Spyware/adware Remover?!? Help!
#22
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\Ati2evxx.exe (shows up twice for some reason)
C:\WINNT\AGRSMMSG.exe
O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINNT\system32\qomnm.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeh
O20 - AppInit_DLLs: katrack.dll MsgPlusLoader.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: QConGina - C:\WINNT\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: qomnm - C:\WINNT\system32\qomnm.dll
O20 - Winlogon Notify: tphotkey - C:\WINNT\SYSTEM32\tphklock.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
They're all the ones that I'd bin (unless you know what the ATI Technologies Inc. stuff is). If any of them are needed, you'll soon find out wink1.gif
I'd also go into the registry & at least perform a search for "winfixer" & delete any entries that are found.
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\Ati2evxx.exe (shows up twice for some reason)
C:\WINNT\AGRSMMSG.exe
O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINNT\system32\qomnm.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeh
O20 - AppInit_DLLs: katrack.dll MsgPlusLoader.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: QConGina - C:\WINNT\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: qomnm - C:\WINNT\system32\qomnm.dll
O20 - Winlogon Notify: tphotkey - C:\WINNT\SYSTEM32\tphklock.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
They're all the ones that I'd bin (unless you know what the ATI Technologies Inc. stuff is). If any of them are needed, you'll soon find out wink1.gif
I'd also go into the registry & at least perform a search for "winfixer" & delete any entries that are found.
#23
alright well i work all day removing spyware and viruses. heres how we do it.
first disconnect from the internet(just to be sure nothing is going to come back)
1) run something that will clean out all users temp files/cookies/temp internet files/recycle bin/etc. I believe its called C Cleanup (pm me with your email and ill send you a copy)
2) run Adaware (make sure you get the VX2 addon, once again i can email that)
3) run Spybot
4) run Microsoft AntiSpyware
5) run CWShredder
6) run HiJackThis (but be careful you can really f*** things up with this program)
7) run Norton Antivirus
all of the above are free except norton. most universities will give you a copy of Symantec Antivirus Corporate if you work for them or are a student. (symantec makes norton products)
alright. now uve done that in normal mode. reboot and push f8 to get a boot screen option.... you then want to go to safe mode and run the same scans. repeat until completely clean.
hopes this helps guys. not saying this the "best" way, but this is the meathod we use all day to remove spyware and is very effective.
first disconnect from the internet(just to be sure nothing is going to come back)
1) run something that will clean out all users temp files/cookies/temp internet files/recycle bin/etc. I believe its called C Cleanup (pm me with your email and ill send you a copy)
2) run Adaware (make sure you get the VX2 addon, once again i can email that)
3) run Spybot
4) run Microsoft AntiSpyware
5) run CWShredder
6) run HiJackThis (but be careful you can really f*** things up with this program)
7) run Norton Antivirus
all of the above are free except norton. most universities will give you a copy of Symantec Antivirus Corporate if you work for them or are a student. (symantec makes norton products)
alright. now uve done that in normal mode. reboot and push f8 to get a boot screen option.... you then want to go to safe mode and run the same scans. repeat until completely clean.
hopes this helps guys. not saying this the "best" way, but this is the meathod we use all day to remove spyware and is very effective.
#26
Moderator
Joined: May 2001
Posts: 7,164
Likes: 6
From: San Antonio, TEXAS!!!
Vehicle: 01 Tiburon Turbo, 99 Tiburon F2E, 2013 Avalon XLE Touring
QUOTE (NightShark @ Oct 19 2005, 09:47 PM)
haha.. who can live without porn
this is the website that keeps popping up
http://www.winfixer.com/pages/scanner/inde...id=RON&p=3&ax=0
this is the website that keeps popping up
http://www.winfixer.com/pages/scanner/inde...id=RON&p=3&ax=0
That is the same damn popup I'm getting on my GF's laptop. I've run several different programs and her computer is just fuxored. It's a slow POS now because of it.
#27
Senior Member
Joined: Mar 2006
Posts: 4,244
Likes: 0
From: Ashland, KY
Vehicle: 2001/Hyundai/Tiburon
google for winfixer there are lots of good sites with how-to's to remove it.
here's the best way to remove spyware - reinstall xp
here's the second best way:
1. do your scans - adaware, spybot, install and update spywareblaster
2. run hijackthis and found any bad stuff then google for it. 90% of the time simply removing it with hijack this isn't going to cut it. thats the reason adaware and the rest couldn't remove it.
3. quit installing spyware, never install software that has spyware integrated, when installing software to make sure google for "the software name" spyware and i'm sure you'll find plently of people complaining about it if spyware is in it.
edit: here's a site where someone is having the same issue
http://www.bullguard.com/forum/8/Winfixer-...help_18685.html
l2mfix is how i've removed winfixer in the past - it's a pain in the butt, but be glad you didn't install the porn dialer.....
here's the best way to remove spyware - reinstall xp
here's the second best way:
1. do your scans - adaware, spybot, install and update spywareblaster
2. run hijackthis and found any bad stuff then google for it. 90% of the time simply removing it with hijack this isn't going to cut it. thats the reason adaware and the rest couldn't remove it.
3. quit installing spyware, never install software that has spyware integrated, when installing software to make sure google for "the software name" spyware and i'm sure you'll find plently of people complaining about it if spyware is in it.
edit: here's a site where someone is having the same issue
http://www.bullguard.com/forum/8/Winfixer-...help_18685.html
l2mfix is how i've removed winfixer in the past - it's a pain in the butt, but be glad you didn't install the porn dialer.....
#28
just to double check. i recommend the system i posted as we clean like 600 computers a month. but make SURE your doing the scans BOTH in normal mode and SAFE mode. if that does not work. you may have to try looking into knoppx or something that is NOT windows runs from cd+ram and can read windows files and scan with an antivirus and other tools. there are some NASTY stuff where doing it in BART PE or Knoppix is the only way to fix it do to it always running in windows and auto recreating itself (even in safemode 02.gif )
also, disable system restore while running the scan... right click my computer --> properties --> system restore tab --> uncheck
when you remove it reenable it.
also watch out for random "spyware removers" ive seen them actually be viruses themselves 02.gif . if you KNOW its winfixer do a google search and look for the symantec site url. they should i have individual remover for it.
also, disable system restore while running the scan... right click my computer --> properties --> system restore tab --> uncheck
when you remove it reenable it.
also watch out for random "spyware removers" ive seen them actually be viruses themselves 02.gif . if you KNOW its winfixer do a google search and look for the symantec site url. they should i have individual remover for it.
#29
ok.. so far so good. i think its gone. i havent seen the pop up come in a few days or anything weird like that.. and now my computer can actually Suspend. before it wouldnt let me it kept waking up.