AVsystemcare

[Gunslinger]

DAMMIT!

No matter what I do I cannot shake this program.  I've tried just about every spyware software I can find on google and nothing seems to work.  What's the point of having a pop up blocker if it doesn't block pop ups.  These suckers are horrible too!  Anyone else have experience with this garbage?

[C(Sea)Bass]

I recently had a similar program stuck on my comp for 3 weeks. Neither of my antispyware programs worked on it. but for some reason McAfee virusscan killed. if you have McAfee or sophos try running them. make sure what ever you use has the latest updates installed.

[gpwurzel]

Did some digging around........found a fix that "may" help....

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

ComboFix will create a folder called QooBox in C: (C:\QooBox). It will contain any folders that were quarantined. When you are done you can delete this folder - QooBox.

*CAUTION - This could have ramifications if incorrectly used*......

Also, make sure your antivirus, malware scanners etc are all up to date...and that your using more than just the windows inbuilt firewall......

(Got this info at malwarebytes.org for anyone suffering the same problem)

Wurzel

[Gunslinger]

Thanks for the find.  Not sure if it did  the trick, only time will tell as the pop ups were completely random.  Here's what it found:

C:\Program Files\instant access
C:\Program Files\instant access\Center\Crazy Girls.upd
C:\Program Files\instant access\Dialer\321070400\Crazy Girls.lnk
C:\Program Files\instant access\Dialer\321070400\fp.pc-on-internet.com\50052\images\EN\t01.gif
C:\Program Files\instant access\Dialer\321070400\fp.pc-on-internet.com\50052\images\EN\t02.jpg
C:\Program Files\instant access\Dialer\321070400\fp.pc-on-internet.com\50052\images\EN\t03.gif
C:\Program Files\instant access\Dialer\321070400\fp.pc-on-internet.com\50052\images\p01.jpg
C:\Program Files\instant access\Dialer\321070400\fp.pc-on-internet.com\50052\images\p02.gif
C:\Program Files\instant access\Dialer\321070400\fp.pc-on-internet.com\50052\images\p03.jpg
C:\Program Files\instant access\Dialer\321070400\fp.pc-on-internet.com\7b257362f33d96da909bcd3336141558.html
C:\Program Files\instant access\Dialer\321070400\fp.pc-on-internet.com\7b257362f33d96da909bcd3336141558.html_0.loginvis
C:\Program Files\instant access\Dialer\321070400\us2-external-api.dlv4.com\js\0b5240af408ebb44f691c6544d1530ee
C:\Program Files\instant access\Dialer\321070400\us2-www.0texkax7c6hzuidk.com\Common\ddd88100854ec96ecdd7d7e7da96b8ce.html
C:\Program Files\instant access\Dialer\321070400\us2-www.0texkax7c6hzuidk.com\custom\4328\4328_dialer.ico
C:\Program Files\instant access\Dialer\321070400\us2-www.0texkax7c6hzuidk.com\custom\4328\EN\button1.gif
C:\Program Files\instant access\Dialer\321070400\us2-www.0texkax7c6hzuidk.com\custom\4328\EN\button2.gif
C:\Program Files\instant access\Dialer\321070400\us2-www.0texkax7c6hzuidk.com\custom\4328\EN\button3.gif
C:\Program Files\instant access\Dialer\321070400\us2-www.0texkax7c6hzuidk.com\custom\4328\EN\button4.gif
C:\Program Files\instant access\Dialer\321070400\http://www.rapid-pass.net\87195a3917f248fac10766c6deba571c
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\ffergx.dat
C:\WINDOWS\system32\ffergx.exe
C:\WINDOWS\system32\ffergx_nav.dat
C:\WINDOWS\system32\ffergx_navps.dat
C:\WINDOWS\system32\linkprd.exe
C:\WINDOWS\system32\nvs2.inf

[Meatwad]

OUCH!


How did you come across that spyware?