Virus / Problem

[KayfabeMan]

OK, so I have some kind of computer virus - I'm assuming.

I have tried running AdAware, AVG, and this other program - I forget at the moment what the hell it is, but it is still annoying me. It sends me pop-ups, and apparently it is trying to do so from right when I turn my computer on.

I turn the computer on, and a small box appears saying something along the lines of the page can not be accessed because I'm not connected - and then asks Try Again or Work Offline.

Any idea what might be able to help?

Thanks.

[KayfabeMan]

Oh, also it sometimes puts shortcuts to sites on my desktop (like some poker site, and then Amazon.com). Don't know if that information helps at all.

[The Fugitive]

http://tomcoyote.org/hjt/hjt199//HijackThis.exe

Going on a hunch here, but install that, run it, scan your PC, save your Hijackthis.log and post it. I'll go over it and see if I can find anything suspicious.

[Disturbed316]

I had that problem a while back, I cant recall how I got rid it though

As for the desktop stuff, do you have MSN plus installed? If so, uninstall that and that should sort it out.

[KayfabeMan]

Hey Fugitive, I have HijackThis and scanned it once before and there was even more stuff that I spotted easily and got rid of. Here is what came up on the most recent scan however:

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\KPTZIF.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\SYSTEM\EKPWNH.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\kzppvk.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [AdTools Service] C:\PROGRAM FILES\ADTOOLS SERVICE\ADTOOLS.EXE
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msmc.exe
O4 - Startup: iakk.exe
O9 - Extra button: AOL Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: AOL Toolbar (HKLM)
O15 - Trusted Zone: www.bestbuy.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

Also, Disturbed - I don't have it installed, but thanks for posting

[KayfabeMan]

I know those top three things more than likely aren't supposed to be there, because I dont recall them being there ever before. However, they won't disappear for some reason.

[The Fugitive]

Ok, you need to get rid of stcloader.exe, AdTools and msmc.exe.

KPTZIF.exe, EKPWNH.exe and iakk.exe aren't ringing any bells though. I'll talk to a mate about them and see if they know anything about them.

Anyway, to get rid of stcloader, go to http://www.2nd-thought.com/uninstall.html, run that. Go into your Registry Editor ('regedit' in the Run menu) and delete the following keys if you can see them.

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\adstartup
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\bokja
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\sqinstaller
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\stcloader

Reboot the system then go Start -> Run again, then msconfig, select the Startup tab, disable any of these processes.

addestroyer.exe
addestroyerinner.exe
automove.exe
bokja.exe
csaolldr.exe
csv5p070.exe
loader[1].exe
slmss.exe
spedia.exe
sq_3394_3222.exesqinstaller.exe
stc.exe
stc[1].exe
stcloader.exe
trans.exe
randreco.exe

You'll need to uninstall some DLLs as well, to do that, go to the Start menu, then Run, then type 'cmd', then type 'regsvr32 -u ????.dll', in place of the ????, put the names of the following DLLs.

2ndsrch.dll
a_clearsearch.dll
cdsm32.dll
csaolinst.dll
csbiinst.dll
csie.dll
csieinst.dll
idleui.dll
spextdll.dll
swrt01.dll
swin32.dll
voiceip.dll

Then see if you can delete these directories if you have them.

%commonprograms%\addestroyer
Program Files\addestroyer
Program Files\clearsearch
Program Files\common files\slmss
Program Files\second thought
Program Files\stc

That should solve your STC problem, I'll get to the others after a rest, I'm crook as a dog and this took a bit out of me.

[KayfabeMan]

UPDATE: I'm still having problems with it

It seems to be getting worse, and is really becoming a pain in the ass now. I tried getting rid of the stuff, but it won't go - it says the program can't be removed. It keeps shooting the pop-ups all of the time, and it also interrupts my connection to AOL. It also stops AVG from running, like it knows that it's there to remove it, and won't let the thing run. I don't know what else to try .

[Vietnamese Crippler]

My dad's computer had a pretty bad virus/ad-ware problem too.

I solved most of it using the boot time scan function in avast.

Then I started the computer again in safe mode and ran Spy Bot Search and Destroy and Ad-Aware.

That got rid of like 99% of the problems