take a look at the system and advise you.

  5. #5
    Junior Member
    Join Date
    Dec 2005
    Posts
    17

    Question Heres what I have done

    I was working on some things and noticed my computer acting wierd. so I starting look into stuff like spy-ware and virus.

    I first tried Microsoft Anti- Spy it can back clean
    I Tried Adaware it can back clean
    I tried Spy-bot it came back clean
    I tried Pest Patrol throught the net It came back clean
    I tried XoftSpy IT found a program called View Point, Which I never Had heard of. So I Checked it out I Didn't know to do after I went to their site.

    I tried Spy Bouncer it found 3 things One I had a question, I knew it was spy ware the other I knew it was clean. the One that I knew was spy was call My Way Search Assistant. Aka My way Web search. I tried to remove it my self.

    I ran an anti virus.
    I just re ran HiJack This. Most of the stuff It In I know is clean, Yes I will send you the file if you want.

  6. #6
    Junior Member
    Join Date
    Dec 2005
    Posts
    17

    Question One More thing

    I am now also trying RootKit Revealer, this is because I think it might be a root kit, that were looking for.

  7. #7
    Junior Member
    Join Date
    Dec 2005
    Posts
    17

    Question Log 1

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\TEMP\Temporary Directory 1 for RootkitRevealer.zip\RootkitRevealer.exe
    C:\WINDOWS\TEMP\JTURYMT.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\dumprep.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\Documents and Settings\Steven Sagers\Desktop\HijackThis.exe

  8. #8
    Junior Member
    Join Date
    Dec 2005
    Posts
    17

    Question Log 2

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

  9. #9
    Junior Member
    Join Date
    Dec 2005
    Posts
    17

    Question Log 3

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
    O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
    O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
    O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
    O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
    O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pestpatrol.com/pestscan/pestscan.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in) -
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in) -
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: JTURYMT - Sysinternals - www.sysinternals.com - C:\WINDOWS\TEMP\JTURYMT.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

  10. #10
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hi Sages8067
    You should not be troubleshooting on your own and asking for assistance at the same time.

    When your finished post a fresh hijackthis log, this time all of it, that ones missing the header (portion at the top) and put it in a folder, dont run it from the desktop.

    PS : viewpoint and myway are minor things that shouldnt be cousing problems, i do suggest uninstalling them via the windows addremove programs though.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •