# detection



## kingdante87 (Sep 25, 2004)

ok so after trying every program to try and find my spyware I find a little bit about it but still dont have a program that'll delete it.  I need something free.  Adaware detected EzuLa which it deleted.  Mydailyhoroscope, winoldap, and ezStub.exe keep being downloaded into my computer.  I found setup_silent_25040.exe in C:\.  DownloadWare and Kuang2Web Updater were detected on my computer but the anti spyware program I used only detected things and wouldnt delete them.  The location of Kuang2Web Updater was HKEY_CURRENT_USER\SOFTWARE\Updater .  I also found this program called GCASDTSERVHolder running in my ctrl alt del menu but it had stoped responding so I dont know what that means.  I'm finding more programs every time I go online but I have to go online to try and find a solution for them.  Kinda stuck.


----------



## kingdante87 (Sep 25, 2004)

I forgot to mention.  I keep geting INSANE pop-ups all the time.  they prompt me to sign online when I'm offine to view them.  Really annoying.  I have put them on my bad sites list so they don't load, they just show a blank white page but some times they send a new url and I'll be away from my computer and end up with some program on it when I return.

here is my hijack this log file:
Logfile of HijackThis v1.97.7
Scan saved at 2:22:38 AM, on 9/25/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\JUNO\BIN\JUNO.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\ptsnoop.exe
D:\PROGRAMS\AIM95\AIM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\PROGRAMS\BACK UP FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Findfast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

Juno is my web browser (fyi)  I dont have windows help or task monitor open but its showing them on the list for some reason.


----------



## ZER0X (Sep 26, 2004)

Maybe you should of tried a normal Viruscan


----------



## b3n (Sep 26, 2004)

Use AVG and adaware regulary.


----------



## RewtKidd (Sep 26, 2004)

b3n said:
			
		

> Use AVG and adaware regulary.



avg is over rated and misses viruses, and it's getting more popular so the servers are becoming laggy, nothing wrong with forking over 50 bucks for top of the line virus protection. and for spyware i recommend spybot, just go to your favorite search engine (google.com) and type it in. 

you can get virus protection free, but i'm sure the admin doesn't want people posting about warez...


----------



## kof2000 (Sep 26, 2004)

do a full system format


----------



## Ace1627 (Sep 26, 2004)

Well, you could format and lose everything you have or, if you want something free download spybot search and destroy. It is the best free spyware checker around. I personally like Noadware but it is about 30 bucks I think forgot.


----------



## ZER0X (Sep 26, 2004)

Ive always trusted AVG  nothing super bads gone wrong


----------



## geranimo:// (Sep 26, 2004)

kingdante87 said:
			
		

> The location of Kuang2Web Updater was HKEY_CURRENT_USER\SOFTWARE\Updater




You can delelte that by going to start-->execute(i think, don't know the english name, it's where u can type stuff  )-->type "regedit"...


----------



## RewtKidd (Sep 26, 2004)

Zerox, well when i scanned my dad's computer with avg it found a few things and then i scanned it with norton corp edition and i found a ton of things... personally i prefer norton antivirus. usually an antivirus doesn't pick up spyware, spybot does great, try it see if it fixes your problems?


----------



## kingdante87 (Sep 26, 2004)

what would happen if I just deleted the registry value from the registry editor?  People have warned me to stay away from the registry because I could screw something up.  If I just deleted the updater thing would it screw up my computer?


----------



## b3n (Sep 27, 2004)

As long as you have a faint idea what your after you shouldnt have any trouble.


----------



## ZER0X (Sep 27, 2004)

> Zerox, well when i scanned my dad's computer with avg it found a few things and then i scanned it with norton corp edition and i found a ton of things



Yer I know Norton is better, but you have to buy it so AVG is fine

and remember you have to update AVG aswell


----------

