Hjælp!! Hvordan får jeg dette væk???

Scan med AD Aware eller Spybot?

Det er vist dit antivirus der laver den besked - Prøv at tjek nede i højre hjørne, SP2 sikkerhedscenter brokker sig over to ting

Har haft noget lignende. Det er vistnok et program der har lagt sig på din computer og uanset om du fjerner den så kommer den tilbage, det udgiver sig for at være et anti-spyware program, og hvis du køber det fjerner det skulle det fjerne sig selv, gør det ikke. Microsoft Anti-Spyware skulle fjerne det. Hvis det derefter kommer tilbage prøv Spywareguard den blokerer for den og så har MS Anti-spyware nemt ved at fjerne den.

Quote

Originally posted by KarGa
Det er vist dit antivirus der laver den besked - Prøv at tjek nede i højre hjørne, SP2 sikkerhedscenter brokker sig over to ting

Det er det ikke. ingen af de kendte spyware programmer fjerner den. Har selv haft den og valgte desværre efter forgæves forsøg at gå den LANGE vej. Formatering.

Quote

Originally posted by mrflashbag

Det er det ikke. ingen af de kendte spyware programmer fjerner den. Har selv haft den og valgte desværre efter forgæves forsøg at gå den LANGE vej. Formatering.

ihh... ikke så godt...

nå men prøv det her... :

Start Regedit... (start -> run -> regedit), gå til:
'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System og slet 'Wallpaper'.

Det skulle være det hele og så skulle den ikke drille mere...

http://www.spywareinfo.dk/download/mwav.exe

Hent denne og lad den skanne alt...

Gør som jeg skrev længere oppe, mener det var sådan jeg fik has med den.

har haf den masser af gange.

Ad-aware løser det efter flere scanninger.
MS antispyware skulle også gerne løse det.

Quote

Originally posted by KarGa
Det er vist dit antivirus der laver den besked - Prøv at tjek nede i højre hjørne, SP2 sikkerhedscenter brokker sig over to ting

Troede du virkelig selv på det?

Har selv haft den, løste den med en formatering

Jeg har prøvet den både på min stationære om min bærbare.. Eneste der sådan rigtig virker, er at lade windows skrue tiden tilbage til før du fik virussen.

MS antivirus kan ikke tage den, ad-aware kan ikke, spybot kan ikke, cw shredder kan ikke, spyware guard kan heller ikke - ja, jeg har prøvet mange af de kendte, og de har intet kunne gøre.

Virussen eller spybotten hedder SpySherif så vidt jeg husker.

OK,Now we have some work to do!

Copy these Instructions to Notepad and Save them to your Desktop!

Click Start>>Click Run>>Type in Services.msc and Click OK!

Scroll the list and locate these

ISEXEng
WinTools for IE service
ZESOFT

Right Click on each entry and Select Properties>>Click "Stop" and Change the StartUp type to "Disabled"!!

Download Pocket KillBox from here:
http://www.bleepingcomputer.com/files/killbox.php
There is a Direct Download and a description of what the Program does inside this link.

Download Ewido Security Suite, install then from within the program check for updates BUT dont scan yet
Ewido Security Suite:
http://www.ewido.net/en/download/

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK.
We will fix this in a moment.

From the main Ewido screen, Click on Update in the left menu, then click the Start Update button.

After the Update finishes (the status bar at the bottom will display "Update successful"), Now close the program.

If you have problems updating see here
http://www.ewido.net/en/download/updates/

CleanUp! 4.0
http://downloads.stevengould.org/cleanup/CleanUp40.exe

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders,this must be done after restarting in Safe Mode!!

Here is a link to help with that
http://www.bleepingcomputer.com/forums/ind...showtutorial=62

Be sure to follow the directions that apply to your Operating System!

Using the list of files below,Open Pocket Killbox and Copy&Paste each entry into Killboxes "Full Path of File to Delete"

As you enter each,put a tick by any of these selections available

"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"
"Deltree(Include Subdirectories)"

Then Click the Red Circle with the White X in the Middle to Delete!!

C:\winstall.exe
C:\WINDOWS\Desktop.html
C:\WINDOWS\dbfga.exe
C:\WINDOWS\alchem.exe
C:\WINDOWS\zeta.exe
C:\WINDOWS\System\WinStart001.EXE
C:\WINDOWS\system32\angelex.exe
C:\WINDOWS\system32\netsync.exe
C:\WINDOWS\system32\Luhbhe.exe
C:\WINDOWS\system32\picsvr
C:\WINDOWS\system32\nsvsvc
C:\Program Files\Viewpoint
C:\Program Files\Windows ServeAd
C:\Program Files\MessengerPlus! 3
C:\Program Files\Web_Rebates
C:\Program Files\SearchRelevancy
C:\Program Files\Hhre
C:\Program Files\Warez P2P Client
C:\Program Files\ISTsvc
C:\Program Files\PSGuard
C:\Program Files\SpySheriff
C:\Program Files\Daily Weather Forecast
C:\Program Files\Common Files\WinTools

Please make a list of any files or folders that Killbox could not delete,I will want to see the list when you post back!

Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50245

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll (file missing)

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\ceres.dll (file missing)

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)

O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\system32\rsyncmon.dll (file missing)

O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL

O2 - BHO: ohb - {22B720C7-5FA6-40A8-9F8F-8584BF669690} - C:\WINDOWS\system32\trgen.dll (file missing)

O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\system32\winb2s32.dll (file missing)

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\system32\nsk231.dll (file missing)

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll

O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\system32\dsktrf.dll (file missing)

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll

O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\system32\winb2s32.dll (file missing)

O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"

O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe

O4 - HKLM\..\Run: [Cuynjpw] C:\Program Files\Hhre\Ojcullh.exe

O4 - HKLM\..\Run: [WinStart001.EXE] C:\WINDOWS\System\WinStart001.EXE -b

O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe

O4 - HKLM\..\Run: [fvfBeQVD] C:\WINDOWS\dbfga.exe

O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Luhbhe.exe

O4 - HKLM\..\Run: [fvùõš/‚²‘ÆßfÏNb‰»9C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dbfga.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [Á³# k"h'þ9Óœ×3rÅ0WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dbfga.exe

O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe

O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe

O4 - HKLM\..\Run: [RSync] C:\WINDOWS\system32\netsync.exe

O4 - HKLM\..\Run: [Á³# ë"h'þ9ÓœW3rÅ°WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dbfga.exe

O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe

O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c46.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab

O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\system32\angelex.exe (file missing)

O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)

O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!!

Run Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).

After you're done running Cleanup! follow the instructions below

* Run Ewido.
* Click on scanner
* Make sure the following boxes are checked before scanning:
o Binder
o Crypter
o Archives
* Click on Start Scan
* Let the program scan the machine

While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "clean", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

* Click Save report
* Save the report to your desktop

Reboot into normal mode.

Please go to Add\Remove Programs and Remove these

MessengerPlus! 3
FunWebProducts
Viewpoint\Viewpoint Manager
Windows AdService\Windows ServeAd
SyncroAd
WinTools for IE
Bargain Buddy\Bullseye Network
Web_Rebates
Shopnav
ISTbar
KeenValue
PowerSearch toolbar for IE
Search Relevancy
DyFuCa/Internet Optimizer
Daily Weather Forecast\WeatherBug
Warez P2P Client
SpySheriff

RIGHT-CLICK HERE and go to Save As (in IE it's "Save Target As") in order to download the smitfraud reg to your desktop.

Double-click smitfraud.reg on your desktop. When asked if you want to merge with the registry click YES.

Please Download the MVPS HOSTS file to your Desktop!
http://www.mvps.org/winhelp2002/hosts.htm

Here is a link to help you if you need it
http://www.mvps.org/winhelp2002/hosts2.htm

Install these 2 programs

SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
Update Immediatly!

IE Spyad:
http://www.bleepingcomputer.com/forums/ind...showtutorial=53
There is a direct download inside and great tutorial also!

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>OK>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates!

Once all is Completed,Post the Reports from Ewido and Panda!

Along with those,post any list of files or folders that killbox couldnt delete and a fresh HijackThis log!

You should now have the ability to change you Desktop back to its Normal State!

Quote

Originally posted by SeePee

Troede du virkelig selv på det?

Har selv haft den, løste den med en formatering

Det er da vel meget muligt at der er lavet antivirus programmer, der laver om på baggrundsbilledet for at gøre brugeren opmærksom på det, Sebastian... Der er heller ingen reklamer af nogen art på billedet - Det var der jeg fik min første tanke om at det ikk var spyware, men bare en anden form for malware

Men i det hele taget, hva er det sikkerhedscenteret brokker sig over dernede? Der må da være en sammenhæng...

Edit: Den ene af dem er muligvis Windows Update, der også brokker sig

Jeg havde præcis samme virus, hold kæft det pissede mig af i flere timer. Så kørte jeg et Search&destroy, det tog det hele væk. Slap ud af det, uden at formatere heldigvis, da jeg har en masse data der bare ikke må blive slettet, og har ingen backup.

Men prøv at kør en search&destroy , den skal nok få ram på den virus.

Edit; Fandt min tråd omkring det: http://www.tweak.dk/forum/thre…213&sid=&hilightuser=5608

Find 1 fejl

Til det med at man mister data, hvis man pludselig ska formatere:
Sørg for at alle de data du absolut vil gemme ligger på en anden partition.. Brug programmer som TweakUI til windows for at ændre systemmapper, til at ligge på D:\ istedet for C:\

Lige nu ka jeg formatere og det eneste jeg ska lægge ind er programmer og windows - Jeg ku formatere på stedet lige nu uden at miste vigtige data og dokumenter