Alright somehow "spyblocs" has installed itself on my computer.....

not only does it pop up every 60 seconds, it's changed my homepage added a toolbar, favourites ....you know the usual shite, trouble is nothing wants to remove it.... i've tried adware, spybot, tried deleting it from the source only to find out it cannot be deleted by pushing the delte button on the keyboard.....

I've deleted everything that I know won't affect my comp and I'm pretty sure this is a trojan... so I know it'll be reasonably hard to get rid of,

any suggestions ppl?

First one to get rid of it will have a six paxk being posted through they're door within three working days!! lol! :lol: no honestly!

Unless i remove it myself then all is mine! :wink:

format c:


pmsl these cna be twats to get of mate they embed themselves well deep into your pc

microsofts anti spyware prog is spot on..

download the beta off their website


Phil

Had a few things like this-
try and get hold of a program called stinger.exe - it can only be used in safe mode and is pretty good

or try searching for "spyblocs virus/removal" on google - this should come up with a method on deleting it. May require going pretty deep into your files/drives and digging it out like an embedded tick!

http://www.google.co.uk/search?hl=en&q=spyblocs+virus&meta=

One of these should be able to help you mate!

what anti-virus you running?

If you can find the file name and location, start up DOS then type deltree:(enter the folder and exact address/ filename here ie C:/Windows/System/filename) Deltree deletes everything you see. Will pm you my addy for the beer if it works. lol

stop searching for dodge goat pron :lol:

stop searching for dodge goat pron :lol:
ur right there - i managed to get rid of it off a mates pc... cant remember how - just search for it in the find files/folders bit then delete them all.. im sure that sorted it, or at least enough to not think it was on his pc..

Why not try a system restore?

According to google, "Spyblocs" is an anti-spyware tool itself, made by a company called eBlocs. Are you sure its a trojan and not a legit program with a few annoying options enabled (many programs have the option at installation of changing your homepage for example)? Nothing in Control Panel > Add/Remove programs for it?

Stinger doesn't have it under its list of targeted malware, so probably won't be of much use.

SpyBloc is a spyware program in the disguise of a spyware removal tool, so you need to get rid!

Can you see it in the add/remove programs menu (control panel). If so, remove it there.

How did you "delete everything you could" from your pc?

if, you have already run AdAware & Spybot Search & Destroy, with updated definitions, and are still having problems, tryHiJackThis (should be on download.com)

Installation instructions (i knabbed from another site):

Please follow these instructions, exactly, for proper HJT installation. Please place HJT into ITS OWN FOLDER.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. (C:\HJT\HijackThis.exe)Move HijackThis.exe into this folder. When you run HijackThis from C:\HJT folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary which is easily accessible.

Run the program, and press Scan. You will notice the Scan button will turn into a "Save Log" button. Save the log and Post that log into this topic.

Save the log and Post that log into this topic.
Log on its way...

http://www.1-87vehicles.org/images/Logging/KW_W900_Logging_LG.jpg

it's not, there's no-one driving.

Perhaps the driver is dropping off a log of his own in the smallest room?


:?

phil

PS: My coat is over there, i will go get it now..

Right!

Phil G i owe ya a few beers cos u got ridda the trojan itself nice one! pm me n i'll send em through lol!

I've got rid of spyblocs after having a small battle with it lol!

I've got rid of the free tool bar it gave me

only thing left is the stupid homepage that keeps loading up!!

It's "res://C:\WINDOWS\system32\shdocpl.dll/security.htm"

now i've deleted the "shdocpl.dll" file so now i just get a can't find page thing showing.... but I still can't change it back :x

I've tried doing a restore but that didn't work.....

Spybot, stinger and microsoft can't find fault with the homepage....

here is the log Mr Alex....

___________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 23:40:52, on 31/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svcnut.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\DllHost.exe
C:\Documents and Settings\Kyle\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\System32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocpl.dll/security.htm#subID=MPV;401
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpl.dll/asst.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut.exe home
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {3EDDC411-66C3-4CD0-BDF0-31DE4D0FAF96} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3EDDC411-66C3-4CD0-BDF0-31DE4D0FAF96} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE

_______________________________________________

also when i deleted the stuff I knew what i was deleting, so have no fear about that!

You really shouldn't have deletes the .dll file - It is needed.

What do you see of the homepage? Is it the "cannot find page" screen?
what happens when you try and change the homepage back? Does it simply revert back to what it was?
Have you tried changing the registry? Boot it in Windows "safe Mode"
then
Click start-->run --> Type "Regedit" and click ok.

Find
HKey_Current_User\Software\Microsoft\Internet Explorer\Main
in the right pane click on startpage.
Change this to whatever you want

also
HKey_Local_Machine\Software\Microsoft\Internet Explorer\Search
find search assistant and delete it or replace with something like the following
http://www.google.com/ie

Reset machine and boot normally.

This is a nasty thing to get rid of and so that may not work.

It looks like a variation of this:
http://www.pchell.com/support/onlythebest.shtml

go into "advanced tools" on microsoft anti-spyware and locate the "brower hi-jack restore"

i'm not sure if this just restores the settings, or also deletes the registry keys also !

worth a try

and also download mozilla firefox browser.

so far, this has been tested and is immune to hi-jacking

I've heard of it being hijacked.

Firefox is fantastic but at the end of the day the only reason in the past that it hasn't is that most people had IE and so the spyware programs were aimed at that. I expect soon enough they will realise that FF is becoming very popular and will start to develop more aimed at that. There isn't anywhere near as many loopholes in FF as microshaft products, but they will be there.

oh right

mines never been hi-jacked, and i read an article qouting that it was immune, so that's where i got the info from.

still is a fantastic free peice of software