Jump to content

Recommended Posts

Was there ever any resolution to this problem? I am having the same issue, keep getting a 'system alert' that says there are active spyware programs running. This is after running 'rogue remover'.

I tried to clean up the notifications list but that one cannot be deleted.

The initial run of RR found the following files and issues:

RogueRemover has detected rogue antispyware components! Results below...

Type: File

Vendor: Rogue.Misc

Location: C:\Documents and Settings\All Users\Desktop\Online Security Guide.url

Selected for removal: Yes

Type: File

Vendor: Rogue.Misc

Location: C:\Documents and Settings\All Users\Desktop\Security Troubleshooting.url

Selected for removal: Yes

Type: File

Vendor: Rogue.Misc

Location: C:\Program Files\Video Add-on\icmntr.exe

Selected for removal: Yes

Type: File

Vendor: Rogue.Misc

Location: C:\Program Files\Video Add-on\icthis.exe

Selected for removal: Yes

Type: File

Vendor: Rogue.Misc

Location: C:\Program Files\Video Add-on\ictmdl.dll

Selected for removal: Yes

Type: File

Vendor: Rogue.Misc

Location: C:\Program Files\Video Add-on\ictun.exe

Selected for removal: Yes

Type: File

Vendor: Rogue.Misc

Location: C:\Program Files\Video Add-on\isfmdl.dll

Selected for removal: Yes

Type: File

Vendor: Rogue.Misc

Location: C:\Program Files\Video Add-on\isfmm.exe

Selected for removal: Yes

Type: File

Vendor: Rogue.Misc

Location: C:\Program Files\Video Add-on\isfmntr.exe

Selected for removal: Yes

Type: File

Vendor: Rogue.Misc

Location: C:\Program Files\Video Add-on\isfun.exe

Selected for removal: Yes

Type: File

Vendor: Rogue.Misc

Location: C:\Program Files\Video Add-on\ot.ico

Selected for removal: Yes

Type: File

Vendor: Rogue.Misc

Location: C:\Program Files\Video Add-on\ts.ico

Selected for removal: Yes

Type: Folder

Vendor: Rogue.Misc

Location: C:\Program Files\Video Add-on

Selected for removal: Yes

Type: Registry Key

Vendor: Rogue.Misc

Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert

Selected for removal: Yes

Type: Registry Key

Vendor: Rogue.Misc

Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety Features

Selected for removal: Yes

Type: Registry Key

Vendor: Rogue.Misc

Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools

Selected for removal: Yes

Type: Registry Value

Vendor: Rogue.Misc

Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|some

Selected for removal: Yes

Type: Registry Value

Vendor: Rogue.Misc

Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|start

Selected for removal: Yes

RogueRemover has found the objects above.

Link to post
Share on other sites

Hi there Colgrove, and welcome to Malwarebytes. I have split your post into it's own topic so you can get help. Please follow the directions below.

If you haven't already, please get these programs, update and run a complete scan removing all items found.

Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this.

AVG AntiSpyware Be sure to "take action"

Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum.

Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This!

You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth.

I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Link to post
Share on other sites

Hi there Colgrove, and welcome to Malwarebytes. I have split your post into it's own topic so you can get help. Please follow the directions below.

If you haven't already, please get these programs, update and run a complete scan removing all items found.

Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this.

AVG AntiSpyware Be sure to "take action"

Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum.

Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This!

You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth.

I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

OK I have done all that.

The initial run of Rogueremover fixed the majority of the problems as reported but left the notification.

I reran Spybot and that removed the notification - so success.

I then ran AVG which found:

Trojan horse Downloader.Zlob.LI C:\RECYCLER\S-1-5-21-507921405-1993962763-1060284298-1009\Dc1.exe 12/7/2007 20:10 Dc1.exe 79.93 KB

Trojan horse Downloader.Generic6.WPF C:\WINDOWS\system32\uglgs.dll 12/7/2007 20:10 uglgs.dll 12.5 KB

Panda Active scan found a bunch of cookies which I removed and also:

Incident Status Location

Adware:Adware/Webdir Not disinfected My Documents\downloads\Bittorrent\AVIMoviePlayer50.exe[iECodecPlg.dll]

I deleted this download, I had already un-installed the program.

Then followed Hijack this scan. I will send you that scan as a non-public message.

Thanks for all the help, much appreciated. It is good to know that there are people like you out there working for the publics interest rather than those who create the Malware etc.

Link to post
Share on other sites

AVG Anti-Spyware Settings

Select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

In the Settings screen click "Recommended actions" and then select "Quarantine".

Under "Reports"

Select "Automatically generate report after every scan"

DE-Select "Only if threats were found"

IMPORTANT: Do not open any other windows or programs while AVG is scanning, it may interfere with the scanning proccess.

Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan"

AVG Anti-Spyware will now begin the scanning process. Be patient as this may take a little time.

While scanning, AVG will list any infections found on the left side.

When the scan is completed, the recommended action should be set to Quarantine. If not, click Recommended Action and set it there. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right side.

Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Close AVG Anti-Spyware.

For the Panda log see the tutorial.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.