hi, i have mssearchnet.exe but after going through jabuck's instructions.. its gone but there is this icon on my systray which alternate between two pictures.. a red circle with white X in the middle and the microsoft windows update picture.. it pops up a message saying " Your computer is infected! Possible harmful infection was detected on your pc, the system will now download and install the most efficient spyware removal program to prevent private data loss and your identity theft. click here to protect your pc from the biggest spyware threats! " once every few minutes. i already know where it leads, it lead to spyfalcon website... i haven't touch or even click off that message anymore after the cleaning. also the spyfalcon program is still on my comp, everytime i uninstall it just comes back. plus my IE shortcut on my start menu doesn't work, i have to open up windows update IE to surf to this site lol.. is that mssearchnet.exe really gone?? Please help

Check this post HERE

" Please Post back to let us know if we helped "

I suggest removing SpyFalcon manually by using these removal instructions.

Try this:

Go to Start > Control Panel > click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present. Actually, you can delete everything except"my current home page" unless of course you put it there.

thank you for the replies. bob, that post is where i learned to get this far.. but certain problems which i described persist. I've managed to get rid of spyfalcon, thankfully. Now, all that remains is to get my IE shortcuts working, and this PUP ( not sure what a PUP is ) which was blocked by my firewall/antivirus but it keeps showing up, its doing no harm since it cant get through but if anyone know how to stop it from trying to invade my comp every few minutes, i'd very much appreciate it.

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.

Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum.

Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

hi, here is the list :

Logfile of HijackThis v1.99.1
Scan saved at 12:00:41 PM, on 3/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.ph/com/EGamesPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143133027046
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4724/mcfscan.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

I don't see much in the HT log. This program, "AdwareAlert" although called legit was not a good program at one time and I would suggest that you uninstall it in add/remove programs until you get your problem resolved.

Then run Hijack This , close all windows and browsers except HT. place a check to the left of the following items then press"fix check:

O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot

Normally this removes the circle with red x:

Go to Start > Control Panel > click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present. Actually, you can delete everything except"my current home page" unless of course you put it there.

Please download
http://www.atribune.org/content/view/19/2/ by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Also delete "cookies". Click Apply then OK.

Set up the computer to view hidden files:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

(When finished, remember to return and place a check on "Hide protected operating system files" Click Apply and then OK.)

Then, in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Next navigate to the C:\Documents and Settings\(EVERY Listed USER)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Reboot into safe mode and run Ewido. To get into safe mode restart the computer and at the beep start tapping F8. You should get an option screen, choose safe mode.When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop.

Please reboot into normal mode and post the ewido log and let us know what results you have.

i dont know where this adwarealert came from, the program isn't listed in the add/remove programs but its folder is in program files/adwarealert... weird. anyway i did everything else you told me and heres the ewido report :

ewido anti-malware - Scan report

+ Created on: 9:47:06 PM, 3/23/2006
+ Report-Checksum: 531E0390

+ Scan result:

C:\Documents and Settings\Administrator\Cookies\administrator@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup

::Report End

Do you still have the circle with the red x?

You should delete the C:\Program Files\Adwarealert folder if you have not already done so.

my IE shortcut on start menu finally work but which did i do to fix that? the red X is gone. I haven't seen the PUP thing popping up eversince. Maybe its over? Thank you and computing.net community so much =]

Glad we could help.

the PUP i was talking about, its back and this time im able to give you more information about it. its blocked by mcafee viruscan. it says " The file C:\System Volume Information\_restore{EB3A3088-3ECD-4B54-B21...is a Potentially Unwanted Program (such as spyware and adware)and has been blocked from running on your computer "
i have no idea where this is coming from

You need to clean out(purge) the system restore folder.

For instructions on how to purge system restore click Here

To create a new restore point go Start>Run>type "msconfig" without the quotes>ok>Launch System Restore>Tick the circle beside "create a restore point">next>name it anything you wish>Create>home>restart the computer.