Undetected adware/spyware found.

G

Grunt

New member
Hi. Today, something happened to my PC. I was sure it was some sort of spyware, and I had Spybot S&D ready. Full scan, found a few things, removed them all, but didn't remove the problem I was having.

To be more precise, my desktop wallpaper was replaced with a blank page, with a frame in which there were some ads. They kept refreshing every minute or so.

I ran Spybot S&D multiple times (newest updates too), safe mode as well - didn't work. Although the ads weren't there in safe mode. So I figured I should remove it manually.

Nothing in the registry, no suspicious files on my hard drive. Then an idea hit me: check the desktop properties. So I right clicked the desktop, chose Properties, went to the Desktop tab, clicked the "Customize my desktop..." button, and went to the Web tab. Then, there were two files listed:

C:\Program Files\Windows Media Player\kyzeqe.html
C:\Program Files\MSN Gaming Zone\howynyda.html

I just removed them from the list, and it was all back to normal. If you need the code of the .html files (both are identical in content), it's attached to this post, as TXT.

Thanks, and I hope this helps the team!
 
Last edited by a moderator:
Warning!!!

If I attempt to open the howynyda.txt attachment in the preceding post, McAfee pops up the following:

Code: 
[B]Trojan Removed[/B]

McAfee has automatically blocked and removed a Trojan.

Details
Detection: Zquest (Trojan), Zquest (Trojan)
File Path: C:\Documents and Settings\[I]username[/I]\Local Settings\Temporary Internet Files\Content.IE5\DB0D5ISW\howynyda[1].txt

More Info
Trojan horses appear to be legitimate programs but can disrupt, damage, or provide unauthorized access to your computer
 
Last edited:
McAfee is probably detecting the script, <SCRIPT LANGUAGE="Javascript"> and I removed the attachment. :)

Grunt, files help our detections rather than the script.
So in future, if Spybot-S&D does not detect an item please send the zipped file to: detections(AT)spybot.info Replace AT with @

Put the name of the file/infection into subject matter.

If you would like someone to check the system to see if it is clean:
Spybot-S&D version 1.4
Version 1.4 :Systems Supported
  • Close all browsers
  • Open SpyBot, check for and get any updates available
  • Check for problems and fix everything found in red
  • Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except
  • Uncheck[ ] do not report disabled or known legitimate Items.
  • Uncheck[ ] Include a list of services in report.
  • Uncheck[ ] Include uninstall list in report.
  • Now select (near the top) view report.
  • Click export and in the 'save in' box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report.

Or:
Follow the instructions in this sticky topic to post a HJT log in malware removal.
"BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D

Then start your own thread in the malware forum and copy/paste the HJT log into the topic:
Malware Removal Forum

Regards. :)
 
Last edited:
You must log in or register to reply here.
Back
Top