I have been infected with the Spyware.ISpynow virus. PLEASE HELP ME :(

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Solved Re: I have been infected with the Spyware.ISpynow virus. PLEASE HELP ME :(

Post by Belahzur on 1st December 2008, 7:21 pm

Nothing harmful in the uninstall log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I have been infected with the Spyware.ISpynow virus. PLEASE HELP ME :(

Post by rortega03 on 1st December 2008, 7:22 pm

ok last but not least...Can I delete everything that I was asked to download during the process of removing the virus?

*Also should I be worried about opening my bank account online and other sites that require passwords?

rortega03
Novice
Novice

Posts Posts : 42
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 29290
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I have been infected with the Spyware.ISpynow virus. PLEASE HELP ME :(

Post by Belahzur on 1st December 2008, 7:25 pm

Yeah, you can delete everything we used.

And yes, the malware is gone, the machine is fine. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I have been infected with the Spyware.ISpynow virus. PLEASE HELP ME :(

Post by rortega03 on 1st December 2008, 7:27 pm

Thank you so much Belahzur!!!!!!!!!!! YOUR THE BEST!!!! I appreciate all your help and time!!!! You're a genious!!

rortega03
Novice
Novice

Posts Posts : 42
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 29290
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I have been infected with the Spyware.ISpynow virus. PLEASE HELP ME :(

Post by rortega03 on 1st December 2008, 7:40 pm

Ok one more thing. I just ran a final scan on my computer from AVG and its showing under Found/Infection all these types of tracking cookies? whats is that all about? is it ok? what should I do?

rortega03
Novice
Novice

Posts Posts : 42
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 29290
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I have been infected with the Spyware.ISpynow virus. PLEASE HELP ME :(

Post by Belahzur on 1st December 2008, 7:42 pm

Harmless.
Everyone's browser needs those cookies to functions.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I have been infected with the Spyware.ISpynow virus. PLEASE HELP ME :(

Post by rortega03 on 1st December 2008, 7:43 pm

thank you once again for all your help! Thank You!

rortega03
Novice
Novice

Posts Posts : 42
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 29290
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I have been infected with the Spyware.ISpynow virus. PLEASE HELP ME :(

Post by rortega03 on 1st December 2008, 8:48 pm

Im back again with a question. I went to How I got infected in the first place on GeeksToGo and it has the following listed.

2.) Go to IE > Tools > Windows Update > Product Updates, and install ALL High-Priority Security Updates listed.
If you're running Windows XP, that of course includes the Service Pack 2! If you suspect your computer is infected with Malware of any type, we advise you to not install SP2 if you don't already have it. You can post a HijackThis log on our Forums to get free Expert help cleaning your machine. Once you are sure you have a clean system, it is highly recommended to install SP2 to help prevent against future infections.


Do I need to install the SP2?

rortega03
Novice
Novice

Posts Posts : 42
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 29290
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I have been infected with the Spyware.ISpynow virus. PLEASE HELP ME :(

Post by Belahzur on 1st December 2008, 8:50 pm

Hijack This says you already have SP3, so windows updates shouldn't alert you of SP2, and that article needs updating. Goofy


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I have been infected with the Spyware.ISpynow virus. PLEASE HELP ME :(

Post by rortega03 on 1st December 2008, 8:54 pm

Cool thanks

rortega03
Novice
Novice

Posts Posts : 42
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 29290
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I have been infected with the Spyware.ISpynow virus. PLEASE HELP ME :(

Post by rortega03 on 2nd December 2008, 12:55 am

Belahzur I just received a threat detected.

Threat detected!

File name: C:\System Volume Information\_restore{3C224264-C0A-418F-B117-81DFDEBFEF89}\RP221\A0111744.dll

Threat Name: Trojan horse Agent.ANI
detected on open

I was giving the option to either HEAL, MOVE TO VAULT or IGNORE

what should I do?

rortega03
Novice
Novice

Posts Posts : 42
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 29290
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I have been infected with the Spyware.ISpynow virus. PLEASE HELP ME :(

Post by Belahzur on 2nd December 2008, 12:57 am

System restore, don't worry. Smile

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I have been infected with the Spyware.ISpynow virus. PLEASE HELP ME :(

Post by rortega03 on 2nd December 2008, 1:03 am

mean while what do i do with the alert? I havent clicked on anything such as heal, move to vault or ignore

rortega03
Novice
Novice

Posts Posts : 42
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 29290
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I have been infected with the Spyware.ISpynow virus. PLEASE HELP ME :(

Post by Belahzur on 2nd December 2008, 1:04 am

Move to vault, or ignore.
Either way, it's gonna get deleted when you turn system restore off.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I have been infected with the Spyware.ISpynow virus. PLEASE HELP ME :(

Post by rortega03 on 2nd December 2008, 1:05 am

ok just completed your instruction to turn off and turn on system restore

rortega03
Novice
Novice

Posts Posts : 42
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 29290
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I have been infected with the Spyware.ISpynow virus. PLEASE HELP ME :(

Post by Belahzur on 2nd December 2008, 1:06 am

Okay, all the old restore points are gone. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I have been infected with the Spyware.ISpynow virus. PLEASE HELP ME :(

Post by rortega03 on 2nd December 2008, 1:07 am

promise? everything is ok now. no need to run some other tests or analyz anything else?

rortega03
Novice
Novice

Posts Posts : 42
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 29290
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I have been infected with the Spyware.ISpynow virus. PLEASE HELP ME :(

Post by Belahzur on 2nd December 2008, 1:08 am

Trust me, it's clean.
System restore is no threat even if they are infected, as along as you don't use system restore.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: I have been infected with the Spyware.ISpynow virus. PLEASE HELP ME :(

Post by rortega03 on 2nd December 2008, 1:20 am

ok...thank you once again your the best. I dont know what I would of done with out this website and you!!! Take Care and dont work too hard

rortega03
Novice
Novice

Posts Posts : 42
Joined Joined : 2008-12-01
OS OS : Windows XP
Points Points : 29290
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I have been infected with the Spyware.ISpynow virus. PLEASE HELP ME :(

Post by cljones517 on 2nd December 2008, 3:28 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:43 PM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Crystal Jones\Local Settings\Temporary Internet Files\Content.IE5\SELZYNKC\Hijack(GP)This[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [nah_Shell] C:\Documents and Settings\Crystal Jones\nah_dkpi.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6567 bytes

Uninstall List
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.2
Adobe Stock Photos 1.0
Airport Mania: First Flight
Apple Mobile Device Support
Apple Software Update
Azada : Ancient Magic
Big Fish Games Client
Bonjour
Broadcom 440x 10/100 Integrated Controller
Burger Shop
Camp Funshine: Carrie the Caregiver 3
Carrie the Caregiver
Conexant HDA D330 MDC V.92 Modem
Cooking Dash
Delicious Deluxe
Dell Resource CD
Dell Wireless WLAN Card
Diner Dash Flo on the Go
EPSON Printer Software
Fishdom
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.480
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iTunes
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Megaplex Madness: Now Playing
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mystery P.I. - The Lottery Ticket
NVIDIA Drivers
OpenOffice.org Installer 1.0
Paradise Pet Salon
Pet Shop Hop
QuickTime

cljones517
Novice
Novice

Posts Posts : 13
Joined Joined : 2008-12-02
OS OS : Windows XP
Points Points : 29280
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: I have been infected with the Spyware.ISpynow virus. PLEASE HELP ME :(

Post by Doctor Inferno on 9th December 2008, 2:35 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104620
# Likes # Likes : 0

View user profile

Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum