Colgrove Posted December 4, 2007 ID:10626 Share Posted December 4, 2007 Was there ever any resolution to this problem? I am having the same issue, keep getting a 'system alert' that says there are active spyware programs running. This is after running 'rogue remover'.I tried to clean up the notifications list but that one cannot be deleted.The initial run of RR found the following files and issues:RogueRemover has detected rogue antispyware components! Results below...Type: FileVendor: Rogue.MiscLocation: C:\Documents and Settings\All Users\Desktop\Online Security Guide.urlSelected for removal: YesType: FileVendor: Rogue.MiscLocation: C:\Documents and Settings\All Users\Desktop\Security Troubleshooting.urlSelected for removal: YesType: FileVendor: Rogue.MiscLocation: C:\Program Files\Video Add-on\icmntr.exeSelected for removal: YesType: FileVendor: Rogue.MiscLocation: C:\Program Files\Video Add-on\icthis.exeSelected for removal: YesType: FileVendor: Rogue.MiscLocation: C:\Program Files\Video Add-on\ictmdl.dllSelected for removal: YesType: FileVendor: Rogue.MiscLocation: C:\Program Files\Video Add-on\ictun.exeSelected for removal: YesType: FileVendor: Rogue.MiscLocation: C:\Program Files\Video Add-on\isfmdl.dllSelected for removal: YesType: FileVendor: Rogue.MiscLocation: C:\Program Files\Video Add-on\isfmm.exeSelected for removal: YesType: FileVendor: Rogue.MiscLocation: C:\Program Files\Video Add-on\isfmntr.exeSelected for removal: YesType: FileVendor: Rogue.MiscLocation: C:\Program Files\Video Add-on\isfun.exeSelected for removal: YesType: FileVendor: Rogue.MiscLocation: C:\Program Files\Video Add-on\ot.icoSelected for removal: YesType: FileVendor: Rogue.MiscLocation: C:\Program Files\Video Add-on\ts.icoSelected for removal: YesType: FolderVendor: Rogue.MiscLocation: C:\Program Files\Video Add-onSelected for removal: YesType: Registry KeyVendor: Rogue.MiscLocation: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety AlertSelected for removal: YesType: Registry KeyVendor: Rogue.MiscLocation: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety FeaturesSelected for removal: YesType: Registry KeyVendor: Rogue.MiscLocation: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom ToolsSelected for removal: YesType: Registry ValueVendor: Rogue.MiscLocation: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|someSelected for removal: YesType: Registry ValueVendor: Rogue.MiscLocation: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|startSelected for removal: YesRogueRemover has found the objects above. Link to post Share on other sites More sharing options...
JeanInMontana Posted December 4, 2007 ID:10629 Share Posted December 4, 2007 Hi there Colgrove, and welcome to Malwarebytes. I have split your post into it's own topic so you can get help. Please follow the directions below.If you haven't already, please get these programs, update and run a complete scan removing all items found.Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this.AVG AntiSpyware Be sure to "take action"Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum.Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth.I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures. Link to post Share on other sites More sharing options...
Colgrove Posted December 8, 2007 Author ID:10728 Share Posted December 8, 2007 Hi there Colgrove, and welcome to Malwarebytes. I have split your post into it's own topic so you can get help. Please follow the directions below.If you haven't already, please get these programs, update and run a complete scan removing all items found.Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this.AVG AntiSpyware Be sure to "take action"Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum.Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth.I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.OK I have done all that.The initial run of Rogueremover fixed the majority of the problems as reported but left the notification.I reran Spybot and that removed the notification - so success.I then ran AVG which found:Trojan horse Downloader.Zlob.LI C:\RECYCLER\S-1-5-21-507921405-1993962763-1060284298-1009\Dc1.exe 12/7/2007 20:10 Dc1.exe 79.93 KBTrojan horse Downloader.Generic6.WPF C:\WINDOWS\system32\uglgs.dll 12/7/2007 20:10 uglgs.dll 12.5 KBPanda Active scan found a bunch of cookies which I removed and also:Incident Status Location Adware:Adware/Webdir Not disinfected My Documents\downloads\Bittorrent\AVIMoviePlayer50.exe[iECodecPlg.dll] I deleted this download, I had already un-installed the program.Then followed Hijack this scan. I will send you that scan as a non-public message.Thanks for all the help, much appreciated. It is good to know that there are people like you out there working for the publics interest rather than those who create the Malware etc. Link to post Share on other sites More sharing options...
JeanInMontana Posted December 9, 2007 ID:10733 Share Posted December 9, 2007 Hi I need the logs posted here in this forum, not what you saw listed but the entire log. I don't do them via email;I don't know how you got my email address. It is supposed to be hidden. Link to post Share on other sites More sharing options...
Colgrove Posted December 9, 2007 Author ID:10740 Share Posted December 9, 2007 Hi I need the logs posted here in this forum, not what you saw listed but the entire log. I don't do them via email;I don't know how you got my email address. It is supposed to be hidden.How do I find the Logs? The only log i could find as a file was Hijackthis Link to post Share on other sites More sharing options...
JeanInMontana Posted December 11, 2007 ID:10809 Share Posted December 11, 2007 AVG Anti-Spyware SettingsSelect the "Scanner" icon at the top of the screen, then select the "Settings" tab.In the Settings screen click "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"DE-Select "Only if threats were found"IMPORTANT: Do not open any other windows or programs while AVG is scanning, it may interfere with the scanning proccess.Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan"AVG Anti-Spyware will now begin the scanning process. Be patient as this may take a little time.While scanning, AVG will list any infections found on the left side.When the scan is completed, the recommended action should be set to Quarantine. If not, click Recommended Action and set it there. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right side.Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).Close AVG Anti-Spyware.For the Panda log see the tutorial. Link to post Share on other sites More sharing options...
Recommended Posts