FRIHOSTFORUMSFAQTOSBLOGSDIRECTORY
You are invited to Log in or Register a Frihost Account!

"virus"

   Frihost Forum Index -> Computers -> Computer Problems and Support
 


Saber
ok, well Im sure that this is fake, and is a virus.... anyways, I cant get rid of it, any ideas what it is? I dont notice anything in the task manager that Im runnning, so.. yah....
Im stuck..
devroom
have you tried a virusscanner and hitman pro? Maybe i can help u but i need to know more about what you have already tried.

And for browsing DONT use IE but use Firefox or Opera. They block most spyware and stuff
alienjones
Have you virus-scanned your system?
If virus can't be found, get
HiJackThis
to find out what is happening.

To me this seems like AdWare hidden somewhere in the windows-registry.
Saber
First off I would like to apologize for not giving enough info in my last post.
@alienjones and devroom
Yes I have tried lots of virus/adware/trojan programs. All of them couldn't see and get rid of all the files I needed to get rid of. The best of them would "fix" the problem untill I restarted.

@devroom I never use Ie due to its horrible... everything... Firefox all the way.

Anyways, it turned out to be something called spyquake.
alienjones, was right is that it had lots of hidden parts.
Processes:
Quote:
spywarequakeinstaller.exe
spywarequake.exe
uninst.exe


Reg values:
Quote:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpywareQuake
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
SharedTaskScheduler\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}
HKEY_CLASSES_ROOT\Typelib\{661173EE-FA31-4769-97D4-B556B5D09BDA}
HKEY_CURRENT_USER\Software\Classes\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BrowserHelper Objects\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareQuake HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\App Paths\SpywareQuake.exe\: "%programfiles%\SpywareQuake\SpywareQuake.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run\SpywareQuake: "%program files%\SpywareQuake\SpywareQuake.exe /h"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\SpywareQuake\DisplayName: "SpywareQuake 2.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\SpywareQuake\UninstallString: "%programfiles%\SpywareQuake\uninst.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\SpywareQuake\DisplayIcon: "%programfiles%\SpywareQuake\SpywareQuake.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\SpywareQuake\DisplayVersion: "2.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\SpywareQuake\NSIS:StartMenuDir: "SpywareQuake"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\SpywareQuake\URLInfoAbout: "http://www.spywarequake.com"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\SpywareQuake\Publisher: "SpywareQuake.com"
HKEY_LOCAL_MACHINE\SOFTWARE\SpywareQuake\refid: "1"
HKEY_LOCAL_MACHINE\SOFTWARE\SpywareQuake\Language: "1033"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{189518DF-7EBA-4D31-A7E1-73B5BB60E8D5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{189518DF-7EBA-4D31-A7E1-73B5BB60E8D5}
KEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{23D627FE-3F02-44CF-9EE1-7B9E44BD9E13
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{43CFEFBE-8AE4-400E-BBE4-A2B61BB140FB
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{5790B963-23C5-43C1-BCF5-01C9B5A3E44E
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{5D42DDF4-81EB-4668-9951-819A1D5BEFC8
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{76D06077-D5D3-40CA-B32D-6A67A7FF3F06
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{86C7E6C3-EC47-44E5-AA08-EE0D0A25895F
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{9283DAC1-43F5-4580-BF86-841F22AF233
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{AE90CAFC-09D4-47F0-9E11-CE621C424F08}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{BA397E39-F67F-423F-BC6E-65939450093A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{BEC8A83D-01D4-4F15-B8A9-4B4AB24253A7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{C4EEDC19-992D-409A-B323-ED57D511AFA5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{DD90F677-D205-4F70-9014-659614AABCB2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{E3DF91F3-F24F-441E-9001-D61F36024322}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{F459EADB-5903-48D5-864C-2B7B46AB1424}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{FC4EDF66-0547-4F1A-AE96-7CFCAD711C90}


dlls:
Quote:
stickrep.dll
msvcp71.dll
msvcr71.dll
ex. 2020search2.dll,2020search.dll


and finally more files linked to it:
Quote:
dfrgsrv.exe
mssearchnet.exe
nvctrl.exe
spywarequake 2.0 website.lnk
spywarequake 2.0.lnk
uninstall spywarequake 2.0.lnk
spywarequake 2.0.lnk
blacklist.txt
ref.dat
spywarequake.url
sq.ini
english.ini
hp[X].tmp
ld[X].tmp
devroom
Quote:
spywarequakeinstaller.exe
spywarequake.exe
uninst.exe


Because i say this i thought mabe press just uninst.exe?

And i believe this kind of stuff is called 'rootkits'. MS says with that kind of stuff: use windows defender and i believe spybot search and destroy
OR and i believe thats the way that isnt chill: reinstall and COMPLETELY ERASE the disk. So with installing windows press total format (picture)

I hope u can fix it because reinstall is i too much time Wink

Before i forget try also this 2 programms (both free):
http://www.buttuglysoftware.com/ cleancache, works great
http://www.malwhere.com/ Malwhere, search for programs that shouldnt be running[/url]
Bones
devroom wrote:
have you tried a virusscanner and hitman pro? Maybe i can help u but i need to know more about what you have already tried.

And for browsing DONT use IE but use Firefox or Opera. They block most spyware and stuff


Firefox will pick up spyware just as easily as any other browser...try a scan with Spybot after surfing for a while with FF and see for yourself.

I dual boot SuSE and XPP and do most of my surfing in linux...the code can't execute in linux if it was designed for Windows.
Same as mac...mac isnt any more spyware/virus proof...but malware coders cant be bothered to code for mac because not enough ppl use it.

If it's a rootkit, then most virus scanners arent going to help you either, and certainly Windows Defender and Spybot arent going to get rid of a root kit ...the whole point of a rootkit is to be undetectable to virus scanners and to the OS itself...rootkits will not show up in add/remove programs, the registry or even the task manager. They are basically invisible.
Reply to topic    Frihost Forum Index -> Computers -> Computer Problems and Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2007 Frihost, forums powered by phpBB.