outwar spyware - please help
Results 1 to 6 of 6

Thread: outwar spyware - please help

  1. #1
    Join Date
    Jul 2004
    Posts
    4

    outwar spyware - please help

    Please help.
    I have an outwar spyware on my computer. Each time I turn my computer on, it comes up with a download box about downloading an OUTWAR ADDON GUIDE.EXE. It is majorly annoying hope someone can help. Here is my Hijackthis thingy:

    Logfile of HijackThis v1.97.7
    Scan saved at 23:33:25, on 08/07/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\PC-cillin 2002\Tmntsrv.exe
    C:\Program Files\PC-cillin 2002\PCCPFW.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\PC-cillin 2002\pccguide.exe
    C:\Program Files\PC-cillin 2002\PCCClient.exe
    C:\Program Files\PC-cillin 2002\Pop3trap.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\System32\mediaplayer.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\blueyonder IST\bin\mpbtn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HiJackThis\HijackThis.exe

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\PC-cillin 2002\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\PC-cillin 2002\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\PC-cillin 2002\Pop3trap.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Microsoft Windows Media Player] mediaplayer.exe
    O4 - HKLM\..\RunServices: [Microsoft Windows Media Player] mediaplayer.exe
    O4 - HKCU\..\Run: [Microsoft Windows Media Player] mediaplayer.exe
    O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) -
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...172.1954861111
    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...sh/swflash.cab

  2. #2
    Join Date
    Sep 1999
    Location
    USA
    Posts
    2,046

    Re: outwar spyware - please help

    This one truly stumps me. Unless it's being called by another program, or is hidden in what looks like a legitimate file under another program's file group.. have you run the full scans on everything?
    Spyware Finder & Fixer Thingies :: AdAware :: Spybot Search & Destroy :: SpywareBlaster :: SpywareGuard :: HijackThis
    Free Online Virus Scanners :: HouseCall :: Symantec :: CA's eTrust :: Panda ActiveScan :: BitDefender :: RAV AntiVirus
    Antivirus Downloads :: AVG (Free Version) :: avast! 4 Home (Free) :: Other Online Scanners :: PestScan :: AuditMyPC
    Favorite Privacy & Security sites :: Privacy.net :: SamSpade.org :: SecurityFocus :: CERT :: Kuro5hin.org
    The only secure computer system in the world is unplugged, locked in a vault at the bottom of the ocean and only one person knows the location and combination of that vault. And he is dead. --Bruce Schneier, Applied Cryptography

  3. #3
    Join Date
    Jul 2004
    Posts
    4

    Question

    This has stumped me aswell. I have just turned my computer on and it has disappeared.
    Thanks alot for your time anyway

  4. #4
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':

    O4 - HKLM\..\Run: [Microsoft Windows Media Player] mediaplayer.exe
    O4 - HKLM\..\RunServices: [Microsoft Windows Media Player] mediaplayer.exe
    O4 - HKCU\..\Run: [Microsoft Windows Media Player] mediaplayer.exe

    Reboot into safe mode following the instructions here & navigate to & delete the following if found:

    C:\WINDOWS\System32\mediaplayer.exe

    Reboot normally.

    mediaplayer does not start with Windows, it must be started manually so this entry is a baddy.

  5. #5
    Join Date
    Jul 2004
    Posts
    4
    Thanks, i will try this as it has just started popping up again

  6. #6
    Join Date
    Jul 2004
    Posts
    4
    Looks good so far. Thanks alot. I will keep u posted.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •