Author Topic: HyperBar Spyware/Adware(HELP) (Read 621 times)

liangtek · « **on:** May 14, 2005, 02:49:58 AM »

hallo bro....can you teach how to remove this two spyware?
File System Found infected by "HyperBar Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ISearchTech.ISTdownloader Spyware/Adware" Virus. Action Taken: No Action Take
teach me.... thanks!!

guestolo · « **Reply #1 on:** May 14, 2005, 02:51:58 AM »

I need to see a Hijackthis log
Could you read This post
Download and save hijackthis too a permanent folder

Run a scan and post the log

liangtek · « **Reply #2 on:** May 14, 2005, 02:54:38 AM »

Logfile of HijackThis v1.99.1
Scan saved at 3:54:08 PM, on 5/14/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\DOCUME~1\tek\LOCALS~1\Temp\mwavscan.com
C:\DOCUME~1\tek\LOCALS~1\Temp\kavss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\system32\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\system32\ycomp5_1_6_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27B68BC3-B5B9-45F6-838B-82669750364E}: NameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9CF33A5-367B-42C4-967E-4FBAF1851E4C}: NameServer = 202.188.0.133,202.188.1.5
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\System32\msiexec.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

liangtek · « **Reply #3 on:** May 14, 2005, 02:55:13 AM »

this my hijack log
thanks for helping me!

guestolo · « **Reply #4 on:** May 14, 2005, 03:05:39 AM »

Log looks good, it could be a false postive by eScan's mwav scan
or leftover registry entries, probably doing no harm

But if you want to ensure you are free of all reg entries

First I would Access your Add/remove programs and remove if found
Startnow ToolBar (v1.0.1.1)

Restart the computer if anything removed

If you are comfortable in the registry, follow this link by Symantec's to remove the leftover reg entries
http://securityresponse.symantec.com/avcen...e.hyperbar.html

I see you ran
Spyware Doctor, I believe Spybot is right up to date on ISearch
You should
Download and Install Spybot S&D 1.3
Don't activate the Tea Timer when installing, it's a great feature but can get in the way
of any fixes we may still have to do
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and download all updates
Click the Search & Destroy button on the left
Check for Problems---When the Scan is complete
FIX all selected promblems in RED

RESTART the computer to finish the cleaning process

Is your version of Windows legit?
Why so far behind on Windows updates
This is important in keeping your system secure

liangtek · « **Reply #5 on:** May 14, 2005, 03:10:05 AM »

erm.. can i ask a question ,
System Volume Information is an important folder?
can i delete all by killbox?

guestolo · « **Reply #6 on:** May 14, 2005, 03:13:41 AM »

System Volume Information is your System Restore folder
Once your clean and everything is running good
This is what I usually recommend
Disable system Restore>>Restart the computer>>Enable System Restore

This will clear all your restore points and ensure you don't restore any nasties if they were backed up there

liangtek · « **Reply #7 on:** May 14, 2005, 03:23:02 AM »

weird..i found startnow navigation helper (v1.0.1.1)but coundlt remove!!

guestolo · « **Reply #8 on:** May 14, 2005, 03:25:18 AM »

Why couldn't you remove it
Any messages telling you otherwise???

liangtek · « **Reply #9 on:** May 14, 2005, 03:44:53 AM »

it dont have the remove button.... its like others programe have a replair/remove button on it right?but tha startnow dont have!!

guestolo · « **Reply #10 on:** May 14, 2005, 03:59:12 AM »

Run Spybot first and see if the entry is still in Add/Remove programs
Remember to restart the computer after running it

Later you can create a new restore point
And check for the entries in the registry recommended for removal from Symantecs

TheTechGuide Forum

News:

Author Topic: HyperBar Spyware/Adware(HELP) (Read 621 times)

liangtek

HyperBar Spyware/Adware(HELP)

guestolo

HyperBar Spyware/Adware(HELP)

liangtek

HyperBar Spyware/Adware(HELP)

liangtek

HyperBar Spyware/Adware(HELP)

guestolo

HyperBar Spyware/Adware(HELP)

liangtek

HyperBar Spyware/Adware(HELP)

guestolo

HyperBar Spyware/Adware(HELP)

liangtek

HyperBar Spyware/Adware(HELP)

guestolo

HyperBar Spyware/Adware(HELP)

liangtek

HyperBar Spyware/Adware(HELP)

guestolo

HyperBar Spyware/Adware(HELP)