Tech Support Forum - View Single Post - Strange spyware- Titan Shield Antispyware

**Omerr** · 06-11-2006, 02:15 AM

Hello and welcome to TSF

WARNING - You are running Hijack This from a temporary directory. It needs to be in a permanent folder. Please go into Windows Explorer, click on C:\, then on the folder Program Files. Click on File > New > Folder and call it HJT , or another name of your choice. The program creates backup files that we may need to use later. If the program is in a Temporary folder, files may be deleted by you or automatically if your system is set to empty temp files.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.Please do NOT change any of those settings until we finish the fixing process.

Download Ewido Anti-Malware

Install Ewido Anti-Malware
When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

On the left hand side of the main screen click update.
Then click on Start Update.

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

Download and install CleanUp! but do not run it yet.

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: adobepnl.ADOBE_PANEL - {2513A321-CB50-4C5F-91C5-80342AFACFB1} - C:\WINDOWS\system32\adobepnl.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe

Please remember to close all other windows, including browsers then click Fix checked.

Delete the following Files indicated in RED if they still exist:

C:\WINDOWS\system32\adobepnl.dll
C:\WINDOWS\system32\users32.exe
C:\WINDOWS\system32\qjrkvy.exe
C:\WINDOWS\system32\susp.exe

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click on the “Temporary Files” and uncheck the box for “Scan drives for file matching” if it’s checked.

Click OK
Press the CleanUp! button to start the program. Do NOT Reboot/logoff when prompted.

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click Complete System Scan to begin scanning.
Click OK when prompted to clean files

With the first file it prompts to clean, select the option:

"Perform action on all infections"
Choose clean and click OK.

Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour.

Reboot your system in Normal Mode.

Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Click Scan Now
Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

If it finds any malware, it will offer you a report.

Click on see report. Then click Save report

Please post that log in your next reply.

Now give us a new HijackThis log, along with Panda ActiveScan’s log, so we can make sure your system is clean.

06-11-2006, 02:15 AM	#3 (permalink)
Omerr TSF Enthusiast Join Date: Feb 2005 Location: Israel Posts: 1,032 OS: XP Proffesional	Hello and welcome to TSF WARNING - You are running Hijack This from a temporary directory. It needs to be in a permanent folder. Please go into Windows Explorer, click on C:\, then on the folder Program Files. Click on File > New > Folder and call it HJT , or another name of your choice. The program creates backup files that we may need to use later. If the program is in a Temporary folder, files may be deleted by you or automatically if your system is set to empty temp files. Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.Please do NOT change any of those settings until we finish the fixing process. Download Ewido Anti-Malware Install Ewido Anti-Malware When installing, under "Additional Options" uncheck.. Install background guard Install scan via context menu Double-click the icon on Desktop to launch Ewido You will need to update Ewido to the latest definition files. On the left hand side of the main screen click update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update Ewido When you have finished updating, EXIT Ewido. Download and install CleanUp! but do not run it yet. Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears). Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: adobepnl.ADOBE_PANEL - {2513A321-CB50-4C5F-91C5-80342AFACFB1} - C:\WINDOWS\system32\adobepnl.dll O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file) O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file) O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe *Please remember to close all other windows, including browsers then click Fix checked.* Delete the following Files indicated in RED if they still exist: C:\WINDOWS\system32\adobepnl.dll C:\WINDOWS\system32\users32.exe C:\WINDOWS\system32\qjrkvy.exe C:\WINDOWS\system32\susp.exe WARNING Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files Cleanup! All Users Click on the “Temporary Files” and uncheck the box for “Scan drives for file matching” if it’s checked. Click OK Press the CleanUp!* button to start the program. Do NOT Reboot/logoff when prompted. Run Ewido with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click Complete System Scan to begin scanning. Click OK when prompted to clean files With the first file it prompts to clean, select the option: "Perform action on all infections" Choose clean and click OK. Once finished, click the Save report button & save the report to your desktop Ewido scan would require at least an hour. Reboot your system in Normal Mode. Perform an online scan with Internet Explorer with Panda ActiveScan click on "Free use ActiveScan" located on the top right hand corner Click Scan your PC & a 'pop up' window shall appear. ensure that your pop up blocker doesn't block it Click Scan Now* Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls Begin the scan by selecting My Computer If it finds any malware, it will offer you a report. Click on see report. Then click Save report Please post that log in your next reply. Now give us a new HijackThis log, along with Panda ActiveScan’s log, so we can make sure your system is clean. __________________ I am here in order to help you. Last edited by Omerr; 06-11-2006 at 02:16 AM.