Member Panel

acontrasto

A while ago, I was infected with something called UnSpyPC (A fake spyware program). I got most of it out with adaware, but something must still be here. When I start my computer, I get an advertisement on the right side of my screen with links to different gambling, dating, XXX sites, and more. I found the actual picture files stored on my hard drive that are loaded into this ad in the system32 directory, and I delete them every time my computer starts, but they keep coming back. I noticed that, every time my system starts, norton AV is loaded, but the spyware must somehow stop the internet protection because it always seems to be able to download those files again. I came on here and saw someone with a similar problem, I followed the advice given to him but it didn't work for me.

Please help!
Andrew

joe5

Hya Acontrasto , welcome to PCHF.

Youre hjt log looks clean , nothing visible there.

But have a look if you have this file:

C:\ProgramFiles\UnSpyPC\uninstall.exe

And run it if you do and see if that helps.

acontrasto

Nope, there isn't even an UnSpyPC directory anymore. That was probably one of the first things I got rid of.

joe5

Can you start hjt , select the "open the misctools section" and then "open uninstall manager" then press "save list" and post that list here?

acontrasto

Here's the uninstall list. I did a scan with bitdefender and found some new information that norton AV didn't find... I had a virus called Trojan.Downloader.FFZ. I chose to delete all files infected. IE is still sometimes being redirected when I do a google/yahoo/msn search though, so problem not solved yet.

joe5

The only app im not sure about is SymNet , it brings up mixed results when looking it up. Do you know it/install it?

Also have look if one of these rootkit scanners finds something:

http://www.f-secure.com/exclude/blacklight/index.shtml

http://www.greatis.com/unhackme/download.htm

And report back if they find anyhing.

acontrasto

I do not recognize symnet. As for the other two programs, blacklight found 6 hidden files, and the other found nothing. I renamed the files and rebooted. When my computer started up, there was still something stopping norton auto protect, but this time, no advertisement popped up on the right, and when I checked in the system32 directory, those files that I had previously deleted were still deleted, so that's a step in the right direction. I also found 5 of the 6 files that I renamed and moved them to the recycle bin. The files I found are called: cseiz.exe, sphlp32.exe, favset.exe, filesafer23.exe, and idemlog.exe. I also did another norton AV check, and I came up with an adware found. Filename: Dc77.ren, Threat Name: Adware.Livechat. I'm guessing that this file is the 6th renamed file since it ends with .ren. IE is still being redirected.