nikola247

Oeeerr I forgot about trend micro, its got a thing called venus spy trap running. Thanks for that trickytwista. As I am quite a noooobie, Im not sure how to check tmas.exe to see if its a pest, would all the spyware scans Ive done not pick it up? or do I have to manually do it somehow? Thanks Alot Nikki

Good Afternoon N1K and LLXX, Thanks very much smile for the advice, I have spent hours scanning the pc, and have come to the conclusion that scanspyware had a suspect reading. Here is a bit of an update. I have deleted scanspyware from my pc. I have just thought of something that may or may not be important. About 6/7 weeks ago, someone told me about something called spoofstick, and said it was really handy. I never normally download anything unless Ive confirmed it with my friend, but I downloaded it anyway. I have tried many times since to try and remove this program, but cant find any info at all on removal, in fact I cant find it in add/remove programs either. I have tried a search on the system, and it doesnt come up with anything, but its still on my toolbar pullhair.gif I have ran ccleaner, and also trend micro, adaware6pro, spybot,spyware doctor and the only one that came up with something was adaware, which came up with possible browser hijack attempt - reg data - data miner - in HKEY_CURRENT_USER:software\microsoft\internetexplorer\main"default_page_url" (about blank) Not sure if this is anything to worry about, but I deleted it with adaware. Also, when I get task manager up, the cpu usage is still fluctuating between 30% and 100% and I only have this ,ZA,AVG and pg2 running, do you rekon that spoofstick is causing it, becasue it must be hidden as add/remove programs nor windows search can pick it up, and all the scans Ive ran pick up no nasties either. In Task Manager there is something called System Idle Process, which fluctuates between 40-80% and memory usage is 16k, theres one other thing that is quite odd, its called Tmas.exe and normally sits at 0%, and every 30 seconds or so can go up to 96% and the memory usage is a frightening 17336k, any ideas what it can be. I really do appreciate all the help Ive recieved on this forum, Ive learned quite alot too Once again, Many Thanks Kind Regards

Thanks N1K, I might just have to do that, Ive got thousands of photos/images/clip art and alot of programs all installed on this pc, so backing everthing up, and to redo folders etc might be a bit of a nightmare, as I am hoping to set up my own business in the very near future, and have so much stuff on here its unreal. Only the other week I had a clean up on my pc, redid all the folders cleared out junk etc, and it took me days, so I am a bit hesitant to do it, as I am so short on time. I have alot of important things backed up, but its just a drop in the ocean to what is actually on here. I will ring my friend later on and link him to this thread, and see what he thinks, as he hasnt looked at the rootkit revealer result. Thanks very much for your help. Nikki

Thanks Trickytwista, I will try that and see if it works, do you know where I can find my bookmarks, as they have disapeared after I went to download ewido, it didnt delete my bookmarks last time I downloaded it, Im sure this pc hates me..lol Thanks alot Nikki

Trickytwista - Oooo blimey, I downloaded ewido (forgetting I had it on my pc before and my friend removed it) and it said I have tried it before, so have to buy it, and I cant really afford it right now, I went to bookmarks to reply to you, and all my bookmarks have gone I havent closed down firefox yet, in case they can be recovered. It really isnt my week this week..lol.. I have got some really important bookmarks in there, so hopefully they can be recovered. Also, I ran pandascan, and went to buy it so it could remove nasties, as it was only $8.00, but then remembered the bl**dy e-surveiller keylogger so I darnt use paypal or internet banking.. it just gets worse Thanks again guys Nikki

Hi LLXX, I have ran it again and only had open avg,zone alarm and peer guardian, as Im too frightened too turn them off. Also peer guardian sits there ok, until I get to certain (sometimes trusted sites) and it flashes, and I decide to either accept or deny, Well for the past week or so there is a certain site that tries to get me to allow http, as I dont know who it is, I have blocked it, it tries reguarly through the day too, sometimes 10-20 times a minute if I post the name someone maybe able to shed some light on who or what this site is, its called Savvis Sourceforge Split2 End Range, I have tried googling it, but theres only 2 sites come up, and dont really seem relevant. Not sure if it is anything to do with this nasty on my pc. Im so sorry to take up so much of your time Rootkit revealler result TrickyTwista - I am going to install ewido now, hopefully something has to work Thanks to you both Nikki

Hi LLXX, I did have a couple of things open, but I will rerun it now, and will close everything except avg and zone alarm an repost the info if that is ok. Thanks alot Nikki

N1K - Phewww.. Glad you didnt see anything nasty, I just cant understand why task manager CPU is fluctuating (sp?) between 43% & 100% when Ive only got this site, zone alarm,peer guardian and avg running..I will now try microsoft antispyware, ewido and pandascan, please god, let one of them work. I am going to turn off system restore first, I was told to turn it off when you scan for spyware. Thanks again Nikki

N1K – Hi, and thanks for taking the time to look at this for me. I have ran spyware doctor, and the weird thing was it came up with 2 minor things, but not the 2 e-surveiller keyloggers, if they had been on there I would have purchased it just to remove them, but as they didn’t appear I didn’t bother. I went to Start All Programs > Startup but wouldn’t really know id anything was odd, so my friend checked it, and he couldn’t find anything strange either. I have also gone into regedit, and wouldn’t know if anything was dodgy, and my friend is now away until tomorrow so I have copied all the folders here for you too look at if you don’t mind. Here is what is in HKEY\LOCAL\MACHINE Here is what is in the HKEY\CURRENT USER LLXX I have ran the rootkit thinggy, and this was the only 2 things in it, and I dont understand what it means, but you may know if something looks dodgy. I did have firefox open and pspx..hope that didnt effect the scan, also, should I have turned off system restore? cos I didnt..hehe Trickstar - I am going to run pandascan and ewido now, so fingers crossed one of em deletes this nasty thing. Wolf - I will run microsoft one after these, but unsure about terminating process's, I dont really know what I am doing and will probably terminate something important, an then I be in trouble Im working my way down the list though slowly. WOW..What a big post...sorrrrryyy Thank you all again Nikki

Morning all, Thank you very much for the advice, I have to take my Nan for a Hospitla appointment this morning, but as soon as I get home, I will try your advice, and if I get stuck I will holla back. Once again, thanks Kindest Regards Nikki

Thanks so much N1K and sonic, I did run autorun, but didnt understand it, my friend who is a pc buff logged in remotely to my pc, and he ran process explorer which is sort of the same thing, and there was something that confused him. There was something called INTERRUPTS - HARDWARE INTERUPTS and was running so high, but had no properties in it, and couldnt be deleted. Do you or anyone else know what this is, he couldnt find the keylogger either. here is a picture of it. This is driving me nuts, as I darent use internet banking or anything Kindest regards Nikki Have to go to bed now, but will check back in the morning, not sure if this interrupts thing is connected to the keylogger.. Thanks again Nikki

Good Evening all, A friend put on 2 pieces of software yesterday, scanspyware and Trendmicro, I have ran a scan on scanspyware, and it keeps coming up with 2 things, that I delete and they come back when I reboot. They are e-surveiller – Reg Key – HKEY-CLASSES-ROOT.ZIG – HIGH RISK e-surveiller – Reg Key – HKEY-LOCAL-MACHINE\SOFT – HIGH RISK I started in safe mode, and they had gone, but soon as I rebooted in normal mode they were back. I then turned off system restore and ran the following ScanSpyware - had the 2 e-surveiller ones - I deleted them TrendMicro - Didnt pick any up Adaware - didnt pick any up Spybot - Picked up a couple, but deleted them. I then turned on system restore, and rebooted pc, just ran ScanSpyware again, and hey ho, they are back Does anyone know how I can remove them please, as I am worried. Thanks in advance Nikki