Member Panel

Okay I'm having this problem for a while.When I start up my PC I get this.

Then when I click on it,takes me to a fake site called "SpyTroopers" or something like that.

This is what I've using to scan my PC.

So far no help deleting it,also I ran HijackThis here's the log:



I don't know what else to do:computer_

Thank you

Hi there Bizuca , welcome to PCHF.




Before fixing things with HijackThis Please Do the Following:


Show hidden files and folders:

For XP:

1. On the Tools menu in Windows Explorer, click Folder Options.
2. Click the View tab.
3. Under Hidden files and folders, click Show hidden files and folders.
4. If you see a warning message, click Yes.
5. Click Apply.
6. Click OK.

Disable System Restore to prevent re-infection.
(If you have/use it. You can turn it back on when youre PC is clean).

How to disable system restore:

WinXP.

1. Click the Start button.
2. Right-click My Computer, and then click Properties.
3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.

Please download CCleaner



Then first lets get rid of the mssearchnet.exe and nvctrl.exe:

Reboot youre pc - press F8 during boot, select "SAFE MODE WITH PROMPT"

Change directory to c:\windows\system32 (type cd windows <enter> then type cd system32 <enter>) [cd = Change Directory]

Type del mssearchnet.exe [del = delete]
Type del nvctrl.exe [del = delete]
Type cd\ [The "\" will back you up one directory or "folder"]
Type cd prefetch
Type del mssearchnet*
Type del nvctrl*

Type cd\ (twice, back to the c:\ prompt)

At the C:\ prompt Type REGEDIT
The registry editor will pop up

Use EDIT, then FIND >>> search for mssearchnet - delete all entries
Do it again, until the search function says nothing else found, it is in there several times (3 different places I think) Then do the same for nvctrl.exe.

Then reboot to normal mode.

Download Smitrem to your desktop

http://noahdfear.geekstogo.com/click...click.php?id=1

Run the installer and then press Start to Extract the
files to the desktop, Do not run it yet.



Then boot in "normal" safemode

Run SmitRem:

Open the SmitRem folder and double click the "RunThis.bat"
file to start the tool , Follow the prompts on
screen. Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of the drive that you ran the batch file on, eg; Local Disk C: or partition where your operating system is installed. Please attach this log to your next reply

And fix this with hjt if still present:

Delete the file in bold , and run ccleaner.


Reboot again and post the smitrem log plus a new hjt log by attaching them to a post.

Great Joe very informative,just to let you know and others I just found this now too,that I didn't notice before.

Online Security Guide & Security Troubleshooting ???


Those 2 Icons don't look familiar to me,was never there before.

Also this one that pops up sometimes.

Look fake to me.. if there still there after completing the fix then just manually delete them.
Can you post the full url of those shortcuts?


And that popup also isn't legit and might be gone after completing the above fix.

Here they are:

Yup , those are fake. Just delete them.

Sorry for the the pics,but just in case other have the same proble.I just clicked on that yellow pop up ballon in the taskbar and I got this.