Tech Support Forum - View Single Post - Same Ads in different websites, possible spyware

**Angelfire777** · 12-19-2008, 11:22 AM

Hi,

NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up

This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

I suggest you get a free one if you can't afford buying one.

Avira Antivir: http://www.free-av.com is pretty good.

If that is understood, please proceed.

*P2P - I see you have P2P software (FrostWire 4.13.5) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Please see this topic for more information:

http://www.techsupportforum.com/secu...e-sharing.html

I would strongly recommend that you uninstall this. You can do so via Control Panel >> Add or Remove Programs.

*Your logs look pretty clean so I suspect that it may be the sponsor program that came with messenger plus live. This is odd though because it usually shows somewhere.. Nevertheless, let's try that.

Please uninstall Messenger Plus! Live

The "Messenger Plus! - Setup" is now displayed. Click on the Uninstall button. Note: options displayed on the first screen are not related to the sponsor program.

The Sponsor Screen is now displayed (if you don't see it, search for it in your Task Bar). To prove that someone is currently reading the screen, you have to type the code that is displayed. Once you enter the code, press Uninstall.

If you entered the code properly, the program will ask you to confirm that you want to Uninstall. You must answer "Yes" to this question, or else, you won't have another chance of Uninstalling.

To complete the uninstallation, follow the instructions that are displayed (the first one is to close all your Internet Explorer windows, that's very important). When everything is complete,restart your computer.

Also, please uninstall this older version of java: Java(TM) 6 Update 5

*I would like you to scan a file for me.

Please go HERE. Copy and paste the following file path in to the box.

C:\windows\system32\drivers\spot.sys

Then click submit.

Please post the results to your next reply.

On your next reply, please include a

Fresh DDS log (just dds.txt)
A detailed description on how's your machine running.
virustotal scan result

12-19-2008, 11:22 AM	#4 (permalink)
Angelfire777 Moderator/Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Oct 2006 Posts: 4,580 OS: Vista	Re: Same Ads in different websites, possible spyware Hi, NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk. Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore. If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer. Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine I suggest you get a free one if you can't afford buying one. Avira Antivir: http://www.free-av.com is pretty good. If that is understood, please proceed. P2P - I see you have P2P* software (FrostWire 4.13.5) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. Please see this topic for more information: http://www.techsupportforum.com/secu...e-sharing.html I would strongly recommend that you uninstall this. You can do so via Control Panel >> Add or Remove Programs. Your logs look pretty clean so I suspect that it may be the sponsor program that came with messenger plus live. This is odd though because it usually shows somewhere.. Nevertheless, let's try that. Please uninstall Messenger Plus! Live* The "Messenger Plus! - Setup" is now displayed. Click on the Uninstall button. Note: options displayed on the first screen are not related to the sponsor program. The Sponsor Screen is now displayed (if you don't see it, search for it in your Task Bar). To prove that someone is currently reading the screen, you have to type the code that is displayed. Once you enter the code, press Uninstall. If you entered the code properly, the program will ask you to confirm that you want to Uninstall. You must answer "Yes" to this question, or else, you won't have another chance of Uninstalling. To complete the uninstallation, follow the instructions that are displayed (the first one is to close all your Internet Explorer windows, that's very important). When everything is complete,restart your computer. Also, please uninstall this older version of java: Java(TM) 6 Update 5 I would like you to scan a file for me. Please go HERE. Copy and paste the following file path in to the box. C:\windows\system32\drivers\spot.sys* Then click submit. Please post the results to your next reply. On your next reply, please include a Fresh DDS log (just dds.txt) A detailed description on how's your machine running. virustotal scan result __________________ UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it.