Help removing spyware. thanks [annoying pop ups] [winlogon exe]
Best Answer: Yes download and install MalwareBytes and run a scan immediately
Pop up Blocker
Re:of course i checked mark the address bar. it even say "address" on the upper right corner, just no place to enter in the address.
Anyways i finnaly fixed it. registry problem. did some search on google and found that Microsoft had article out about it.
here (http://support.microsoft.com/?kbid=842903)
thanks for all ur replies guys.
Pdf Pop Up Pro – Add pop up and optin form to any PDF files
Re:AVG is relatively weak compared to McAfee's stuff, so I will feel better once you've run the McAfee scanner too.
As for the missing address bar, I hope this isn't a dumb question 
but have you tried right-clicking the empty area of the IE header to see if the Address Bar just needs a checkmark?
Learn the #1 Street Dance: Popping
Re:Hey thanks for all the great replies guys. I appreicated it.
As of now, all of my scans (spybot, adaware, antivir, cwshredder, crapcleaner, spy sweeper,spyware doctor, avg antivirus) confirms thats there no infection! and hijackthis shows file missing on the winlogon notify in O2O and O20. and i have no moer freeze up and no more pop ups
HOWEVER the address bar is still missing! &*(&$%^&%^ IE!!!!!!
mechbgon: i am going to try that now. thanks
dethfrumbelo: i have firefox and opera, and sygate personal FWand i am using it now. BUt i would like to still fix this annoying problems.
guy: yes my system restore is turned off.
Some other things i noticed: when in safe mode, IE address bar is there, and also when in fullscreen mode in regular window load up.
thanks again
Mook and Pop’s Culinary Delights
Re:Originally posted by: guy
Try this too: right-click this text file (http://www.omnicast.net/~tmcfadden/scan.txt), save it, and follow the directions precisely, step by step.guy, did you try this too? I updated the text file yesterday with an enhanced approach, btw.
Pick-Up Lines That Work
Re:Save yourself some trouble by dumping IE. Go with Opera or Firefox, get a good firewall like Kerio or Outpost, and run AdAware to clean out the remaining trash.
Stand-up Comedy Secrets!
Re:Run HijackThis again (in normal Windows mode) and check the box next to that line. Also check the box next to "O20 – Winlogon Notify: khfdd – C:\WINDOWS\system32\khfdd.dll " also if it is there. (It would also have the "(file mising)" at the end). The click "Fixed Checked".
Now as for the address bar problems, I never had that issue or have I heard of that problem asociated with Winfixer. So my guess is that you have some other problem that is causing this.
I'm not familar enough with the HijackThis logs to tell if what other lines are bad, but hopefully someone can help you out there.
If spyware doctor tells you the name of the two it can't delete, simply do a google search and normally you will find a fix for them somewhere.
How To Pick Up Women At The Beach
Re:Did you turn off 'System Restore" before the Safe mode scans ? You maybe are reloading the 50+ viruses/spywares from the restore feature.
Holy Grail Body Transformation Program – Affiliate Money Machine!
Re:Thanks Ike and others for the advice.
Ike, I followed the instructions and removed winfixer and after i removed i did a hijackthis scan and that line shows:
O2 – BHO: MSEvents Object – {FC148228-87E1-4D00-AC06-58DCAA52A4D1} – C:\WINDOWS\system32\khfdd.dll (file missing)
So is it removed?
I still cant get my address bar to work tho. It says "address" in a box next to the "Links" box but theres no place to enter in the address or a place to enter it, and it doesn't allow a way for me to drag the box in such a way to make it work. The address bar is available in fullscreen mode tho.
is IE pernamently damaged?
I run spyware doctor in safe mode and it detected 50+ infected files and cant delete 2 of them. it doesnt say which one but goes on to say it will delete them on the next start up. so i restarted and it does another scan before window loads up and once again detected 50+ infected files but still cant delete 2 of them. apparently, it didnt delete them or it got reinfected in safe mode and before window loads up again. weird
any ideas?
thanks
New Cafe Start Up
Re:Originally posted by: guy
O2 – BHO: MSEvents Object – {FC148228-87E1-4D00-AC06-58DCAA52A4D1} – C:\WINDOWS\system32\khfdd.dll
This is common to the winfixer spyware monster that is running around.
See THIS THREAD (http://{$MySite}/messageview.aspx?catid=33&threadid=1724176&enterthread=y) for help with removing.
Pick Up Masters – High Converting Pick Up Course
Re:Try this too: right-click this text file (http://www.omnicast.net/~tmcfadden/scan.txt), save it, and follow the directions precisely, step by step.
Re:If all your problems are with the browser, perhaps "BHO Demon" can help. This is a program that specifically detects "browser helper objects" and allows you to disable thier startup. This "feature" has been misused often. A more thorough explaination of this and other malware removal is at http://www.theflyingpenguin.com/penguin_blog.shtml#spyware-removal
Jim
Re:Hey guys, thanks for reading.
I run spybot with the latest updates, and i also run adaware. I also run AVG anti virus. All with the latest updates but it couldnt find it.
Its really annoying. Now its starting to hide my address bar, i cant see even tho i enabled it in toolbars. Annoying pop ups that bypass my popup blockers and freezes up IE. Only firefox and opera work correctly. IE just sux. Firefox is good but kinda slow, so i am running on Opera right now.
I've read that thread on how to remove it. Its a really long thread and i am downloading all of those stuff at 56k speed.
I thought posting the hijackthis log to you guys would be the best method because i believe that manual removal is the best and i can learn something while at it.
I did regedit…and nothing shows up in software/ms/windows/current version/run.
Nothing funny shows up in msconfig either.
Is it possible that the virus/spyware is embedded into a legit process and so hides behind that process? I've heard of some virus that can do that.
any help with this manual removal is appreicated it.
ps. i am using win xp/service pack 2
thanks
Re:Originally posted by: guy
noticed you have Spybot. Did you update it and run a thorough scan? Also, get microsoft antispyware. Its good.
Yeah, it's surprisingly good.
to the OP, did you check out the sticky in the Software forum that we're in about removing this stuff? its like "security consdf.d.df.. something"
Check that out
Re:noticed you have Spybot. Did you update it and run a thorough scan? Also, get microsoft antispyware. Its good.
Related posts
Tags: annoying pop ups, winlogon exe