Verktøy til å fjerne Winsoftware.winantiviruspro20

[tigergutten]

Fikk spyware for en stund siden, og har klart å fjerne alt utenom Winsoftware.winantiviruspro2006. Kjører CCleaner, Spybot, Ad-aware, Pestpatrol, Ewido, Panda-log, Symantec sin scan... hmm, har jeg husket alt nå.

Etter at jeg har fjernet "alt", så kjører jeg alle programmene, ingen finner noe... så plutseligt får jeg en pop-up hvor det står at jeg må laste ned ditt og datt for at maskinen skal bli "sikker".. yeah right. Lukket IExplorer, men da åpner Opera seg med samme side.. lukker denne også, pluss ett par forsøk på å laste ned en fil. Etter dette finner jeg igjen spyware med de ulike programmene. Dvs at det ligger en liten jæveln en plass som ikke disse programmene finner.

Noen tips? Begynner å bli ganske desperat... vurderer å reinstallere, men er utrolig surt fordi det ligger MASSE programvare på maskinen, med masse instillinger og oppsett som tar masse tid å legge inn på ny.

 

Har søkt litt rundt på nettet om denne, og fant ei fil på symantec som skulle lete opp og fjerne Winsoftware.winantiviruspro2006, den fjernet også noe.. men igjen, ikke alt

Er litt redd for å laste ned ulike ting som gir svar på google når jeg søker på dette, i frykt for at det bare gir meg mer dritt på maskinen..

 

noen som har kjennskap til problemet?

 

 

edit: jeg hadde en annen tråd gående på spyware her, der har det blitt postet hijackthis logger, men ingen så noe i dem... så poster ikke den remsa her igjen

Endret 25. juni 2006 av tigergutten

[zjulik]

edit: jeg hadde en annen tråd gående på spyware her, der har det blitt postet hijackthis logger, men ingen så noe i dem... så poster ikke den remsa her igjen

6378831[/snapback]

 

Jo, gjør det.

[tigergutten]

Skjult tekst: (Marker innholdet i feltet for å se teksten):

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Programfiler\Lenovo\Bluetooth Software\bin\btwdins.exe

C:\Programfiler\Symantec AntiVirus\DefWatch.exe

C:\Programfiler\ewido anti-spyware 4.0\guard.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\Programfiler\Citrix\ICA Client\ssonsvr.exe

C:\Programfiler\Symantec AntiVirus\Rtvscan.exe

C:\Programfiler\IBM ThinkVantage\Rescue and Recovery\rrservice.exe

C:\Programfiler\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

C:\Programfiler\ThinkVantage\SystemUpdate\UCLauncherService.exe

C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Programfiler\IBM ThinkVantage\Common\Logger\logmon.exe

C:\Programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\ThinkPad\ConnectUtilities\AcMurocHlpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Programfiler\Lenovo\HOTKEY\TPHKMGR.exe

C:\Programfiler\Lenovo\HOTKEY\TpWAudAp.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

C:\Programfiler\ThinkVantage\AMSG\Amsg.exe

C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe

C:\Programfiler\IBM ThinkVantage\Client Security Solution\cssauthe.exe

C:\Programfiler\Picasa2\PicasaMediaDetector.exe

C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Programfiler\PestPatrol\PPControl.exe

C:\Programfiler\PestPatrol\PPMemCheck.exe

C:\Programfiler\PestPatrol\CookiePatrol.exe

C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe

C:\Programfiler\Microsoft ActiveSync\wcescomm.exe

C:\Programfiler\Lenovo\Bluetooth Software\BTTray.exe

C:\Programfiler\Tivoli\CDP_for_Files\FilePathSrv.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Programfiler\IBM ThinkVantage\Client Security Solution\pwmgre.exe

C:\download\spyware programs\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\Programfiler\Lenovo\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [TPWAUDAP] C:\Programfiler\Lenovo\HOTKEY\TpWAudAp.exe

O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\SYSTEM32\PMHandler.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [suScheduler] C:\Programfiler\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER

O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "c:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [AMSG] C:\Programfiler\ThinkVantage\AMSG\Amsg.exe

O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe

O4 - HKLM\..\Run: [cssauthe] "C:\Programfiler\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [ACTray] C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe

O4 - HKLM\..\Run: [ACWLIcon] C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programfiler\PestPatrol\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\Programfiler\PestPatrol\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] C:\Programfiler\PestPatrol\CookiePatrol.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\wcescomm.exe"

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: CDPforFilesSrv.lnk = C:\Programfiler\Tivoli\CDP_for_Files\FilePathSrv.exe

O8 - Extra context menu item: &Google-søk - res://c:\programfiler\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Oversett engelsk ord - res://c:\programfiler\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Koblinger bakover - res://c:\programfiler\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Lignende sider - res://c:\programfiler\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Øyeblikksbilde av siden i hurtigbufferen -

 

res://c:\programfiler\google\GoogleToolbar2.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll

O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

 

Files\IBM\Java142\jre\bin\NPJPI142.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Opprett mobil favoritt... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

 

C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

 

C:\Programfiler\Messenger\msmsgs.exe

O11 - Options group: [JAVA_IBM] Java (IBM)

O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/no/no

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

 

http://scan.safety.live.com/resource/downl...lscbase5059.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

 

http://update.microsoft.com/windowsupdate/...b?1146054864498

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

 

http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = *****.local

O17 - HKLM\Software\..\Telephony: DomainName = *****.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = *****.local

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner -

 

C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\Lenovo\Bluetooth

 

Software\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec

 

Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec

 

Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec

 

Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programfiler\Symantec

 

AntiVirus\DefWatch.exe

O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programfiler\ewido anti-spyware

 

4.0\guard.exe

O23 - Service: CDPforFilesSrv (FilePathsrv) - Unknown owner - C:\WINDOWS\system32\FilePathsrv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

 

C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: PMSveH - Unknown owner - C:\WINDOWS\system32\PMSveH.exe (file missing)

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Programfiler\SonicWALL\SonicWALL Global VPN

 

Client\RampartSvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation -

 

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programfiler\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec

 

Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec

 

Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TVT Backup Service - Unknown owner - C:\Programfiler\IBM ThinkVantage\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Unknown owner - C:\Programfiler\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner -

 

C:\Programfiler\ThinkVantage\SystemUpdate\UCLauncherService.exe

[zjulik]

Har du anledning til å legge opp et screenshot av popup-svineriet?

[zjulik]

Det later til at Spysweeper greier dette i en del tilfeller. Hvis du er skeptisk til å prøve for mange ting - dette er kanskje et av de 2-3 beste antispywareprogrammene tilgjengelig.

 

Her er en kort manual fra et annet forum:

"Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

http://www.webroot.com

 

* Click the Free Trial link under to "SpySweeper" to download the program.

* Install it. Once the program is installed, it will open.

* It will prompt you to update to the latest definitions, click Yes.

* Once the definitions are installed, click Options on the left side.

* Click the Sweep Options tab.

* Under What to Sweep please put a check next to the following:

o Sweep Memory

o Sweep Registry

o Sweep Cookies

o Sweep All User Accounts

o Enable Direct Disk Sweeping

o Sweep Contents of Compressed Files

o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.

* Click the Start button.

* When it's done scanning, click the Next button.

* Make sure everything has a check next to it, then click the Next button.

* It will remove all of the items found."

[tigergutten]

Takker for kjapt svar, skal teste det med en gang

[tigergutten]

Spysweeper finner noe ja... sier ikke hva, eller hvor, og siden det er "try"-versjon, så vil det ikke fjerne det

 

jeg blir gal...

[zjulik]

Siker på at du har installert demoen og ikke den der minigratisgreia?

[zjulik]

Det var som pokker. Har de ikke demoutgave lenger?? Tsk tsk.

[berxter]

For Søren! Vel, jeg ser heller ikke noe i loggen denne gangen.

Kaspersky sin online scan har du vel ikke prøvd? Den er kjempefin til å finne djævelskap og hvor det er; ikke så god til å fikse ting, men vel verdt å prøve for å lokalisere svineriet.

F-Secure Blacklight og silentrunners (google) finner det som måtte være av rootkits m m. Jeg er ikke noen kløpper på å lese loggene deres, men hvis du legger dem ut er det sikkert noe som gliser i mot oss.

 

Bernt K