Adware / Spyware problem ?
in [Spyware]
|
Prev: Ping: David Kaye
Next: David Kaye
From: Keith (Southend)G on 17 Apr 2010 09:38 Not sure where I got it from, although I think it was when I downloaded some mp3 music license software, which I have since removed, but still get this problem. I use Firefox 95% of the time but do have IE8 installed, I run AVG, Spybot & AdAware which are all up to date. The annoying problem is every so often I get an IE8 window pop up with various adverts, I don't think it's anything malicious, but would like to get rid of it. I also think there is a toolbar on my IE8 that maybe the cause and haven't yet found a way of getting rid of it, on it there is 'Get more add ons' ' Free Hotmail', 'suggested site' etc. My pop-up blocker is on. (this site just popped up: https://www.fridgeframes.co.uk/p-3-the-iris.aspx&affiliateid=10052) Any ideas what this maybe and how I could get rid of it. Many thanks Keith (Southend)
From: David H. Lipman on 17 Apr 2010 11:59 From: "Keith (Southend)G" <keith_harris9(a)hotmail.com> | Not sure where I got it from, although I think it was when I | downloaded some mp3 music license software, which I have since | removed, but still get this problem. | I use Firefox 95% of the time but do have IE8 installed, I run AVG, | Spybot & AdAware which are all up to date. | The annoying problem is every so often I get an IE8 window pop up with | various adverts, I don't think it's anything malicious, but would like | to get rid of it. I also think there is a toolbar on my IE8 that maybe | the cause and haven't yet found a way of getting rid of it, on it | there is 'Get more add ons' ' Free Hotmail', 'suggested site' etc. | My pop-up blocker is on. | Any ideas what this maybe and how I could get rid of it. | Many thanks | Keith (Southend) As noted by... &affiliateid=10052) That shows an affiliate number and is used to track who the affiliate is who brings business to the company. thus one can presume that you do have malware in the form of adware driving affiliated businesses Pop-Ups to the company offering affiliation revenue. Download, install, update and then execute, Malwarebytes' Anti-Malware http://www.malwarebytes.org/mbam/program/mbam-setup.exe -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Keith (Southend)G on 17 Apr 2010 14:21 On Apr 17, 4:59 pm, "David H. Lipman" <DLipman~nosp...(a)Verizon.Net> wrote: > From: "Keith (Southend)G" <keith_harr...(a)hotmail.com> > > | Not sure where I got it from, although I think it was when I > | downloaded some mp3 music license software, which I have since > | removed, but still get this problem. > > | I use Firefox 95% of the time but do have IE8 installed, I run AVG, > | Spybot & AdAware which are all up to date. > > | The annoying problem is every so often I get an IE8 window pop up with > | various adverts, I don't think it's anything malicious, but would like > | to get rid of it. I also think there is a toolbar on my IE8 that maybe > | the cause and haven't yet found a way of getting rid of it, on it > | there is 'Get more add ons' ' Free Hotmail', 'suggested site' etc. > | My pop-up blocker is on. > > | Any ideas what this maybe and how I could get rid of it. > > | Many thanks > > | Keith (Southend) > > As noted by... &affiliateid=10052) > > That shows an affiliate number and is used to track who the affiliate is who brings > business to the company. thus one can presume that you do have malware in the form of > adware driving affiliated businesses Pop-Ups to the company offering affiliation revenue. > > Download, install, update and then execute, Malwarebytes' Anti-Malwarehttp://www.malwarebytes.org/mbam/program/mbam-setup.exe > > -- > Davehttp://www.claymania.com/removal-trojan-adware.html > Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp Thank you David that's seems to have cleared the problem, it found 29 threats as follows: Just shows that the program is only as good as it's dat file as both AdAware and Spybot didn't clear this one. Much appreciated. Keith (Southend) <snip> Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 4002 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 17/04/2010 17:57:27 mbam-log-2010-04-17 (17-57-27).txt Scan type: Quick scan Objects scanned: 116098 Time elapsed: 8 minute(s), 48 second(s) Memory Processes Infected: 2 Memory Modules Infected: 1 Registry Keys Infected: 4 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 3 Files Infected: 12 Memory Processes Infected: C:\Program Files\SpaceQuery\spacequery.exe (Adware.SpaceQuery) -> Unloaded process successfully. C:\Documents and Settings\All Users\Application Data\SpaceQuery \spacequery121.exe (Adware.SpaceQuery) -> Unloaded process successfully. Memory Modules Infected: C:\Program Files\SpaceQuery\spacequery.dll (Adware.SpaceQuery) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall \spacequery (Adware.SpaceQuery) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SpaceQuery Service (Adware.SpaceQuery) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\SpaceQuery (Adware.SpaceQuery) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \sfkg6wipusp (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\SpaceQuery (Adware.SpaceQuery) -> Delete on reboot. C:\Program Files\SpaceQuery\SpaceQuery_deleted_ (Adware.SpaceQuery) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SpaceQuery (Adware.SpaceQuery) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\6478.dll (Adware.Mirar) -> Quarantined and deleted successfully. C:\Program Files\SpaceQuery\spacequery.dll (Adware.SpaceQuery) -> Delete on reboot. C:\Program Files\SpaceQuery\spacequery.exe (Adware.SpaceQuery) -> Quarantined and deleted successfully. C:\Program Files\SpaceQuery\uninstall.exe (Adware.SpaceQuery) -> Quarantined and deleted successfully. C:\Program Files\SpaceQuery\SpaceQuery_deleted_\spacequery.dll (Adware.SpaceQuery) -> Quarantined and deleted successfully. C:\Program Files\SpaceQuery\SpaceQuery_deleted_\spacequery.exe (Adware.SpaceQuery) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SpaceQuery \spacequery119.exe (Adware.SpaceQuery) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SpaceQuery \spacequery121.exe (Adware.SpaceQuery) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\searchPlugins\spacequery116.xml (Adware.SpaceQuery) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\searchPlugins\spacequery117.xml (Adware.SpaceQuery) -> Quarantined and deleted successfully. C:\Documents and Settings\Keith\Application Data\Microsoft\Windows \jnipmo.exe (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\system32\drivers\HWDRV.SYS (Rootkit.Agent) -> Quarantined and deleted successfully. <snip>
From: David H. Lipman on 17 Apr 2010 14:56 From: "Keith (Southend)G" <keith_harris9(a)hotmail.com> | Thank you David that's seems to have cleared the problem, it found 29 | threats as follows: | Just shows that the program is only as good as it's dat file as both | AdAware and Spybot didn't clear this one. | Much appreciated. | Keith (Southend) < snip > | Memory Processes Infected: | C:\Program Files\SpaceQuery\spacequery.exe (Adware.SpaceQuery) -> | Unloaded process successfully. | C:\Documents and Settings\All Users\Application Data\SpaceQuery | \spacequery121.exe (Adware.SpaceQuery) -> Unloaded process | successfully. | Memory Modules Infected: | C:\Program Files\SpaceQuery\spacequery.dll (Adware.SpaceQuery) -> | Delete on reboot. < snip > YW Keith. The above is proably the cause but as you saw there were "others". As for Ad-Aware and SpyBot S&D, MBAM has been outdoing them for quite a while now. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Keith (Southend)G on 30 Apr 2010 16:04
On Apr 17, 7:56 pm, "David H. Lipman" <DLipman~nosp...(a)Verizon.Net> wrote: > > | Memory Processes Infected: > | C:\Program Files\SpaceQuery\spacequery.exe (Adware.SpaceQuery) -> > | Unloaded process successfully. > | C:\Documents and Settings\All Users\Application Data\SpaceQuery > | \spacequery121.exe (Adware.SpaceQuery) -> Unloaded process > | successfully. > > | Memory Modules Infected: > | C:\Program Files\SpaceQuery\spacequery.dll (Adware.SpaceQuery) -> > | Delete on reboot. > > < snip > > > YW Keith. The above is proably the cause but as you saw there were "others". > > As for Ad-Aware and SpyBot S&D, MBAM has been outdoing them for quite a while now. > > -- > Davehttp://www.claymania.com/removal-trojan-adware.html > Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp Following on..... The IE8 adverts continued to pop up, regardless that I was using Firefox, up to last night. However, this morning I noticed AVG had an Alert pop up, so I can only imagine they captured this one in their .dat file in the last day or two. However, this was the information from my vault, it may mean more to you: Trojan Horse Adload_r_MK file SDK Type ~ Core Since AVG flagged this up I have not been plagued with these adverts every half an hour. I hope that's the end it :-) Thanks Keith (Southend) |