adware button sneaked in, please help!

Status
Not open for further replies.
A

arko

Broken In
hey folks!
my IE6 toolbar has been showing a button linking to CrackPortal.com. i am apprehensive that it may be adware/malware related or whatever. anyway, i want to remove it but neither Add or Remove Programs nor anything else seems to be working. my system can't even find the installed stuff.
if anyone knows anything about what i am talking about, then please help.

thanks!
 
A

Aseem Nasnodkar

In the zone
yes adware

c friend. first of all let me tel u............... going on crack sites isn't bad, but ven u download somethin' like toolbars............ it sticks to ur comp like glue!

Well as you mentioned, I believe it's an adware. and there can be nothing better than using an adware removal program or spyware removal program. U will find many in digit itself! Well its all on a matter of a click!
 
mariner

mariner

Ambassador of Buzz
use the combination of ad aware se and spybot search and destroy.
u might also like to download spyware blaster and spyguard for real time protection.
 
N

nipun_the_gr8

Guest
i am also facin' a similar kinda prblm. there's a button in the tools menu which says "Click here to search at CrackSpider.com for cracks". i have NEVER visited a crack site nor wish to. the programs that i am runnin' r bought by me.Plz tell me wat to do...........
 
Kl@w-24

Kl@w-24

Slideshow Bob
Go to Windows/Downloaded Program Files/ and see th properties of th Active-X controls installed. Delete th one whose properties show th source as www.crackspider.com. Search th registry for 'spider' or 'crack'. Delete th entries. Go to Program Files and see if there is a folder named like 'Crackspider' or something similar. Delete th folder.
 
N

nipun_the_gr8

Guest
Here's wat my hijack this log says :

Logfile of HijackThis v1.98.2
Scan saved at 11:12:43 AM, on 12/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6~1.0\avgserv.exe
C:\PROGRA~1\Grisoft\AVG6~1.0\avgcc32.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\SYSTEM32\mspaint.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Documents and Settings\Nipun\My Documents\Setups\Hijack This (Spyware Finding Software In Internet Explorer)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *www.rediffmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = *www.makemesearch.com/?said=113
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = *www.rediffmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Nipun's Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem301.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6~1.0\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - *www.netpaloffers.net/NetpalOffers/DMO1/s1udc0m.cab
O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - *www.searchwww.com/search.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!*www.awmdabest.com/bltd/113.chm::/file.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - *imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - *v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093931579551
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - *cabs.media-motor.net/cabs/downplain.cab

Plz suggest which 1s shud i remove.......................
 
alib_i

alib_i

Cyborg Agent
i think this should help ...

its a small 220kb file ..

Code: 
*www.winxptutor.com/download/ToolbarCop.zip
 
it_waaznt_me

it_waaznt_me

Coming back to life ..
To proceed with your HijackThis log, Run HijackThis again and put a CheckMark next to these entries and Click on Fix Checked.
Please make sure that all Internet Explorer and Windows Explorer windows are closed.

nipun_the_gr8 said:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = *www.makemesearch.com/?said=113
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem301.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll (file missing)
O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain <-- Wild Tangent is a Spyware
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - *www.netpaloffers.net/NetpalOffers/DMO1/s1udc0m.cab
O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - *www.searchwww.com/search.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!*www.awmdabest.com/bltd/113.chm::/file.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - *imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - *cabs.media-motor.net/cabs/downplain.cab
Click to expand...
 
Status
Not open for further replies.
Top Bottom