adware button sneaked in, please help!

Discussion in 'QnA (read only)' started by arko, Sep 8, 2004.

Thread Status:
Not open for further replies.
  1. arko

    arko New Member

    Joined:
    Aug 17, 2004
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    0
    hey folks!
    my IE6 toolbar has been showing a button linking to CrackPortal.com. i am apprehensive that it may be adware/malware related or whatever. anyway, i want to remove it but neither Add or Remove Programs nor anything else seems to be working. my system can't even find the installed stuff.
    if anyone knows anything about what i am talking about, then please help.

    thanks!
     
  2. Aseem Nasnodkar

    Aseem Nasnodkar New Member

    Joined:
    Jan 10, 2004
    Messages:
    255
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Panaji - Goa
    yes adware

    c friend. first of all let me tel u............... going on crack sites isn't bad, but ven u download somethin' like toolbars............ it sticks to ur comp like glue!

    Well as you mentioned, I believe it's an adware. and there can be nothing better than using an adware removal program or spyware removal program. U will find many in digit itself! Well its all on a matter of a click!
     
  3. theraven

    theraven Active Member

    Joined:
    May 5, 2004
    Messages:
    2,912
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    off to "never ever" land
    use ad-aware and/or spybot search and destroy
     
  4. mariner

    mariner New Member

    Joined:
    Dec 21, 2003
    Messages:
    522
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    mumbai
    use the combination of ad aware se and spybot search and destroy.
    u might also like to download spyware blaster and spyguard for real time protection.
     
  5. i am also facin' a similar kinda prblm. there's a button in the tools menu which says "Click here to search at CrackSpider.com for cracks". i have NEVER visited a crack site nor wish to. the programs that i am runnin' r bought by me.Plz tell me wat to do...........
     
  6. it_waaznt_me

    it_waaznt_me Coming back to life ..

    Joined:
    Nov 30, 2003
    Messages:
    2,023
    Likes Received:
    10
    Trophy Points:
    38
    Location:
    A bit closer to heaven
    Please post yourHijackThis Logfile for better assesment of your problem.
     
  7. Kl@w-24

    Kl@w-24 Slideshow Bob

    Joined:
    Apr 2, 2004
    Messages:
    1,703
    Likes Received:
    1
    Trophy Points:
    38
    Go to Windows/Downloaded Program Files/ and see th properties of th Active-X controls installed. Delete th one whose properties show th source as www.crackspider.com. Search th registry for 'spider' or 'crack'. Delete th entries. Go to Program Files and see if there is a folder named like 'Crackspider' or something similar. Delete th folder.
     
  8. sujithtom

    sujithtom New Member

    Joined:
    Aug 14, 2004
    Messages:
    512
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    Not anywhere near you
  9. Here's wat my hijack this log says :

    Logfile of HijackThis v1.98.2
    Scan saved at 11:12:43 AM, on 12/09/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG6~1.0\avgserv.exe
    C:\PROGRA~1\Grisoft\AVG6~1.0\avgcc32.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\WINDOWS\SYSTEM32\mspaint.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wuauclt.exe
    \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
    C:\Documents and Settings\Nipun\My Documents\Setups\Hijack This (Spyware Finding Software In Internet Explorer)\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rediffmail.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=113
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.rediffmail.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Nipun's Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
    O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
    O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL
    O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem301.dll
    O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6~1.0\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/DMO1/s1udc0m.cab
    O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab
    O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!http://www.awmdabest.com/bltd/113.chm::/file.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093931579551
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/downplain.cab

    Plz suggest which 1s shud i remove.......................
     
  10. alib_i

    alib_i New Member

    Joined:
    Jun 24, 2004
    Messages:
    1,191
    Likes Received:
    2
    Trophy Points:
    0
    Location:
    omnipresent
    i think this should help ...

    its a small 220kb file ..

    Code:
    http://www.winxptutor.com/download/ToolbarCop.zip
     
  11. it_waaznt_me

    it_waaznt_me Coming back to life ..

    Joined:
    Nov 30, 2003
    Messages:
    2,023
    Likes Received:
    10
    Trophy Points:
    38
    Location:
    A bit closer to heaven
    To proceed with your HijackThis log, Run HijackThis again and put a CheckMark next to these entries and Click on Fix Checked.
    Please make sure that all Internet Explorer and Windows Explorer windows are closed.

     
  12. it_waaznt_me

    it_waaznt_me Coming back to life ..

    Joined:
    Nov 30, 2003
    Messages:
    2,023
    Likes Received:
    10
    Trophy Points:
    38
    Location:
    A bit closer to heaven
    Your system is infested with too many spyware and parasite.I recommend using Spybot Search N Destroy and Spyware Blaster for keeping system free from spywares. Both should be updated regularily as new malwares are discovered frequently.
     
  13. Thankx buddies !!
     
Thread Status:
Not open for further replies.

Share This Page