Tech Support Forum - View Single Post - Need help with spyware

sUBs · 10-22-2005, 06:55 PM

My last response to you was Oct 14. If I took as long as you did to respond to you, we'll never be able to get your computer clean.

Malware has a habit of drawing more malware into your computer.

Are you just getting these Movie World pop ups from just one particular website or does it happen randomly?

Please uninstall these programs:

AltPayments
UpromiseRemindU

Have HijackThis fix these:

O1 - Hosts: PKØ6J3ÉôF?Ï1tMHOSTS¬<msÛ¸Ñß;ÓÿÀ©¿]KÚ–KžûòŒü;×8ñùê§ñxn@¢’å_ß]$E„<×¦7¹w±X,ö€Ž‚‡SÁÝ ?îÁí×ÅÃ"X2NøD‚¥¤4HÅ¶à‚¤ð_"ÿ%èþýùOGÁªªÊ_Ž·Ûm”oJ™oY±¢¼œœÌŽƒ‰?zðý£U¿ÕŠ±[E%°JUPˆ*ø*p]9úK*vy,xoð? E$¤À¬h°µ`8˜ª¿dY9$}Ô*ký”×ªú)ˆ©F[2©ª€³‚þœÎÞG'ð¿S=‚‹„ð•¨üÓü£‡£?¿•), …YOBøçäÝþüç3_•d ÝœÈ5Mƒ-«VÁ=‘D1ŸÁƒ?Pž"ÏiQ©@*DÍS»fRÉIãX¡Åõ©ù´
O1 - Hosts: ®_J.$ÈúU0AK ¾‹‚F´*†9µK¶£¢U•;”äþé*Y/Vß²[‘4P”ÈdEb0—
O1 - Hosts: žW í¸®€—ð‹(…Ê„.V í9gk
O4 - HKLM\..\Run: [AltPayments] "C:\Program Files\AltPayments\AltPayments.exe"
O8 - Extra context menu item: RemindU - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0 .htm
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0 .htm (HKCU)

Locate & delete these files/folders:(let me know if there's any that you fail to delete)

C:\Program Files\AltPayments\
C:\Program Files\UpromiseRemindU\
C:\WINDOWS\INF\alchem.inf
C:\WINDOWS\INF\polall1r.inf
C:\WINDOWS\INF\satmat.inf
C:\WINDOWS\satmat.ini
C:\WINDOWS\SYSTEM32\winbpupd.exe
C:\WINDOWS\INF\alchem.inf
C:\GatorPatch.log

Download & install this program - CleanUp.exe

Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:

Delete Newsgroup cache

Delete Newsgroup Subscriptions

Scan local drives for temporary files

4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!

Reboot & post a new HJT log
Tell me how your machine is behaving now.

10-22-2005, 06:55 PM	#8 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,326 OS: N/A	My last response to you was Oct 14. If I took as long as you did to respond to you, we'll never be able to get your computer clean. Malware has a habit of drawing more malware into your computer. Are you just getting these Movie World pop ups from just one particular website or does it happen randomly? Please uninstall these programs: AltPayments UpromiseRemindU Have HijackThis fix these: O1 - Hosts: PKØ6J3ÉôF?Ï1tMHOSTS¬<msÛ¸Ñß;ÓÿÀ©¿]KÚ–KžûòŒü;×8ñùê§ñxn@¢’å_ß]$E„<×¦7¹w±X,ö€Ž‚‡SÁÝ ?îÁí×ÅÃ"X2NøD‚¥¤4HÅ¶à‚¤ð_"ÿ%èþýùOGÁªªÊ_Ž·Ûm”oJ™oY±¢¼œœÌŽƒ‰?zðý£U¿ÕŠ±[E%°JUPˆøp]9úKvy,xoð? E$¤À¬h°µ`8˜ª¿dY9$}Ôký”×ªú)ˆ©F[2©ª€³‚þœÎÞG'ð¿S=‚‹„ð•¨üÓü£‡£?¿•), …YOBøçäÝþüç3_•d ÝœÈ5Mƒ-«VÁ=‘D1ŸÁƒ?Pž"ÏiQ©@DÍS»fRÉIãX¡Åõ©ù´ O1 - Hosts: ®_J.$ÈúU0AK ¾‹‚F´†9µK¶£¢U•;”äþéY/Vß²[‘4P”ÈdEb0— O1 - Hosts: žW í¸®€—ð‹(…Ê„.V í9gk O4 - HKLM\..\Run: [AltPayments] "C:\Program Files\AltPayments\AltPayments.exe" O8 - Extra context menu item: RemindU - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0 .htm O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0 .htm (HKCU) Locate & delete these files/folders:(let me know if there's any that you fail to delete) C:\Program Files\AltPayments\ C:\Program Files\UpromiseRemindU\ C:\WINDOWS\INF\alchem.inf C:\WINDOWS\INF\polall1r.inf C:\WINDOWS\INF\satmat.inf C:\WINDOWS\satmat.ini C:\WINDOWS\SYSTEM32\winbpupd.exe C:\WINDOWS\INF\alchem.inf C:\GatorPatch.log Download & install this program - CleanUp.exe* Run Cleanup! using the following configuration: 1. Click Options... 2. Set the slider to Standard CleanUp! 3. Uncheck the following: Delete Newsgroup cache Delete Newsgroup Subscriptions Scan local drives for temporary files 4. Click OK 5. Press the CleanUp! button to start the program. Reboot/logoff when prompted. * CleanUp! will not create any backups!! Reboot & post a new HJT log Tell me how your machine is behaving now. __________________ Question - what have you done for the community today?