Register Members List Search Today's Posts Mark Forums Read  
Computer Forums

Member Login

Remember Me? Sign Up! | Forgot Password
 
Slogan
 
Computer Forums > The World Wide Web > Virus - Spyware Protection / Detection > HijackThis Logs (finished) » Spyware still hiding after 3 weeks of searching!
 
LinkBack Thread Tools Display Modes
 
Old 03-21-2007, 10:45 AM   #1 (permalink)
 
Super Techie

Join Date: Jan 2004

Posts: 255

Blizzard596 is on a distinguished road
Default Spyware still hiding after 3 weeks of searching!
The following 2 lines keep showing up in HJT no matter how many times I "fix" them:

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\mhwwc.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,xddbmyk. exe

I can't find those files anywhere, nor can I find any references to them, aside from what HJT finds. I've run Adaware, Spybot, Panda Activescan, BitDefender Online, and Symantec NAV 2004, all with the latest updates and none of those find ANYTHING. Despite nothing being found, I keep getting pop-up ads so there's obviously some form of spyware here.

Thanks for any help.
Blizzard596 is offline  
Old 03-21-2007, 11:40 AM   #2 (permalink)
Ste
Ste's Avatar
 
lvl Infinite Crazy

Join Date: Aug 2005

Location: Mount Prospect, IL

Posts: 9,542

Ste has a spectacular aura aboutSte has a spectacular aura aboutSte has a spectacular aura about
Default Re: Spyware still hiding after 3 weeks of searching!
Have you tried the immunize features of spywareblaster, spybot search and destroy and or spyware docter....
__________________
General Power Supply & Trouble Shooting Advisor

Read The Rules!!
Updated Power Supply Guide
Important Information

There may come a day when you realize more than you wanted, there will be no reprive from the Infinity.
Because I am very busy I may not always reply to a post or thread in which I have helped you in once before, if you still need help just contact me via PM or messenger.

Don't Forget To Give Reputation To Those That Have Helped You.
Ste is offline  
Old 03-21-2007, 11:58 AM   #3 (permalink)
 
Super Techie

Join Date: Jan 2004

Posts: 255

Blizzard596 is on a distinguished road
Default Re: Spyware still hiding after 3 weeks of searching!
I have used those features in spyware blaster and spybot, but not spyware doctor.

I just found the entries in the registry and deleted them, but they reappeared on reboot. Would it have to be a running process that's adding those entries? Because I don't see a single running process that looks out of line.
Blizzard596 is offline  
Old 03-21-2007, 12:25 PM   #4 (permalink)
Ste
Ste's Avatar
 
lvl Infinite Crazy

Join Date: Aug 2005

Location: Mount Prospect, IL

Posts: 9,542

Ste has a spectacular aura aboutSte has a spectacular aura aboutSte has a spectacular aura about
Default Re: Spyware still hiding after 3 weeks of searching!
Doesn't have to be a separate process. There might have been an edit or addition to an exsisting system process, which was placed there by the spyware.

Maybe you could delete the entries in system.ini then make the file read only.

That "may" Prevent the entries from being writtin again. That may be a temp fix as system.ini is changed when programs are installed...
__________________
General Power Supply & Trouble Shooting Advisor

Read The Rules!!
Updated Power Supply Guide
Important Information

There may come a day when you realize more than you wanted, there will be no reprive from the Infinity.
Because I am very busy I may not always reply to a post or thread in which I have helped you in once before, if you still need help just contact me via PM or messenger.

Don't Forget To Give Reputation To Those That Have Helped You.
Ste is offline  
Old 03-21-2007, 01:34 PM   #5 (permalink)
 
Super Techie

Join Date: Jan 2004

Posts: 255

Blizzard596 is on a distinguished road
Default Re: Spyware still hiding after 3 weeks of searching!
Well, I've already checked the system.ini and the entries aren't there. From the little research I did on it, apparently XP "maps" those entries to the registry instead of writing them to system.ini. So is there any way to make a registry key read-only?

This thing is driving me crazy! It's the fist spyware I've ever had this much trouble with.
Blizzard596 is offline  
Old 03-21-2007, 06:21 PM   #6 (permalink)
 
Super Techie

Join Date: Jan 2004

Posts: 255

Blizzard596 is on a distinguished road
Default Re: Spyware still hiding after 3 weeks of searching!
I think I finally got it! I had about given up on the usual anti-spyware apps to find it, but in a last ditch effort, I downloaded "SUPERAntiSpyware" and it found 3 trojan droppers that the others missed. So far the symptoms haven't come back so I'm thinking it's all good now.

SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

Thanks for your input.
Blizzard596 is offline  
Old 03-21-2007, 08:31 PM   #7 (permalink)
Osiris's Avatar
 

Join Date: Jan 2005

Location: Kentucky

Posts: 34,238

Osiris is just really niceOsiris is just really niceOsiris is just really niceOsiris is just really nice
Thumbs up Re: Spyware still hiding after 3 weeks of searching!
goodjob
__________________
Osiris is offline  
 
 

« HighjackThis log | Internet/computer running slow »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Contact Us - Computer Technology Forums - Archive - Top

 

All times are GMT -5. The time now is 02:48 AM.
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.3.2 Copyright ©2002-2009, Tech-Forums.net
vBulletin skin created by Baez & Baez Computers Inc.   |   Contact Management Software and AAOutlook 		Log Out Unregistered