Quake3World

Anybody here know about WinAntiVirus Pro 2007? I got rid of it on my parents' PC cause they have a legit french *cough* version of WinXP but since I'm badass, my version of XP is English and is not legit so I can't install Windows Defender and destroy this shit...all the morons in that ctf server got lucky last night cause I was freezing all over the place...now it's payback time...anybody can help?

Is there a quick and easy way to unistall this without buying software?

I promise I will be nice with y'all from now on

Sorry...I ain't got time for the internet...

rofl...

http://www.xp-vista.com/spyware-removal ... structions ?

It's not my fault

Good Lord...this stuff has taken control of my browser...I can't control what's going on...even Google has been hijacked!!!

4days wrote:http://www.xp-vista.com/spyware-removal/winantivirus-pro-2007-removal-instructions ?

Thanks, I've tried a few of those but it's rather complicated...and I've got a girl to fuck in a few hours...

Is there something like an anti spyware that gets rid of it quickly or do you have to follow all those steps?

This just in...

My Control Panel is officially gone...will I survive this shit?

download and install Ad-Aware. Run this program in safe mode. I hope this solves your problems.

Restart your computer in Safe Mode (With Networking) - that way you can remove it without the crap being run in the background.

Once you've done that install Spybot S&D update it and scan/fix any problems it finds.
Finally run HiJackThis choose 'Do a scan and save log file' (or something like that) and post the log here.

Try this to access Google - http://66.102.9.104/

oh noes you mean all your quake 3 ownage screenshots are lost?

Denz wrote:download and install Ad-Aware. Run this program in safe mode. I hope this solves your problems.

Will it really get rid of everything? I heard about doing some shit in safe mode but was wondering if it was really useful...

Yes, all programs that start with the computer normally will run, if you try to delete or uninstall a program that is running then it won't delete it. Always run your computer in Safe mode while trying to fix crap like this because the people that create this spy ware know that the normal person wouldn't run their computer in safe mode or even know that it exists preventing anyone from uninstalling these sorts of programs.

use phoenix's advice.

I would try Pho's method as well since his advice is apparently steered toward this specific Trojan. My method is used as a general rule.

+JuggerNaut+ wrote:use phoenix's advice.

You beat me to it.

seremtan wrote:oh noes you mean all your quake 3 ownage screenshots are lost?

ffs...I got 3 gigs of ego crushing screenies and many demos of broken dreams...this could be the worst day in my life...

Denz wrote:

+JuggerNaut+ wrote:use phoenix's advice.

You beat me to it.

your advice isn't bad - his is just more detailed.

Denz wrote:Yes, all programs that start with the computer normally will run, if you try to delete or uninstall a program that is running then it won't delete it. Always run your computer in Safe mode while trying to fix crap like this because the people that create this spy ware know that the normal person wouldn't run their computer in safe mode or even know that it exists preventing anyone from uninstalling these sorts of programs.

Thanks bro...I promise to be nice from now on

PhoeniX wrote:Restart your computer in Safe Mode (With Networking) - that way you can remove it without the crap being run in the background.

Once you've done that install Spybot S&D update it and scan/fix any problems it finds.
Finally run HiJackThis choose 'Do a scan and save log file' (or something like that) and post the log here.

Try this to access Google - http://66.102.9.104/

Thank you very much, I found a few links last night that recommended doing those steps...guess it's time to crush and destroy...wish me luck!

Looks like I'm heading towards reformat alley

Before re-formatting your hdd. Try loading XP on a seperate hdd and using a recovery tool on your new hdd to extract any info from your old hdd.

I would recommend RStudio.

http://www.r-studio.com/

I still have pop-ups and spam even in safe mode...is this normal or am I seriously infested?

I'm currently running Spybot but there were errors during the updates download...lol?

PhoeniX wrote:Finally run HiJackThis choose 'Do a scan and save log file' (or something like that) and post the log here.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:18:03 PM, on 8/20/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\printer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\System32\vtr340.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
O4 - HKCU\..\Run: [RemoveIT Pro XT] C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\ICQLite\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\ICQLite\ICQLite\ICQLite.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://duhard.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://duhard.spaces.live.com/PhotoUpload/MsnPUpld.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum455.txt
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Windows Notification Service (Winnotify) - Unknown owner - C:\WINDOWS\System32\winntify.exe (file missing)

--
End of file - 15712 bytes