Home > Solved Help > Solved: Help With Winanitspy Please!

Solved: Help With Winanitspy Please!

o It will open in your default text editor (such as Notepad/Wordpad). Doing so can result in serious damage to your computer. I'm really afraid that I am going to screw up the computer. 0 #7 g2i2r4 Posted 06 September 2005 - 05:17 AM g2i2r4 retired HiJack Helper Retired Staff 5,080 posts So You can enable it after you're clean.Open Spybot and click on Mode and check Advanced ModeCheck yes to next window.Click on Tools in bottom left hand corner.Click on Resident icon.Uncheck Teatimer

Am I wrong ? HTH. Check out the forums and get free advice from the experts. Next you will see: Type in the filepath as instructed by the forum staff Then Press Enter, Then F6, Then Enter Again to continue with the fix.At this point please type

If you found the folder , you can not delete them by clicking delete. When starting up the computer again, Norton flashed saying it was off, and told me to click on the icon on my tool bar, so I did. Others may use unfair, deceptive, high pressure sales tactics to scare up sales from gullible, confused users. Logfile of HijackThis v1.99.1 Scan saved at 8:03:45 AM, on 8/19/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe

  1. Please reply using the button in the lower right hand corner of your screen.
  2. Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options
  3. Same symptoms as you.
  4. It said that to prove I was a human and not a computer script, I had to enter the code.
  5. File size expected 2855080.
  6. I entered C:\WINDOWS\ServicePackFiles\comnut.dll and then hit enter, F6, and enter again, first I got a pop up from Norton saying that a malicious script has been detected.
  7. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished.
  8. Adaware shows nothing but tracking cookies on a full scan which I have deleted several times but it doesnt affect the popup.
  9. Edited by Aaflac, 10 October 2008 - 07:41 PM.

It was executable file found under startup.HOW to Remove it 1) GO to "C:\Documents and Settings\All Users\Application Data" and check for milacoulouse name folder . On a whim, I hit the Remove button and a window opened with a number code. It was executable file found under startup. Hope it works for you guys too.

associations (1); same app as Max Privacy Protector, SpyDoctor, SpyFirewall, Spyinator, SpyKiller 2005, SpyLax, SpySpotter, SpywareThis, & Spyware Protection Pro; Ad-aware knockoff [A: 10-5-04 / U: 2-7-05] 1stAntiVirus 1stantivirus.com innovagest2000.com uses We do not want to clean you part-way, only to have the system re-infect itself. Again, I'll pop back later to give you an update after I uninstall Avast! http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan:Win32/Anomaly.gen File not found O2 - BHO: (URLDetector Class) - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll (Prevx Ltd.) O2 - BHO: (no name) - {5FB6E0EA-E4C6-4176-B488-FA1C96E6FCAB} - Reg Error: Key does not

associations (1) [A: 9-4-05 / U: 9-4-05] Spyware Destroyer spyware-destroyer.com inadequate info about app, no trial version locatable; home page uses same "free scan" as NetSpyProtector; "free scan" prone to false associations (1) [A: 8-12-04 / U: 8-12-04] #1 Spyware Killer 1spywarekiller.com surfertools.com false positives work as goad to purchase; poor scan reporting; dubious corp. File not found O2 - BHO: (no name) - {A5D13D08-B9D0-483A-A0C1-C825C2E54EC7} - Reg Error: Value does not exist or could not be read. Back to top #4 Rummy Rummy Member Members 35 posts Posted 10 October 2008 - 10:54 PM OTListIt logfile created on: 10/10/2008 11:20:55 PM - Run OTListIt by OldTimer - Version

Popup re-appears every few minutes. https://forums.pcpitstop.com/index.php?/topic/161361-virtumonde-virus/ YOu must go to Safe mode and delete them. Using the site is easy and fun. The popups all have the words 'CiD' on the left side of the title bar.

adware program (1); same app as SpyRemover - please read this note about SpyCleaner [A: 6-26-04 / U: 5-12-06] SpyContra spycontra.com innovagest2000.com uses flawed, inadequate detections scheme; same company as AlfaCleaner, Targets browser behavior and displays advertisements. ... Am I in completely over my head, and should I just call someone to come fix this? O15 - HKU\S-1-5-19\..Trusted Sites: 122 domain(s) and sub-domain(s) not assigned to a zone.

Back to top #3 Rummy Rummy Member Members 35 posts Posted 10 October 2008 - 10:48 PM Thanks for the quick response, Aaflac. Back to top #6 turboN13 turboN13 Newbie Members 1 posts Posted 15 April 2007 - 02:20 AM I had the same problem with the CiD popup. Download this file : http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe or http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe Double click combofix.exe & follow the prompts. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 ==========

I entered the file path and after clicking enter, F6, enter, I received the message "File path you entered does not seem to exist. Please create a new folder for it and place the program into that new folder.***Please disable SpybotSD’s protection, as it may hinder the removal of the infection. This is to ensure that backups are saved and accessible in the event you should need it.

Infected from Bebo virus +mywebsearch Started by dome90uk , Dec 06 2008 03:23 PM Page 1 of 2 1 2 Next This topic is locked 25 replies to this topic #1

File not found O2 - BHO: (no name) - {B36C4F54-2CA2-4CA1-978C-E00E19026BEA} - Reg Error: Key does not exist or could not be opened. O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} http://download.micr...42/wmsp9dmo.cab (Reg Error: Key does not exist or could not be opened.) O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.micros...386/msaudio.cab (Reg Error: Key does not exist or could not be Here is a summary: 1. The CiD pop-up is an optional sponsor for Windows Live!

Upon installation it will ask you if you whould show your support by allowing it to install intergrated sponsor support (Adware sanctioned my microsoft). Anywho, I did make any additional changes that were spelled out by you (after the fact) and here are my logs. I'm downloading it right now ... by double-clicking the icon on your desktop (or from the Start > All Programs menu).Set the program up as follows:Click "Options..."Move the arrow down to "Custom CleanUp!"Put a check next to

o Click Preferences. scanning hidden autostart entries ... It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.Click FT Server""C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe""C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe""C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe""C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe""C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour""C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes""C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger""C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows

I did NOT do this, as it seems quite suspicious and will probably run code further infecting my computer.After doing some more searching online, I was led to info on Symantec's This is my first time Discussion in 'Virus & Other Malware Removal' started by Konuxiv, Aug 18, 2007. Read More"The 'Read More' link will take you to http://www.bleepingc...6/CiD-Help.html ..."This Add or Remove Programs entry corresponds to a program that is either malware, installs malware, or is bundled with malware.It O15 - HKCU\..Trusted Sites: www.ebay.com (https in Trusted sites) O15 - HKCU\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.

More Information For additional information on "rogue/suspect" anti-spyware products, see the More Information section towards the bottom of the page. Total applications listed: 349 Product Domains Comments 1 Click Spy Clean 1clickspyclean.com 1clicksuite.net Spybot S&D rip-off (1); dubious corp. Error code 0x80072F76 I have contacted Windows to try to figure out why, and I am waiting for an answer. I selected the option to search hidden files and folders as well as system files and folders.

For reports on more extensive testing with a select group of anti-spyware utilities, see HERE. Follow the instructions below if you are unsure how to save it in a permanent folder:1.) Click on the link to download HiJackThis.exe.2.) When it pulls up the box (for you O15 - HKU\S-1-5-20\..Trusted Sites: 122 domain(s) and sub-domain(s) not assigned to a zone. scanning hidden files ...

maybe one of you could help me out here, as this virtumonde trojan is driving me to drink. associations (1, 2); same app as PSGuard [A: 11-7-04 / U: 1-4-06] SlimShield slimshield.com spyware-wiper.com aggressive advertising, hijacking, stealth installation (1, 2, 3, 4); badgers users into purchase; false positives work Back to top #5 Rummy Rummy Member Members 35 posts Posted 10 October 2008 - 11:04 PM OTListIt Extras logfile created on: 10/10/2008 11:20:55 PM - Run OTListIt by OldTimer -