Adware / Spyware problem ?

[Keith (Southend)G]

Not sure where I got it from, although I think it was when I
downloaded some mp3 music license software, which I have since
removed, but still get this problem.

I use Firefox 95% of the time but do have IE8 installed, I run AVG,
Spybot & AdAware which are all up to date.

The annoying problem is every so often I get an IE8 window pop up with
various adverts, I don't think it's anything malicious, but would like
to get rid of it. I also think there is a toolbar on my IE8 that maybe
the cause and haven't yet found a way of getting rid of it, on it
there is 'Get more add ons' ' Free Hotmail', 'suggested site' etc.
My pop-up blocker is on.

(this site just popped up: https://www.fridgeframes.co.uk/p-3-t...iliateid=10052)

Any ideas what this maybe and how I could get rid of it.

Many thanks

Keith (Southend)

[David H. Lipman]

From: "Keith (Southend)G" <keith_harris9@hotmail.com>

| Not sure where I got it from, although I think it was when I
| downloaded some mp3 music license software, which I have since
| removed, but still get this problem.

| I use Firefox 95% of the time but do have IE8 installed, I run AVG,
| Spybot & AdAware which are all up to date.

| The annoying problem is every so often I get an IE8 window pop up with
| various adverts, I don't think it's anything malicious, but would like
| to get rid of it. I also think there is a toolbar on my IE8 that maybe
| the cause and haven't yet found a way of getting rid of it, on it
| there is 'Get more add ons' ' Free Hotmail', 'suggested site' etc.
| My pop-up blocker is on.



| Any ideas what this maybe and how I could get rid of it.

| Many thanks

| Keith (Southend)

As noted by... &affiliateid=10052)

That shows an affiliate number and is used to track who the affiliate is who brings
business to the company. thus one can presume that you do have malware in the form of
adware driving affiliated businesses Pop-Ups to the company offering affiliation revenue.

Download, install, update and then execute, Malwarebytes' Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Keith (Southend)G]

On Apr 17, 4:59*pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> From: "Keith (Southend)G" <keith_harr...@hotmail.com>
>
> | Not sure where I got it from, although I think it was when I
> | downloaded some mp3 music license software, which I have since
> | removed, but still get this problem.
>
> | I use Firefox 95% of the time but do have IE8 installed, I run AVG,
> | Spybot & AdAware which are all up to date.
>
> | The annoying problem is every so often I get an IE8 window pop up with
> | various adverts, I don't think it's anything malicious, but would like
> | to get rid of it. I also think there is a toolbar on my IE8 that maybe
> | the cause and haven't yet found a way of getting rid of it, on it
> | there is 'Get more add ons' ' Free Hotmail', 'suggested site' etc.
> | My pop-up blocker is on.
>
> | Any ideas what this maybe and how I could get rid of it.
>
> | Many thanks
>
> | Keith (Southend)
>
> As noted by... *&affiliateid=10052)
>
> That shows an affiliate number and is used to track who the affiliate is who brings
> business to the company. *thus one can presume that you do have malwarein the form of
> adware driving affiliated businesses Pop-Ups to the company offering affiliation revenue.
>
> Download, install, update and then execute, Malwarebytes' Anti-Malwarehttp://www.malwarebytes.org/mbam/program/mbam-setup.exe
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.html
> Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp

Thank you David that's seems to have cleared the problem, it found 29
threats as follows:
Just shows that the program is only as good as it's dat file as both
AdAware and Spybot didn't clear this one.

Much appreciated.

Keith (Southend)

<snip>
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4002

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17/04/2010 17:57:27
mbam-log-2010-04-17 (17-57-27).txt

Scan type: Quick scan
Objects scanned: 116098
Time elapsed: 8 minute(s), 48 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 12

Memory Processes Infected:
C:\Program Files\SpaceQuery\spacequery.exe (Adware.SpaceQuery) ->
Unloaded process successfully.
C:\Documents and Settings\All Users\Application Data\SpaceQuery
\spacequery121.exe (Adware.SpaceQuery) -> Unloaded process
successfully.

Memory Modules Infected:
C:\Program Files\SpaceQuery\spacequery.dll (Adware.SpaceQuery) ->
Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall
\spacequery (Adware.SpaceQuery) -> Quarantined and deleted
successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SpaceQuery
Service (Adware.SpaceQuery) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SpaceQuery (Adware.SpaceQuery) ->
Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) ->
Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run
\sfkg6wipusp (Trojan.Downloader) -> Quarantined and deleted
successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\SpaceQuery (Adware.SpaceQuery) -> Delete on reboot.
C:\Program Files\SpaceQuery\SpaceQuery_deleted_ (Adware.SpaceQuery) ->
Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SpaceQuery
(Adware.SpaceQuery) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\6478.dll (Adware.Mirar) -> Quarantined and deleted
successfully.
C:\Program Files\SpaceQuery\spacequery.dll (Adware.SpaceQuery) ->
Delete on reboot.
C:\Program Files\SpaceQuery\spacequery.exe (Adware.SpaceQuery) ->
Quarantined and deleted successfully.
C:\Program Files\SpaceQuery\uninstall.exe (Adware.SpaceQuery) ->
Quarantined and deleted successfully.
C:\Program Files\SpaceQuery\SpaceQuery_deleted_\spacequery.dl l
(Adware.SpaceQuery) -> Quarantined and deleted successfully.
C:\Program Files\SpaceQuery\SpaceQuery_deleted_\spacequery.ex e
(Adware.SpaceQuery) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SpaceQuery
\spacequery119.exe (Adware.SpaceQuery) -> Quarantined and deleted
successfully.
C:\Documents and Settings\All Users\Application Data\SpaceQuery
\spacequery121.exe (Adware.SpaceQuery) -> Quarantined and deleted
successfully.
C:\Program Files\Mozilla Firefox\searchPlugins\spacequery116.xml
(Adware.SpaceQuery) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\searchPlugins\spacequery117.xml
(Adware.SpaceQuery) -> Quarantined and deleted successfully.
C:\Documents and Settings\Keith\Application Data\Microsoft\Windows
\jnipmo.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\drivers\HWDRV.SYS (Rootkit.Agent) -> Quarantined
and deleted successfully.
<snip>

[David H. Lipman]

From: "Keith (Southend)G" <keith_harris9@hotmail.com>



| Thank you David that's seems to have cleared the problem, it found 29
| threats as follows:
| Just shows that the program is only as good as it's dat file as both
| AdAware and Spybot didn't clear this one.

| Much appreciated.

| Keith (Southend)

< snip >

| Memory Processes Infected:
| C:\Program Files\SpaceQuery\spacequery.exe (Adware.SpaceQuery) ->
| Unloaded process successfully.
| C:\Documents and Settings\All Users\Application Data\SpaceQuery
| \spacequery121.exe (Adware.SpaceQuery) -> Unloaded process
| successfully.

| Memory Modules Infected:
| C:\Program Files\SpaceQuery\spacequery.dll (Adware.SpaceQuery) ->
| Delete on reboot.

< snip >

YW Keith. The above is proably the cause but as you saw there were "others".

As for Ad-Aware and SpyBot S&D, MBAM has been outdoing them for quite a while now.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Keith (Southend)G]

On Apr 17, 7:56*pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:

>
> | Memory Processes Infected:
> | C:\Program Files\SpaceQuery\spacequery.exe (Adware.SpaceQuery) ->
> | Unloaded process successfully.
> | C:\Documents and Settings\All Users\Application Data\SpaceQuery
> | \spacequery121.exe (Adware.SpaceQuery) -> Unloaded process
> | successfully.
>
> | Memory Modules Infected:
> | C:\Program Files\SpaceQuery\spacequery.dll (Adware.SpaceQuery) ->
> | Delete on reboot.
>
> < snip >
>
> YW Keith. *The above is proably the cause but as you saw there were "others".
>
> As for Ad-Aware and SpyBot S&D, MBAM has been outdoing them for quite a while now.
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.html
> Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp

Following on.....

The IE8 adverts continued to pop up, regardless that I was using
Firefox, up to last night. However, this morning I noticed AVG had an
Alert pop up, so I can only imagine they captured this one in
their .dat file in the last day or two. However, this was the
information from my vault, it may mean more to you:

Trojan Horse Adload_r_MK
file
SDK Type ~ Core

Since AVG flagged this up I have not been plagued with these adverts
every half an hour. I hope that's the end it :-)

Thanks

Keith (Southend)

[David H. Lipman]

From: "Keith (Southend)G" <keith_harris9@hotmail.com>

| Following on.....

| The IE8 adverts continued to pop up, regardless that I was using
| Firefox, up to last night. However, this morning I noticed AVG had an
| Alert pop up, so I can only imagine they captured this one in
| their .dat file in the last day or two. However, this was the
| information from my vault, it may mean more to you:

| Trojan Horse Adload_r_MK
| file
| SDK Type ~ Core

| Since AVG flagged this up I have not been plagued with these adverts
| every half an hour. I hope that's the end it :-)

Thanks for the update Keith.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp