Help needed with spyware removal!

[Guest]

Hello,
I am trying to help a friend remove some spyware from his computer. We don't
know alot about this kind of stuff. We have scanned his computer with Windows
Defender, Spybot S&D, Ad-aware and Norton 2005 in total so far we have
managed to remove almost 900 things with these tools. However, there are some
things that are still on the computer that look suspicious to us (remember we
dont know much about this). This "Oemji toolbar" was supposivley not
intentionally installed by my friend, it can not be deleted it always says
"are you sure you want to uninstall oemji toolbar"..."why do you want to
uninstall oemji tool bar"...when you select just remove...it say that it
cannot do this, then the computer starts acting weird.
Also Norton always says this thing is trying to connect to his computer:
Attacker: Marketscore oss proxy certificate (oss-content-gta.marketscore.com
(66.119.33.138) (https (443)) Port 1428)...this always happens when he tries
to log on to sites with the little padlock symbol (https). When this happens
the computer completly freezes and we are forced to reset it. Also we cant
find where this file is to delete it.

Also these things look strange to me: Jtkz.exe, Kdygoeml.exe, mplay64.exe
they are in his start up list.

He is running xp sp2 (german) patched, ie6 & firefox, Norton 2005, spybot,
adaware and recently installed windows defender...however it dosn't work
properly.

Any help on how to remove these things would be greatly appreciated.

Thanks

 

[Guest]

Hi again,

First remove all temporarily junk with CCleaner

Ccleaner - http://www.ccleaner.com
Note, uncheck Yahoos toolbar during install.
CCleaner quick tour:
http://www.ccleaner.com/help/tour1.asp
CCleaner even has a built-in Registry Cleaner. It's not the best (not
CCleaner's main function), but it will find invaild registry entries that
most Registry Cleaners will not. Unlike the Disk Cleaners with a Registry
Cleaner, CCleaner does really fast scanning for Registry Issues. The reason
is CCleaner doesn't want to effect Windows performance or effect any
applications. It's better to be safe than sorry!

Then try Ewido on-line for Trojans removal:
http://www.ewido.net/en/download/

http://safety.live.com/site/en-US/default.htm

Also test this WGA diagnose test, connection to MS, that scripts working and
a new Validation tool
http://www.microsoft.com/genuine/diag/

One more great application for safer surfing is to use Siteadvisor.
http://www.siteadvisor.com/preview/

Jason's Toolbox
http://www.jasons-toolbox.com/BrowserSecurity/

I hope this post is helpful.
Let us know how it works ºut.
Еиçеl

 

[Bill Sanderson]

Engel has given you great advice--using a HijackThis log, and posting to a
specialized forum where those logs are looked at by experts is probably your
best course, at this point.

Here are a couple of other resources:

http://www.microsoft.com/athome/security/spyware/software/support/reportspyware.mspx

That's the malware submission page for Windows Defender--they'd be glad to
see any sample executables you'd like to pass on to them.

http://www.virustotal.com

http://virusscan.jotti.org

are two useful multi-vendor antivirus sites--you can submit something found
on your system there and get a reading in a few minutes from multiple
vendors.

--