Spy ware

[Taians]

Having some probs. After visiting a dodgey website for a SNES Emulator, ive have a **** load of stuff added to PC.
Ive managed to clean 90% of it but 2 Reg Keys and 1 Reg value wont remove. Used Spybot, ad-Aware, Hijackthis, manual removal using regedit and it seems to keep replicating itself as it keeps re appearing. Its also hijacked my redirect for auto search to some ****ty site. Removed the host file under sys32>Drivers>etc but keeps coming back.

Yuk, any ideas?

O heres a log from ad-aware


Started registry scan
��������������������������������������

VX2.BetterInternet Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}


VX2.BetterInternet Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Value : {DDFFA75A-E81D-4454-89FC-B9FD0631E726}

Performing conditional scans..
��������������������������������������

VX2.BetterInternet Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Guardian

 

[Agravaine]

Try running the scans and deleting stuff whilst in Safe Mode.

 

[Taians]

Nope, still there and getting rammed with pop ups every minute.

 

[Rochdale]

Have you downloaded the latest updates for Adaware and Spybot?

Is IE running while you're running the scans or do you have it closed down?

 

[Taians]

Yup both up to date, always check when i run it and nope, IE is closed.

 

[Taians]

Virus scan pulled this off

TROJ_REVOP_A
Non cleanable it said when i tried to get it removed

 

[Flight]

My advice would be :



i) dont visit dodgy pr0n sites;

ii) if you do dont download any web cam stuff or video clips.

Hope this helps.

 

[Taians]

Bleh, i knew when i saw you viewing you;d post something saying i was DLing porn

 

[Agravaine]

But you're not denying it are you?

 

[Taians]

[No message]

 

[Taians]

I was just after a SNES emulator !

 

[Flight]

Bleh, i knew when i saw you viewing you;d post something saying i was DLing porn

Sounds like a guilty conscience to me.

 

[Bunty]

I installed something that hijacked my browser home page everytime I rebooted. Clear it out - set it to blank page - reboot - returns to searches.com (or some such garbage) within 3 reboots.

None of the SpyWare things found it.

Installed ZoneAlarm again and it pointed out a hidden executable trying to access DNS for lookups. Dumped it and debugged the output and it had the URL's hidden in it! Unhide, squash, problem gone away!

\o/

 

[Omzig]

It amazes me that people still done use firewall software

blocks 90% of that rubbish

Om

 

[Taians]

Didn't block this, my firewal did go nuts asking if i should grant access. Said no everytime. Got spammed about 10 times in space of a minute with ''Trust this company''. Had a hunch i should do a check and this happened. Nearly got it sorted anyway

 

[Yorculen]

This is the best thing I have found and it should help with all your pop up issues!!

 

[Entropy]

Bleh, i knew when i saw you viewing you;d post something saying i was DLing porn

Did you get that copy of Airtight Lactating Virgins 7 for me?

 

[Taians]

Die Yorc....
Die Ent....

 

[Taians]

I pretty much cleared all the trash out cept for this file...

ajaamon.dll

It got modified the day my PC went whacky. I cant delete it cos its being used by something but cant find out what. AD-aware says its a high risk threat too and it cant delete it either. In windows>System32 folder.

Annoying, cant find what this file is linked too

 

[Rowan]

http://computercops.org/downloads-file-66-details-BOClean.html
That is supposed to work to get rid of it.