hi im new to this site an posting in general..
i resently installed an .exe of what i thought was a new codec pack for windows media player and spyware quake installed itself on my comp.. as soon as it happened i removed spywarequake from add/remove programs and i noticed a box on my task bar next to the time that says ur computer is infected with spyware, or ur comp infected with iworm_attck_v122.02a or OPHEv4... its friven me nutz i ran ad-aware se personal(trial edition) and found trojanhorse downloaderz i then ran AVGscanner and 14 trojan horse downloaders ZlobLJ(LG)(JU) all were quarantined they have to do with some file named mssearchnet.exe stickrep.dll vzoiqsvh.zdx A0179894.exe ..this AVG program is also a trial version so im not sure if the WIPE button will delte or just clear screen ?..then i ran NOD32 and piked up 3 more trojan horse downladers (KE)and 1 couldnt be quarantined and isnt picked up by any other scanner . After deleting almost 60gb off my computer i was thinking of formating computer altogether so i had unplugged modem and scanned my computer with all three scanners, all came up with nothing but as soon as i plug in power cable to modem even if the modem is off the little box in system tray telling me my computer is infected pops up immediatly an while surfing pop ups for spyware removal programs and adult sites start poping up i really dont have a clue as how to resolve this can someone help me out plz!!

mcffg12

If you can, maybe try getting into safe mode with networking and run the online scans from Housecall or BitDefender.
D/L CrapCleaner and ATF-Cleaner and run them before the spyware progs....it will speed up the scan time for you.
Spybot S&D, Adaware SE, Spyware blaster are all free and will help remomve spy and adware.
You may also want to d/l and run Stinger.
Post back with your results

Hopefully my advice will help you...Please post back with your results....thanks

Also use SpywareQuake removal instructions. SpywareQuake is not only a rogue, but also a trojan that will re-install itself if not removed completely.

hi wow didnt realise i could get a responce so quik tanx
for your post.
Reply post to
Name: XpUser4Real
Date: April 10, 2006 at 16:50:47 Pacific
Subject: can someone help me plz
Reply:

If you can, maybe try getting into safe mode with networking and run the online scans from Housecall or BitDefender.
D/L CrapCleaner and ATF-Cleaner and run them before the spyware progs....it will speed up the scan time for you.
Spybot S&D, Adaware SE, Spyware blaster are all free and will help remomve spy and adware.
You may also want to d/l and run Stinger.
Post back with your results

Hopefully my advice will help you...Please post back with your results....thanks

yupz me did all that i downloaded all programs
i ran the online scanner at Housecall in windows safe mode with networking and the completed scan came up with no infected files..
Then i ran CCleaner that cleaned up like 10mb
ATF-cleaner came up clear , Stinger also found no infected files i also d/l Spybot S&D i couldnt use tho for some reason i had to install updates b4 use i did click on the 'update' and then my computer kept crashing..wat actually happens is it shows a box were a file is being transfered example file 'detection 87kb' i leave the computer
for about 30min but it doesnt complete an when i try to stop it by canceling or cliking on [x] my computer crashes and i try to alt crtl del to end task or shut down my comp but that doesnt work either so i manually shut down by holding down button on HD. Well i cant tell exactly what d problem with that was i do notice that ever since my computer was infected and since installing NOD32 my computer takes around 5 or more minutes to just log into windows...when i have logged in if i dont wait another 5 more min and I just try to click on a file or program my comp will crash? o.O i did delete half my stuff on desktop including the resent removal of 60gb an it still like that but thats a different story all together..but yO me didz everything u asked and havent found anything ..me computer stats remain the same a.t.m . o heyz sorry for me takin ages for me post me dont think is good to use net wen me comp infected but yo XpUser4Real i reeeallly appreciate ur post... and how fast u posted i mean that is awesome!! Me not sure what to do buh il try next responce an il post results
Thankz for post u rock

mcffg12

POSt 2
Response 2 said
Response Number 2
Name: DSE
Date: April 11, 2006 at 00:39:49 Pacific
Subject: can someone help me plz
Reply:
Also use SpywareQuake removal instructions. SpywareQuake is not only a rogue, but also a trojan that will re-install itself if not removed completely.

hey tanx for ur post ohz
This is what I did and the results can u or anyone else help me with this please id apriciate heapz and taNx in advanced

Delete registry values:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpywareQuake ( not found not their didn’t exist)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} (found and deleted)

HKEY_CLASSES_ROOT\Typelib\{661173EE-FA31-4769-97D4-B556B5D09BDA} (did not find doesn’t exist..)

HKEY_CURRENT_USER\Software\Classes\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} (didn’t find didn’t exist)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22}(found twice 2 different locations ) other location was :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objectsa\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22}
So I deleted both to be safe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareQuake (didn’t find)
Help: how to remove registry entries

Unregister DLLs:
stickrep.dll couldn’t find anywere
Help: how to unregister malicious DLLs

Delete files:
dfrgsrv.exe, mssearchnet.exe(found<-and deleted), nvctrl.exe(found<-and deleted), spywarequake.exe, stickrep.dll, sq.ini, hp[X].tmp, ld[X].tmp nothing else was found
Help: how to remove harmful files

Delete directories:
C:\Program Files\SpywareQuake not their didn’t exist
C:\Windows\System\1024 couldn’t find
C:\Windows\System32\1024 found and deleted
C:\Winnt\System32\1024 no such folder
C:\Documents and Settings\[Current User]\Start Menu\Programs\SpywareQuake couldn’t find a folder named SpywareQuake so didn’t exist..?

At first when I read these instructions I didn’t get it so I downloaded the spywarequake removal program from link right above these instructions it was optional and ended up being Spyware Doctor 3.8 program
I didn’t use it I tried instructions first
I looked and found mssearchnet.exe and deleted it immediately and the popup on my taskbar bottom right next to my time dissapered and then I searched for the other files only found nvctrl.exe an del that 2, After that I ran spyware doctor and found 65infections which I couldn’t clean coz I had to register so I went bak to manuall removal and I removed the reg keys I could find from list above scanned my comp the way response 1 asked and then ran spyware doctor and found 35 infections remaining I couldn’t save the log file so I typed out the list also as backup for me buh can u tell me if their anything else I can do about these id appreciate it tanx in advanced…

ISTbar Location: HKCU\Software\Microsoft\Windows\\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959}

HKCU\Software\Microsoft\Windows\\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959}##

HKCU\Software\Microsoft\Windows\\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959}iexplore

HKCU\Software\Microsoft\Windows\\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959}iexplore##

HKCU\Software\Microsoft\Windows\\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959}iexplore##Type

HKCU\Software\Microsoft\Windows\\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959}iexplore##Count

HKCU\Software\Microsoft\Windows\\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959}iexplore##Time

HKCU\Software\Microsoft\Windows\\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959}iexplore##Blocked

PSGuard Desktop Hijaker :

C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

C;\Documents and Settings\F\Favourites\Antivirus Test Online.url

C:\Windows\System32\ot.ico

C:\Windows\System32\ts.ico

Trojan popuper :

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run##Kernel32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\BrowserObjectsA
‘ ‘ ‘ ‘ ObjectsA##
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run##wininet.dll
C:\Windows\System32\ncompat.tlb

HKCU\Software\Microsoft\Windows\\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22}

HKCU\Software\Microsoft\Windows\\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22}##

HKCU\Software\Microsoft\Windows\\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22}iexplore

HKCU\Software\Microsoft\Windows\\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22}iexplore##

HKCU\Software\Microsoft\Windows\\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22}iexplore##Type

HKCU\Software\Microsoft\Windows\\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22}iexplore##Count

HKCU\Software\Microsoft\Windows\\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22}iexplore##Time

TrojAn.Startpage.ADH :

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run#nvctrl.exe

Backdoor.Retro64 :

HKCU\Software\Microsoft\Windows\\CurrentVersion\Ext\Stats\{288C5F13-7E52-4ADA-A32E-F5BF9D125F99}

HKCU\Software\Microsoft\Windows\\CurrentVersion\Ext\Stats\{288C5F13-7E52-4ADA-A32E-F5BF9D125F99}##

HKCU\Software\Microsoft\Windows\\CurrentVersion\Ext\Stats\{288C5F13-7E52-4ADA-A32E-F5BF9D125F99}iexplore

HKCU\Software\Microsoft\Windows\\CurrentVersion\Ext\Stats\{288C5F13-7E52-4ADA-A32E-F5BF9D125F99}iexplore##

HKCU\Software\Microsoft\Windows\\CurrentVersion\Ext\Stats\{288C5F13-7E52-4ADA-A32E-F5BF9D125F99}iexplore##Type

HKCU\Software\Microsoft\Windows\\CurrentVersion\Ext\Stats\{288C5F13-7E52-4ADA-A32E-F5BF9D125F99}iexplore##Count

HKCU\Software\Microsoft\Windows\\CurrentVersion\Ext\Stats\{288C5F13-7E52-4ADA-A32E-F5BF9D125F99}iexplore##Time

HKCU\Software\Microsoft\Windows\\CurrentVersion\Ext\Stats\{288C5F13-7E52-4ADA-A32E-F5BF9D125F99}iexplore##Blocked

Trojan.Zlob.AP :

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run##Kernel32.dll

Common Components for windupdates
Windupdates.com

These are the problems which were detected with Spyware Doctor 3.8
Are these also reg keys? Or can they be removed and cleared any other way?
Would aprieciate help