Right, so I had to reformat my HD to fix the problem in my previous OP. My new clean reformatted drive has been on but for 12 hours, and already it’s full of adware. Specifically, when I start up my PC and windows xp loads I get two of the same error windows right on top of each other:
RUNDLL
Error loading C:\WINDOWS\image.dll
The specified module could not be found.
I’ve run pestpatrol, norton antivirus 2004, and ad-aware 6.0 to try to get this bugger cleared up. Symantic says that image.dll has to do with Iefeats.Adware. I followed the steps to clean up the registry, but I still get these error messages when I start up. Also I get macintosh droplet sounds when I open webpages, and sometimes my browser still gets hijacked. What can I do to fix this?
Download Hijackthis! and scan your registry. Do not delete anything yet, HJT does not differentiate between the good stuff and the bad stuff. Click the Save Log button to create a text file of the scan results. Post the scan log here. I’ll have a look, and tell you what to delete.
Tried Spybot, it found some pests but didn’t fix my problem.
Here’s the logfile from HijackThis:
Logfile of HijackThis v1.97.7
Scan saved at 8:35:24 PM, on 4/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Since it’s very hard to proactively block every single type of malware I’d really suggest that you look into avoiding it altogether.
Since the majority of this junk is ActiveX “driveby” downloads, use a different web browser that doesn’t have ActiveX - anything other than IE.
I have been using Opera (free from www.opera.com, $40 for a registered copy and worth it) and have zero problems with adware. You can still fire up IE if there’s some sight that demands it but 99% of my daily surfing works just dandy on Opera.
If you want to keep using IE instead, Adaware has the “Adwatch” process that looks to block known adware, and Spybot has the “Immunize” feature to do the same thing. I’m not familiar with other products but there are doubtless several good ones.
If you formatted the hard drive and reinstalled Windows XP, there should be no trace of any spyware or viruses remaining from the previous installation. Did you restore any files from a backup or perhaps you had some files on a second partition? Did you install Windows from original media?
In any case, I’d recommend that you go to http://windowsupdate.microsoft.com and download all Critical Updates immediately after reinstalling Windows.
I suppose my old files could have had some junk in it, but it didn’t happen before I reformatted. In any case, it looks like I’m going to have to reformat again unless this thing can be cleared up.
In case you didn’t know, there are certain types of spyware/adware that Norton will not remove because supposedly you gave permission to install it. McAfee will still remove these programs, but some say that McAfee may install some spyware of its own. They may be referring to their monitoring software, and as far as I know, you have the option to disable that.
If you use free p2p programs, like Kazaa, you will be downloading spyware and adware with them. If you use those “free” screensavers and cursors and smilies so readily available, you are also downloading spy and adware.
Anyway, setting your security options to medium high should stop the active-x driveby stuff from automatically installing. A pop-up stopper (the free one with the Yahoo toolbar works well) helps as does the various anti-hijack and adware programs.
Visit www.doxdesk.com and click on the “parasite” link. It will instantaneously scan your browser (not your hard drive) for certain parasites and advise you which ones you have. It will also give you a lot of good information in avoiding these parasites in the future.
This is probably one of a new breed of spyware/malware programs that mutates each time you boot your computer, making it very difficult for programs like Adaware or Spybot to detect. Each time the computer is booted, the program is renamed, and the registry entry is changed. If you have rebooted since this scan, you will need to scan again; look for a seemingly random generated name similar to vqybvggf.exe. Check the box next to this entry, as well as this one:
Then click the Fix Checked button to remove these registry entries. Next, do a Windows search for a file of the same name, and delete it. Then do a Windows search for a file named pup.exe; if it exists, delete it.
Per what SMTWTFS said, what exactly are you doing that you are calling “re-formatting”. A re-format will erase the existing information (all of it including viruses and crapware) then re-install a fresh copy of the OS. All your non OS programs and data will be gone at that point, and need to be re-installed.
A “re-install” of the OS on top of an existing install, on the other hand, will simply refresh the OS somewhat if drivers are missing, but will not erase any data or programs. If you re-formatted all this junk should be gone. I can’t see how sryware came back in 12 hours on a clean, formatted system unless you immediately installed the free version of Kazaa and started clicking on spyware like mad.
Thanks for the tips. I deleted the offending registry entries and ran CWShredder, and now the error messages when I start up are gone However, I’m still getting water droplet “bloop” sounds in IE and it’s annoying as hell. What is doing that?? My friend had the same problem, and he had to reformat to get rid of it.
By reformat I mean I reformatted and repartitioned my drives. My friend, the same one, used my computer and “accidently” went to some unscrupulous web sites before I installed any virus or spyware blockers. I don’t have Kazaa or anything like that.
However, I’m still getting water droplet “bloop” sounds in IE and it’s annoying as hell. What is doing that?? My friend had the same problem, and he had to reformat to get rid of it.