Geeks Geeks and More Geeks - View topic - I need some help - Computer, Internet, Photography, Microsoft Office and general disussion - Free Message Board Hosting by FreePowerBoards.com

The Friendly Place to Get Help and Support!

Here you will find free, friendly and courteous help and support for all your computing and photography needs. We also have forums where you can just relax and have fun, talk about anything you want to discuss within board guidelines, and share your interests and hobbies with others. Our portal (Home) page contains several activities and games where you can just relax. It also contains an ecard service.

You are welcome to browse the forums to see what we have to offer, but you must register in order to participate. Some forums, games and activities are viewable only after you register. If you are new, click here to get started.

I hope someone especially Repa can help me with this.

I was doing one of the tutorials, and went to my mssconfig... there is so much stuff in there that I don't know what to safely remove and what to keep in there. There are items I do not recognize wheather they are needed to run my computer or not. From...

cjknirut in program files windows current version
Direct cd in program files ada
ctfmon
svchost
shims shims.exe microsoft current version
Fast progra`1/com
Google toolbarnotifier program files google
aol program files aol

and many more

And this just in my start up... I had pm'd Repa and he responded and requested I post my problem here as well, so we can help others who may be having the same problem

Sandra
_________________

Life is beautiful, live it wisely, fully, justly and with lots of love...S.M.

Sandra, as I suspected from what you told me before, you have a lot of problems. Just in Startup alone, there are several potentially dangerous programs and the rest actual malware or spyware.

You can uncheck everything in msconfig but the following:

avgcc
avgemc
AOLSoftware

Be sure you set a restore point so if something doesn’t work right when you reboot, you can restore the registry back to where it was before you made the changes above.

You can do this now, and that will cut down on the use of a lot of resources so things will run a little faster for those things you will have to do in Normal Mode. However, you have many problems that will take some time to get rid of. Rather than attacking each of 1 – 15 below individually (and there are probably many, many more judging from the number of processes you say you have running), I suggest you start by going to Sticky #6 in the Tutorials forum and work through that step-by-step procedure in the order given from start to finish. Let’s see what that gets rid of, and then we can tackle any remaining problems one at a time. Following the procedure usually gets rid of almost everything.

You will note that most of the scanners that I have you download, update and run (if you don’t already have them on your computer) are to be run in Safe Mode. Only the online scanners are run in Normal Mode. Work through the steps in order. If you run into a problem or have a question, post here in this thread and I will get to you as soon as I can.

Here’s what I know about the stuff in msconfig (I am only listing stuff that is "bad" or stuff I can't find any information on):

1. cdaengine0500.dll - this is part of Wildtangent, which is a set of games loaded with spyware. It has built-in components to update itself and gather information about your computer system. You need to go to the control panel and remove wildtangent from Add/Remove programs. Immediately after that, run spybot to get rid of anything else related to wildtangent that removing it from the control panel didn’t get. Some registry edits will also be necessary.
2. servce.exe is a Worm, specifically the Worm_MYTOB.KB worm. Instructions are provided at

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.KB&VSect=Sn

where you are given the choice of removing it automatically or manually. You will then need to run HouseCall, Trend Micro's online virus scanner.

3. Webspec – this is a dangerous program and needs to be removed.
4. Viewmgr - Viewpoint Manager - automatic updates for ViewPoint products such as ViewPoint Media Player (as bundled with AOL, AOL Instant Messenger, Compuserve, etc). Not needed at startup and considered foistware instead of malware since it is installed without the user’s knowledge and didn’t do anything bad as of 2005. I recommend you uninstall ViewPoint; look for it in Add/Remove Programs.
5. VirtualBouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose ""custom"" uninstall as ""automatic"" may remove other programs.
6. uhodeb – don’t know what this is and can’t find anything about it. Where does it reside? What is its filename? At best, not needed. At worst, it could be malware.
7. Ssk - Added by the SOBIG.E WORM.
8. NEWDOT~2 – foistware; need to get rid of this
9. cjknirut - don’t know what this is and can’t find anything about it. Where does it reside? What is its filename? At best, not needed. At worst it could be malware.
10. 180ax – Ncase adware; need to get rid of this
11. svchost – This may be a Worm or Trojan as this is not normally configured in Msconfig/Startup! Where is it located and what is its filename name?
12. services - Part of initial setup on a Compaq PC, or it may be a worm. What is its filename?
13. shims - don’t know what this is and can’t find anything about it. Where does it reside? At best, not needed. At worst it could be malware.
14. fast – well, this could be anything – part of AOL, PowerToys, your scanner, or malware. Where is it located and what is its filename?
15. AOL – not needed in msconfig unless it is part of AOL's Active Virus Shield. I don’t think you have the active virus shield. What is the filename?

Sandra, when I ask you above where the startup item is located and what its filename is, to find that go back into msconfig > Startup tab and at the top of the window you will see titles for the 3 divisions of the table: Startup Item, Command, and Location. What you need to do is hover your cursor over the line between Command and Location until your cursor changes into a vertical line with an arrow coming out of each side of it in the middle. Left click and drag the line to the right until you expand the information directly below Command enough to read the entire line for each startup item that I ask you about location and filename. Write down that information and post it in this tread or send me a PM. That will help me to know what it is and whether it is bad or not.
_________________
Repa

Older than dirt!

Well the test results were aweful! I think everyone should follow Repas tuts...

The first scan with a-squared free found 70 YES 70 items, from malware spyware, greyware, trojans and more. After I finished that with my computer running. I shut down my computer and did it again in safe mode. It found 16 MORE!!!

3 files Troj_download e
2 troj_generic
1 tsp-asstart.a
1 troj.delf.cf
Hackingtools.bruteforce
and many more spyware...

(ALL CLEAN NOW)

Then I did spyware blaster and it found even more junk, plus registry key changes, and overrides.

2 ADw.purityscacc
3 adware_bhot_megasearch
1 adware_alwaysupdatednews

(All Clean now)

Then I did spybot and destroy
and it found even more...

a microsoft Ie security bypass
and 5 microsoft security content overides
2 llok2me.1 1volt_key
2 wb.hider
2 wildtangent

and only goodness knows what else!!!!

(all Cleaned NOW)

Please let me explain that I did NOT know I had all these problems. My old computer had only 5 gs of space and with my graphics it all went bye bye real fast. I constantly had to delete my wonderful graphics.

My daughter in law gave me this computer. I did all the updates required. I even went to mcafee online virus scan and check the computer. Yes it had found some, which I cleaned at that time (around January). right after that virus scan with mcafee I downloaded AVG and AdAware se personal. I have used both 2 times a day every single day I am online. HOW DID I GET INFECTED AGAIN???? OR, why didn't mcafee's free online scan not catch all the stuff I had???

My son used kazza, imesh, morpheous and so many other sites on this computer before I got it. I knew it! so after the updates I did an online virus scan, and got avg and adaware... how did this happen???

Grrrrrrrrrr. Everyone should go check Repas tutorials and do all that is needed to clean up your system. I am way not finished with the tuts, but I just redid, spy bot, a square and spyblaster again, and I am clean. I will be doing the trend micro over night.

Sandra
_________________

Life is beautiful, live it wisely, fully, justly and with lots of love...S.M.

In going through Stick #6, Sandra informed me in a PM that she did an online scan at Symantec and the scan found adware called BargainBuddy. She indicated that in order to remove it, she would have to pay. Sandra, here is how to remove BargainBuddy free:

1. What indications do you have that bargain buddy may be on your machine? If you have it, you should see the following in your system tray:

If you don’t see this, traces of it may be on the machine but not active.

2. If you run Hijackthis, you may also notice the following lines have been added:

O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll

O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe

Removal instructions:

Create a restore point before doing the following steps:

3. First, uninstall the Bullseye Network, Cashback by Bargain Buddy, and Navisearch from Add/Remove Programs

a. Click on Start, Settings, Control Panel
b. Choose Add/Remove Programs
c. If it exists in the list, select the Bullseye Network and click Add/Remove. During the uninstall you are required to fill out a survey asking why you uninstalled the product. Be very careful in answering the Yes/No questions during the uninstall since they are worded in such a way as to make you keep the product.
d. If it exists in the list, select Cashback by BargainBuddy and click Add/Remove
e. If it exists in the list, select Navisearch and Click Add/Remove

During the uninstall process, you will be presented with several prompts to guide you through uninstalling the product. Read these carefully to make sure you are actually choosing to uninstall rather than keep the software.

Unfortunately, even after removing the above items with Add/Remove Programs, the Bullseye Network and other files remain. At this point we can try removing most of the network and other files with scanners, or we may have to manually delete them. Some files will have to be removed manually.

4. Set up your computer to show hidden files and folders:

a. Select My Computer on your desktop.
b. Select View > Folder Options > View tab
c. Under Hidden Files and Folders:

i. select “Show hidden files and folders”
ii. deselect “Hide extensions for known file types”
iii. deselect “Hide protected operating system files”

5. Reboot into safe mode, and delete the following folders in C:\Program Files\ if they they exist:

a. CashBack
b. NaviSea
c. BullsEye Network

You can either follow the path to the folder on your C drive, or use Search (Start >Search > For files and folders >All files and folders, and then type the folder name in the text box below “All or part of the file name” and then select “Search”); then, right click on the folder, and select Delete from the drop-down menu that appears.

6. Now, look for the following one by one in Search and delete them if found - nvms.dll, mscb.dll, msbe.dll, msexreg.exe, javexulm.vxd and netut80ex.vxd. I believe these are hidden files, so when you do the search, click the arrow beside “More Advanced Options” and make sure all of the following are selected:

a. Search System Folders
b. Search hidden files and folders
c. Search subfolders

7. Next, while still in safe mode, run the following 3 scanners that you downloaded and updated in step 5:

a. CWShredder
b. Ad-Aware SE Personal
c. Spybot Search and Destroy

If any of the above find any trace of bargainbuddy (or any other adware, spyware, etc), have them remove what is found and run the programs again until nothing is found. Then reboot back into safe mode and repeat until no more items are found in any of the scanners.

8. While still in safe mode and going through Sticky #6, steps 6 – 10, be sure you also run EliteToolbar Remover and McAfee AVERT Stinger. If anything is found, have the programs remove it and run them again until nothing else is found.

Sandra, if this doesn't get rid of everything and there still appears to be traces of bargainbuddy on your system, we will have to go in and do several registry edits. Hopefully, this won't be necessary. Let me know what your results are. Keep the logs from the scanners so you know what was removed and what was not.
_________________
Repa

Older than dirt!

Hi Repa, Well I am at my daughters tonight. While my comp at home is doing some final scanning. I have done ALL the tutorial, I was able to get some of the downloadf, and some I was not able to get, for I had to buy it on both links you had sent me.

Some of the other download you mentioned I might need only if I had a problem with something listed, and when I did the scans, I did not have those Items listing in my scans neither in safe mode or full mode. So I did not get them.

I have run all the scan I do have in full mode and in safe mode (except 1 which is running right now) and there is nothing on any of the scans any more. Lets find out what tonights scan say's, but it seems to me that I am pretty clean now.

Sandra
_________________

Life is beautiful, live it wisely, fully, justly and with lots of love...S.M.

Page generation time: 0.3454s (PHP: 100% - SQL: 0%) - SQL queries: 26 - - Debug on