system
1
Hello everyone,
I am in desperate need of help! Last night, when I turned on my computer, it started acting very strange. Every 10-15 minutes an Avast Warning kept popping up, saying an Adware was detected. I moved each file to the chest, then ran the scan on Avast, Adware, Disc Cleanup, and CCleaner. Also, after browsing this forum, I scanned my computer with Ewido. The thing keeps coming back… I’m a little lost at what to try next. I’m using WindowsXP and the 4.7 version of Avast.
Here’s the log view for the last two days.
3/19/2007 6:42:15 PM SYSTEM 1344 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\WINDOWS\system32\rlxf.dll” file.
3/19/2007 6:42:32 PM SYSTEM 1344 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\WINDOWS\system32\ActiveToolBand.dll” file.
3/19/2007 6:43:57 PM SYSTEM 1344 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os15.tmp\DOMPilot.dll” file.
3/19/2007 6:54:33 PM SYSTEM 1344 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os17.tmp\DOMPilot.dll” file.
3/19/2007 7:13:52 PM SYSTEM 1344 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os1A.tmp\DOMPilot.dll” file.
3/19/2007 7:24:48 PM SYSTEM 1344 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os1C.tmp\DOMPilot.dll” file.
3/19/2007 7:37:45 PM SYSTEM 1344 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os1F.tmp\DOMPilot.dll” file.
3/19/2007 7:48:26 PM SYSTEM 1344 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os21.tmp\DOMPilot.dll” file.
3/19/2007 7:49:10 PM SYSTEM 1344 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os21.tmp\DOMPilot.dll” file.
3/19/2007 7:59:40 PM SYSTEM 1344 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os23.tmp\DOMPilot.dll” file.
3/19/2007 9:31:15 PM SYSTEM 1344 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os25.tmp\DOMPilot.dll” file.
3/19/2007 9:42:09 PM SYSTEM 1344 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os27.tmp\DOMPilot.dll” file.
3/19/2007 9:53:22 PM Inna 3300 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\WINDOWS\system32\ActiveToolBand.dll” file.
3/19/2007 9:53:41 PM SYSTEM 1344 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os29.tmp\DOMPilot.dll” file.
3/19/2007 9:55:47 PM Inna 3300 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\WINDOWS\system32\silc_dll.dll” file.
3/19/2007 9:56:00 PM Inna 3300 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\WINDOWS\system32\trz2A.tmp” file.
3/19/2007 10:05:58 PM SYSTEM 1344 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os34.tmp\DOMPilot.dll” file.
3/19/2007 10:06:32 PM Inna 3300 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\Documents and Settings\Inna\Local Settings\Temp~os34.tmp\DOMPilot.dll” file.
3/19/2007 10:26:39 PM SYSTEM 1344 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os37.tmp\DOMPilot.dll” file.
3/19/2007 10:37:22 PM SYSTEM 1344 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os46.tmp\DOMPilot.dll” file.
3/19/2007 10:40:20 PM Inna 3300 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\System Volume Information_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP166\A0069620.exe” file.
3/19/2007 10:40:30 PM Inna 3300 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\System Volume Information_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP167\A0069667.dll” file.
3/19/2007 10:40:34 PM Inna 3300 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\System Volume Information_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP167\A0069736.dll” file.
3/19/2007 10:40:37 PM Inna 3300 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\System Volume Information_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP167\A0069737.dll” file.
3/20/2007 7:35:26 PM SYSTEM 1364 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os7.tmp\DOMPilot.dll” file.
3/20/2007 7:46:29 PM SYSTEM 1364 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~osA.tmp\DOMPilot.dll” file.
3/20/2007 7:56:56 PM SYSTEM 1364 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~osC.tmp\DOMPilot.dll” file.
3/20/2007 8:07:21 PM SYSTEM 1364 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~osE.tmp\DOMPilot.dll” file.
3/20/2007 8:17:46 PM SYSTEM 1364 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os10.tmp\DOMPilot.dll” file.
3/20/2007 8:28:14 PM SYSTEM 1364 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os13.tmp\DOMPilot.dll” file.
3/20/2007 8:29:57 PM SYSTEM 1364 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\Recycled\Dc1.dll” file.
3/20/2007 8:40:18 PM SYSTEM 1364 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os15.tmp\DOMPilot.dll” file.
3/20/2007 8:50:55 PM SYSTEM 1364 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os17.tmp\DOMPilot.dll” file.
3/20/2007 9:12:53 PM SYSTEM 1364 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os2E.tmp\DOMPilot.dll” file.
3/20/2007 9:23:30 PM SYSTEM 1364 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os30.tmp\DOMPilot.dll” file.
3/20/2007 9:34:11 PM SYSTEM 1364 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os32.tmp\DOMPilot.dll” file.
3/20/2007 9:44:41 PM SYSTEM 1364 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os36.tmp\DOMPilot.dll” file.
3/20/2007 9:55:06 PM SYSTEM 1364 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\DOCUME~1\Inna\LOCALS~1\Temp~os38.tmp\DOMPilot.dll” file.
Looks really scary. 
Any help would be appreciated. Thank you.
If a virus is replicant (coming and coming again), you should:
-
Enable/Disable System restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k.
-
Clean your temporary files. You can use the Windows Advanced Care features for that.
-
Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).
-
It will be good if you download, install, update and run other trojan remover tools: a-squared and/or Free AVG Antispyware (trojan removers). Some users recommend SUPERantispyware or Spyware Terminator.
-
Use the immunization of [url=http://SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.
Hi IcyLady,
Follow the instructions here for the removal of MarketScore:
Uninstall the spyware
You should try this method first. It uses the hidden uninstall feature of the spyware.
Follow the instructions for your operating system.
* Windows 95/98/Me
1. Click Start > Run.
2. Type the following and press the Enter key after typing each one:
command
"%WinDir%\SYSTEM\NSCheck.exe" /uninstall
* Windows NT/2000/XP
1. Click Start > Run.
2. Type the following and press the Enter key after typing each one:
cmd
NSCheck /uninstall</blockquote>
http://www.symantec.com/security_response/writeup.jsp?docid=2004-042117-5317-99&tabid=3
Go to Start>Control Panel>Add/Remove Programs and uninstall any entries for the following:
HiTrust
ActiveToolBand
In addition, check ever entry in Add/Remove carefully: if it’s not something you recognise, Google the name: if you see a report that it is adware or spyware, read about the risks and consider removing it.
Also run scans with the following:
a-Squared Free:
http://www.emsisoft.com/en/software/free/
Spybot Search & Destroy:
http://www.safer-networking.org/en/download/index.html
Come back and tell us if the situation improves!
system
4
Wow, it worked! 
Thank you very much for your help, guys. I’ve tried everything of the above, but I think only Spybot was able to fix the problem. After I ran a Spybot boot scan, my computer has been running soooo fast. The warning hasn’t popped up in about an hour and a half. I know it’s not long, but considering it used to pop up every 15 minutes, it’s much better now. I think it’s all fixed now. Or at least I hope it is.
Thank you again,
~IcyLady.
Glad you’ve solved, IcyLady.
Welcome to avast forums and feel free to come back any time you need help.
Keep protected, keep safe 8)
system
6
I am having the same problems. Did you pay for Spybot? I thought it was free and then they were trying to sell PC Doctor or something. Are there any free ones? :
Spybot Search and Destroy is free for home use, as are all the programs mentioned in this thread: Ad-Aware, AVG Anti-Spyware, a-Squared, SpywareTerminator and SuperAntiSpyware.
SpywareDoctor from PC Tools is not free. It has a free trial but won’t remove malware found.
http://www.pctools.com/
Make sure you are not looking at a scam page trying to sell knock-off programs with similar names that won’t work or may even charge money for doing nothing.
The links in this thread are good: be careful when Googling because the scams can come up. Searching for ‘Spybot’ especially produces lots of scam links.
Here’e the link for Ad-Aware:
http://www.download.com/3000-2144-10045910.html
Besides Spybot and Ad-aware, I suggest that you download, install, update and run other trojan remover tools: a-squared and/or Free AVG Antispyware (trojan removers). Some users recommend SUPERantispyware or Spyware Terminator.
You can use the immunization of [url=http://SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.
All these programs have free versions.
