On starting computer icon comes up on bottom toolbar Spenser NK- Looks like a anti virus program but I do not know how it got there or if it is safe/
Thanks Dani
Hi danihart01,
Information on this: http://forums.majorgeeks.com/showthread.php?t=185476
Get hjt 2.0.2 here: http://www.filehippo.com/download_hijackthis/download/58170ee6e58bba306c943f5b6d745c99/
and give us your hjt logfile txt in additional options attached to your next posting,
Also get this program here, but do nothing with it yet:
http://www.novell.com/coolsolutions/tools/downloads/BHORemover.zip
BHO Remover is the tool to remove unwanted browser helper plugin objects from your system. Internet Explorer provides the feature called Browser Helper Object through which one can extend its functionality. However, this technique is being misused by many spyware programs which monitor your browsing habits and also record your credentials for websites you visit. They also slows down your system considerably.
BHO Remover tool allows you to quickly scan your machines for all installed BHOs, then displays them along with other important details which can help you to quickly identify bad BHOs and kick them off,
polonus
wow Lot of procedures on forum -geeks Not sure what to do first . Or do I download Hijack this first and do free scan?
Please help amateur Dani
Hi danihart01,
Launch HJT and I will analyze the logfile, then we have a look what to do with BHOremover,
The other link was just for evaluating the problem,
So waiting for your added HJT logfile txt,
pol
Hi,
Have posted. Is that satisfactory?
Thanks
Hi danihart01,
First what you should and can fix using HijackThis
Fix
O2 - BHO: (no name) - {5BA7CC49-EC4D-AEB2-C9EF-E8EBB79D10FF} - C:\DOCUME~1\Owner\APPLIC~1\ADMINE~1\Okayway.exe (file missing)
Safety Rating: Known Adware, do not runAdware Family: Part of Adware group - Adware LopMalware Form: EXPLOIT Nasty (2.99 / 5.00)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Safe,
but is empty, so if you do not want this anymore fix, while unnecessary (deactivated) entry that can be fixed. This entry was classified from as good.
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll Must be fixed! ViewBarBHO.dll ViewPoint toolbar
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing) Neutral, but better fix as unwanted.
Unnecessary (deactivated) entry that can be fixed. ASKTBAR.DLL - Ask_Jeeves, hxtp://toolbar.ask.com/ toolbar, - see this_note, http://www.benedelman.org/spyware/instal lations/askjeeves-banner/
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing) Neutral Unnecessary (deactivated) entry that can be fixed. ASKTBAR.DLL - Ask_Jeeves, hxtp://toolbar.ask.com/ toolbar, - see this_note, http://www.benedelman.org/spyware/instal lations/askjeeves-banner/
O4 - HKLM..\RunOnce: [SpybotDeletingA5910] command /c del “C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL” a5popswt.dll isa process registered by AskTBar - Nasty (2.15 / 5.00)
O4 - HKLM..\RunOnce: [SpybotDeletingC8082] cmd /c del “C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL” Nasty (2.31 / 5.00)
O4 - HKLM..\RunOnce: [SpybotDeletingA269] command /c del “C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL” Nasty (2.21 / 5.00)
O4 - HKLM..\RunOnce: [SpybotDeletingC4446] cmd /c del “C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL” Nasty (2.32 / 5.00)
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\Owner\Application Data\Smilebox\SmileboxTray.exe" Check this at Virustotal.com else Fix.
O4 - HKCU..\RunOnce: [SpybotDeletingB7166] command /c del “C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL” Nasty (2.31 / 5.00)
O4 - HKCU..\RunOnce: [SpybotDeletingD6526] cmd /c del “C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL” Nasty (2.31 / 5.00)
O4 - HKCU..\RunOnce: [SpybotDeletingB7349] command /c del “C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL” Nasty (2.32 / 5.00)
O4 - HKCU..\RunOnce: [SpybotDeletingD3063] cmd /c del “C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL” Nasty (2.32 / 5.00)
A survey of you active tasks running:smss.exe
System Task
Session Manager Subsystem
winlogon.exe
System Task
Microsoft Windows Logon Process
services.exe
System Task
Windows Service Controller
lsass.exe
System Task
Local Security Authority Service
svchost.exe
System Task
Microsoft Service Host Process
svchost.exe
System Task
Microsoft Service Host Process
svchost.exe
System Task
Microsoft Service Host Process
Explorer.EXE
System Task
Microsoft Windows Explorer
aswUpdSv.exe
Virusscan
Avast Anti-Virus Component
ashServ.exe
Virusscan
Avast
hpsysdrv.exe
Application
Hewlett-Packard Monitoring Tool
hkcmd.exe
Application
Intel multimedia devices
spoolsv.exe
System Task
Microsoft Printer Spooler Service
hphmon05.exe
Application
Hewlett Packard Card Reader
hpcmpmgr.exe
Application
HP Component Manager
iHPDetect.exe
Backgroundtask
iHP-100 Drive Letter Search App.
igfxtray.exe
Application
Intel Graphics configuration and diagnostic application
jusched.exe
Backgroundtask
Sun Java Update Scheduler
KBD.EXE
Backgroundtask
Multimedia keyboard manager.
GoogleUpdate.exe
Backgroundtask
GoogleUpdate.exe
GoogleUpdate.exe
Backgroundtask
Google Updater
apdproxy.exe
Application
Adobe Photoshop Album
HPWuSchd.exe
Backgroundtask
HP software updates.
ashDisp.exe
Virusscan
Avast AntiVirus
point32.exe
Application
Microsoft Intellimouse Monitor
rundll32.exe
System Task
Microsoft Rundll32
iTunesHelper.exe
Application
Apple Itunes
mnyexpr.exe
Backgroundtask
Microsoft Money Express
PCHButton.exe
Backgroundtask
Hewlett-Packard Instant Support Software
Skype.exe
Backgroundtask
Skype Internet Telephoney
PhotoshopElementsFileAgent.exe
Backgroundtask
Adobe Photoshop Elements
MySpaceIM.exe
Backgroundtask
MySpace Instant Messenger
AppleMobileDeviceService.exe
Backgroundtask
Apple Mobile Device Service
mssysmgr.exe
Backgroundtask
PhotoShow Deluxe Media Manager
ymsgr_tray.exe
Backgroundtask
Yahoo! Messenger Server Traybar
mDNSResponder.exe
Backgroundtask
Bonjour for Windows Component
wcescomm.exe
System task
Microsoft ActiveSync Connection Manager
WMPNSCFG.exe
Backgroundtask
Windows Media Player Network Sharing Service Confi
btwdins.exe
System task
Microsoft Bluetooth Service
ctfmon.exe
System task
Alternative User Input Services
PCSuite.exe
Backgroundtask
Nokia PC Suit
rapimgr.exe
Backgroundtask
Microsoft ActiveSync Module
svchost.exe
System task
Microsoft Service Host Process
jqs.exe
Backgroundtask
jqs.exe
hpqtra08.exe
Backgroundtask
Hewlett Packard Imaging
NetMDSB.exe File NetMDSB.exe is located in a subfolder of “C:\Program Files”. Known file sizes on Windows XP are 782,336 bytes (50% of all occurrence), 749,568 bytes, 684,032 bytes.
There is an icon for this program on the taskbar next to the clock. The program has a visible window. It is not a Windows core file. NetMDSB.exe is able to hide itself, monitor applications, record inputs. Therefore the technical security rating is 16% dangerous, however also read the users reviews. Could check at VirusTotal.com whether this is the genuine file…
Unknown task
svchost.exe
System task
Microsoft Service Host Process
symlcsvc.exe
Firewall
Norton Internet Security Suite
ashMaiSv.exe
Virusscan
Avast Anti-Virus Component
ashWebSv.exe
Virusscan
avast! Web Scanner
iPodService.exe
Backgroundtask
Apple iTunes
ServiceLayer.exe
Backgroundtask
Nokia Connectivity Library
NclUSBSrv.exe
Backgroundtask
Nokia USB Media Server
NclIrSrv.exe
Backgroundtask
PC Connectivity Solution
SkypePM.exe
Backgroundtask
Skype Extras Manager
jucheck.exe
Backgroundtask
Sun Java UpdateChecker Module
OUTLOOK.EXE
Application
Microsoft Outlook
WINWORD.EXE
Application
Microsoft Word
iexplore.exe
Application
Microsoft Internet Explorer
ashSimpl.exe
Virusscan
Virus scanner
ViewMgr.exe
Application
ViewPoint Media Player
ViewpointService.exe
Backgroundtask
View Manager Service
HPZipm12.exe
Driver
HP Taskbar Utility
HijackThis.exe
Application
Hijackthis 2.0.2
That is it,
polonus
Thanks Polonus,
Have removed suggested items and will see if that works
Hi Polonus,
Had HiJack this Fix entries suggested except 04 Smilebox tray.Shutdown and restarted computer but unfortunately Spenser NK icon is still in tray
Thanks
Hi ,Checked smilebox tray exe with virustotal and result showed 0/40
Thanks
Hi danihart01,
Well you computer is cleansed, if you wanna get rid of the Spenser NK icon, I did inform and will tell you in an upcoming posting, at least it can do no harm as far as I concluded,
polonus
Thanks, That would be appreciated .It is quite late here so will shutdown for the night and check tomorrow
Cheers
This appears to be new, is there an entry for it in add/remove ?
Please download Malwarebytes’ Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Hi ,
There is no entry in add/ remove and can only close it in status not disable
Thanks
Hi
Have done scan with malware and copied log.
Restarted computer and nk icon still coming up in bottom tool bar?
Thanks
alwarebytes’ Anti-Malware 1.36
Database version: 1973
Windows 5.1.2600 Service Pack 3
13/04/2009 2:37:18 PM
mbam-log-2009-04-13 (14-37-18).txt
Scan type: Full Scan (C:|D:|)
Objects scanned: 268999
Time elapsed: 3 hour(s), 12 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcrwqj0egep (Rogue.AntivirusXP2008) → Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
morning Polonus
Has anyone else seen this spenser nkl? and what do Ido from here?
Thanks 
Hi danihart01,
Well the only link I could google up is in my first reply. We just have to wait what the co-malware fighters from geek2go come up with. I am also anxious about how “essexboy” is going to tackle this.
What is the information on the icon, right click on it and then go all the way down, what info does this turn up?
polonus
Hi Polonus,
When I right click the whole view comes up and not the normal scroll down written info.
Top task bar has "general "on the left and "mode "on the right with an activity circle next to it
Then Drives with selector box next to it.Green arrow and advanced box.
Instructions uderneath
1.minimise me while you working
2.For advanced option turn to mode advanced.
3.When you finish just safe remove the pen
If it hard to remove pen,Pause me for five seconds
Then :Spenser NK developed by Pandula Gayaba
E:mail Kalupahana 11@gmail.com
St Mary’s College Grade 12 Maths 2008
Read my message box on left
This is what comes up -very strange
Thanks
A HijackThis log would help:
http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
Have used hijack this at the beginning- is this something different
Thanks
Hi ,
Has anyone got any info about spenser Nk. Can I safely use the internet. It is troubling me greatly not knowing how to remove this thing from my taskbar nad computer
Please help
Thanks