gspot.exe and drsmartload.exe keep bugging me...

pukenerampa · 06-01-2006, 03:00 AM

I just keep searching over the net and i can't find a method or tool to remove this stuff. i have installed spybot search and destroy, avg, adaware and even spyware doctor doesnt help me. please can someone help me to get rid of these?

Zap · 06-01-2006, 03:50 AM

Can you run hijackthis! and post your log in the hijackthis! thread?

**G10** · 06-01-2006, 04:14 AM

http://www.symantec.com/avcenter/ven....spigot.b.html

Also, try this: http://housecall.trendmicro.com/ but run it in IE

See where that gets you.

pukenerampa · 06-01-2006, 04:42 AM

ok ill make a hijack log post here later

Quote:

Originally Posted by G10

http://www.symantec.com/avcenter/ven....spigot.b.html

just followed it.. but i dont see it in my procesess and registry...(i dont use norton just avg)

AVG detects it always then after I restart my PC gspot.exe is their again and it will detect again by AVG

pukenerampa · 06-01-2006, 09:30 AM

Hi thanks in advance, this is my hijack

please teach me how to stop gspot.ece or other virus.
i have finish the trend micro online scan and it is still here.

Logfile of HijackThis v1.99.0
Scan saved at 12:26:59 AM, on 6/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

samer · 06-02-2006, 07:22 AM

for information on processes check this out:

http://whatisthatfile.com/
http://whatsrunning.net/

good day.

pukenerampa · 06-02-2006, 08:02 AM

heres an image of the virus that keeps bugging me.

**G10** · 06-02-2006, 08:28 AM

See if you can get that baby booted up in safe mode and then run a full hdd virus scan in safe mode and see what happens.

Also, disable 'System Restore' as viruses usually bury themselves in there so as to escape full deletion.

Re-enable it when you have finished.

pukenerampa · 06-03-2006, 02:21 AM

hi g10. thanks for helping me. i tried to do what you have just tell me but it doesnt remove the darn gspot.exe.

boot to safemode.
scan my pc with avg 7.1, spybot search destroy and adaware.

Still it bugs me when i connect to the internet. is their any other option?? I dont like to format my hardisk

thanks in advance.

**G10** · 06-03-2006, 03:40 AM

This seems like a bad-ass judging by the research I have been doing.

Try this link - I can't actually test that link myself as I am on my gf's 40k dial up but it seems like it may help.

Something worth trying may be to take your hdd out of your system and put it as a slave on another system with a good AV on it and scan it as a secondary hdd. At least you don't have to format it if you do it this way.

Are you running some kind of peer-to-peer download software?

If so, get yoursel a decent antivirus product like Mcafee v10 etc as though the free ones are good, they are free for a reason, I don't care what anyone says.

pukenerampa · 06-03-2006, 04:53 AM

hi G10... thanks again for your reply and research... yes i use limewire to download mp3's.

i also downloaded prevx1 but it has payment so i uninstall it to my pc. the last option is to make my hardisk slave. thank you so much G10.

Zap · 06-07-2006, 09:19 AM

@Puken: Sorry for the delay.

From your hijackthis! log, you can get rid of...

O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing)
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing)
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/KeyCrypt/npkcx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Command Service - Unknown - C:\WINDOWS\S2Ftb3RlIEthbGFtYW5zaQ\command.exe (file missing)
O23 - Service: FileZilla Server FTP server - Unknown - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: mysql - Unknown - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %ProgramFiles%\WinPcap\rpcapd.exe (file missing)

Removing the entries with "C:\Program Files\xampp" in them will put an end to your file sharing days, but I think that might be what got you into trouble in the first place. You can leave them in if you want to continue with the file sharing, but just keep in mind that it usually opens up a can of worms that you don't want.

Again, sorry for the delay. Life has been hectic lately.

pukenerampa · 06-08-2006, 03:13 AM

Just reformated my pc earlier

**G10** · 06-08-2006, 03:28 AM

Quote:

Originally Posted by pukenerampa

Just reformated my pc earlier

Not sure if that will do it.

This kind of virus is known to go airborne until and when the host has been formated, it then re-enters the host drive again

It was at this point that pukenerampa realised that G10 actually had no knowledge of pc's whatsoever and was actually typing his messages from the computer hidden deep within the asylum for the mentally insane

pukenerampa · 06-08-2006, 04:22 AM

OHHH MY???!!!!!!

what kind of virus is that!!

pukenerampa · 06-09-2006, 02:01 AM

MY Computer Seems OK today.. dont want to install limewire anymore. My PC is more faster now.