What the hell am I to do about this annoying donkey that keeps interrupting me????????? I have been having a wee clean out on here tonight, particularly attempting to get rid of Limewire and its associated files. I am sick of my monthly allowance being used up because someone has left that little sucker open. I happened upon a thing called donkey, in one of my sons folders, stupidly clicked on it and now, the bloody donkey is popping up everywhere, asking dumb questions..........I dont know how to get rid, it is living in Windows prefetch........fuck me it just wanted to know if it could clear its e-mail!!!!!!!!! can anyone help??????

PLEASE!!!!!!!

What the hell am I to do about this annoying donkey that keeps interrupting me????????? I have been having a wee clean out on here tonight, particularly attempting to get rid of Limewire and its associated files. I am sick of my monthly allowance being used up because someone has left that little sucker open. I happened upon a thing called donkey, in one of my sons folders, stupidly clicked on it and now, the bloody donkey is popping up everywhere, asking dumb questions..........I dont know how to get rid, it is living in Windows prefetch........fuck me it just wanted to know if it could clear its e-mail!!!!!!!!! can anyone help??????

PLEASE!!!!!!!

I'm no expert but have you tried rightclicking on it and seeing if there is an option that will hide it or turn it off? To me it sounds like that annoying little paperclip that keeps appearing in word or excel and when you rightclick on it it gives you an option to "hide assistant"

Just a suggestion as once again I'm no expert

What Stickchick said. The answer probably lies in a simple right mouse click.

......fuck me it just wanted to know if it could clear its e-mail!!!!!!!!! can anyone help??????

it must have been there a while if its already got its own email account??

I can fix it "Norfland stylz" if you want Anne?

Assuming you're running Windows XP Service Pack 2, then download Microsoft Defender (http://www.microsoft.com/athome/security/spyware/software/default.mspx). Install it, run it, let it do a full system scan, and get rid of anything it suggests.

If that fails, download Hijack This! (http://www.merijn.org/files/HiJackThis_v2.exe). Save it somewhere, then run it. Get it to do a scan, save the logfile it produces, and post it up here. Send me a PM when you've done it to remind me. I'll tell you what you need to do.

Calm, deep breaths.........find son, take him to exterior of dwelling, lock door.





Right, do you know about spyware, trojans (no jokes please :D)? If not we'll help you.

I just did a quick Google and it might be a keylogger = bad but more likely a download accelerator, which you don't need. Do you have Kazza?

Limewire is fairly safe and you can block it from uploading if that helps. Apart from that, it only connects when it is open so should be closed when you are finished - not that children can see the point of that.

Keep us informed.

Thanks for all your suggestions guys, have tried the turn it off option, I can but it still lurks, Gordie if all else fails I will take you up on that offer, and Sanx you are a champ, I will do that and get back to you if I need too. It is kind of cute, but bloody annoying really!

Calm, deep breaths.........find son, take him to exterior of dwelling, lock door.





Right, do you know about spyware, trojans (no jokes please :D)? If not we'll help you.

I just did a quick Google and it might be a keylogger = bad but more likely a download accelerator, which you don't need. Do you have Kazza?

Limewire is fairly safe and you can block it from uploading if that helps. Apart from that, it only connects when it is open so should be closed when you are finished - not that children can see the point of that.

Keep us informed.

Yes I know about trojans and the like, this little baby has been sitting undisturbed since the end of March 2006, I have run my anti-spyware many times since then, just because I went hunting tonight and clicked on the properties of this sucker, it has become active. My beloved son did download Kazza ages ago, I made him get rid of it. Key looger????? NOOO!

I will try for the Defender thing or the Hijack thing, heaven help me. Let you know how I get along.

If you really want to nail it, hit Ctrl-Alt-Del to bring up the task manager. From what I remember about Windows, there should be an entry for it somewhere in the first tab. Right click on the entry, and click on `Go to process' or similar.

This will switch to the next tab with a process highlighted. Kill this task, I think you right click to do this.

I don't believe Windows supports init(8)-style context management, so once it's killed it can't restart itself. Then hopefully you can just delete the folder and be rid of the ass :)

I would go along with the suggestion to install HiJackThis. It can help with a number of browser hijack trojans etc. If you don't have them, download Spybot (www.spybot.info) and Ad-Aware (www.lavasoft.de), install and update them to latest definitions. Run them and see if they find anything.

You can stop it as a Process but it must be written into the registry to be running at all, so it'll still lurk. Probably an accelerator (quasi-trojan) associated with Kazza.

Download Windows Defender and run it.

Personally I also use Spybot and Adaware although some people now think Adaware is unnecessary.

The best solution is Hijack This to get rid of this particular beastie. But for general security the three above programs are worth installing.

As a matter of interest I've been using
Advanced WindowsCare Personal lately to tidy the registry and as added spyware protection. Run it on 4 different pcs and no-one has come screaming for my head.......yet. http://www.iobit.com/

I don't believe Windows supports init(8)-style context management, so once it's killed it can't restart itself. Then hopefully you can just delete the folder and be rid of the ass :)

No, Windows doesn't support that style of process management. However a trick that writers of dodgy software have perfected is having two or more processes that constantly monitor each other. Kill one, and it'll be restarted instantly by the others. Task Manager doesn't allow you to kill more than one process in a single operation, so unless you know how to script process killing, you're stuffed. That's where HijackThis comes in handy sometimes.

I would go along with the suggestion to install HiJackThis. It can help with a number of browser hijack trojans etc. If you don't have them, download Spybot (www.spybot.info) and Ad-Aware (www.lavasoft.de), install and update them to latest definitions. Run them and see if they find anything.

Thanks Rhino, I have both of those already installed and use them often to keep things clean.


No, Windows doesn't support that style of process management. However a trick that writers of dodgy software have perfected is having two or more processes that constantly monitor each other. Kill one, and it'll be restarted instantly by the others. Task Manager doesn't allow you to kill more than one process in a single operation, so unless you know how to script process killing, you're stuffed. That's where HijackThis comes in handy sometimes.

I have run Defender and it did not pick anything up, so now it is Hijack to the rescue, will let you know what it turns up.

Ok here is the log file from the Hijack scan, I can see donkey running on the report. This morning it wants to know what is for breakfast! Apparently it is really hungry.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:14:00 p.m., on 20/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Tirupx\Qhbrrks.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\donkey.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\anne\Local Settings\Temporary Internet Files\Content.IE5\H8OYTGBF\HiJackThis_v2[1].exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Yilorxd] C:\Program Files\Tirupx\Qhbrrks.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Sierra\Steam.exe -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\billmind.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm824YYNZ
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\hannah\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

And the rest of the report:

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 12470 bytes

Assuming you're running Windows XP Service Pack 2, then download Microsoft Defender (http://www.microsoft.com/athome/security/spyware/software/default.mspx). Install it, run it, let it do a full system scan, and get rid of anything it suggests.

If that fails, download Hijack This! (http://www.merijn.org/files/HiJackThis_v2.exe). Save it somewhere, then run it. Get it to do a scan, save the logfile it produces, and post it up here. Send me a PM when you've done it to remind me. I'll tell you what you need to do.

Not to fond of the former application but definitely can reccomend the later. Not for the faint hearted so take Sanx's advice and post the log to him.

Also a little dos file called kill.exe is bloody good at stopping those system processes that will not shut dow.

Get a copy of adaware or any other prog that does the same thing. gets rid of spyware and such.

Mr :shit:

Hi Mom,

OK. Run HijackThis again, and tell it to do a scan only. When the results list comes up, check the items I've highlighted in bold by clicking on the menu item. Then click "Fix Checked".

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Yilorxd] C:\Program Files\Tirupx\Qhbrrks.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxdm824YYNZ
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

There was more than one problem shown up by that log. The MyWebSearch plug-ins are adware / spyware, as is SurfAccuracy. The entry marked "Yilorxd" I must admit I don't recognise. However, the fact that googling comes up with nothing (not nothing useful, nothing) would tend to indicate that whatever it is, it's probably dodgy.

Let me know what results you have, and remember to reboot after you've clicked the Fix Checked button.

Just had a thought.

If you were getting rid of limewire at the time them obviously the kids were into peer P2P sharing.

There is/was a prog out there called eDonkey that was a P2P application. It may still be the remains of that showing up.

Mr :shit:

Thanks mate, I dont actually have time now to do this, but will when I get home from work, hope the ferkin donkey has fun while I am away!

Just had a thought.

If you were getting rid of limewire at the time them obviously the kids were into peer P2P sharing.

There is/was a prog out there called eDonkey that was a P2P application. It may still be the remains of that showing up.

Mr :shit:

Yeah thats what I thought too which is why I asked about Kazza. There is a donkey trojan associated with Kazza.

Its sounds like a donkey version of that horrible purple monkey.
If someone is in the area is sounds like that PC needs a good format and some decent spyware scanners.

Just had a thought.

If you were getting rid of limewire at the time them obviously the kids were into peer P2P sharing.

There is/was a prog out there called eDonkey that was a P2P application. It may still be the remains of that showing up.

Mr :shit:

As far as I know the Edonkey client doesnt have a donkey popping up in it, but then again I havnt used it for years.. Pretty much everyone uses Emule to access that network now.

iam sure i had a keyloger in my pc a few months ago...think it came from thailand....iam no expert ..but i did get a lot help from members,,ended up diching the the lot..reload windows xp.also put a good antivirus program called nod32,,,seems to work....no more trouble.....just my 2c....

Let me know what results you have, and remember to reboot after you've clicked the Fix Checked button.

Hi Sanx

Have just run the scan and deleted all the entries you marked apart from this one

O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

as it did not appear on my scan results this time. Is this a problem? I have rebooted the PC and here I am.

I have a question though, I have spy bot and ad-aware already loaded on here and use them often to keep my system as clean as I can, how come they have not picked up these other bugs that Hijack did?

The other thing I notice is that Donkey is still very much in evidence here, we have closed it so it does not run all the time, but it sits waiting till next time. I am wondering now if it is simply a little program that one of my lovelies (read brats!) has downloaded for a bit of fun and that it is infact harmless???

The reason I ask this is years ago I was once sent an email that I opened, it created a bird that used to sit on desktop icons and if you tried to click on it, it would take fright and fly off accross the monitor shitting as it went!!! After a few attempts to capture said bird my screen was covered in bird shit! I rang the bloke that sent it to me and he gave me instructions to close it down, never caused any damage, just was annoying as all get out.

Thanks for your help too, I really appreciate it!

It's hard to say why some spyware apps do not get detected by the very programs we trust to pick 'em up. However, it sometimes has to do with the spyware company suing because Ad-Aware or whoever claims its programs are evil. Certainly been instances of this before. HijackThis doesn't actually detect spyware - it lists things that potentially could be spyware. The items highlighted for you to fix were highlighted by me manually, not the program.

So, as for your machine. don't worry about SurfAccuracy. If it's already gone, that's good. As for the donkey program - it could be that it's completely harmless, it's just a pain in the rear. I take it it doesn't start automaitcally; you have to click it each time? Obviously, you can can simply delete it and it'll go away then.

If it does start automatically at startup, you can remove it thusly:

Start Menu>Run

type msconfig.exe

Hit [RETURN]

The far right tab is called "STARTUP" Click this.

See if you can find anything with donkey on the list. Uncheck the tick.

You will have to restart the system and it will come up with a dialog box at startup which you can okay.

Hope it helps.

Hope it helps.


All advice helps.........thanks!

.......I was once sent an email that I opened, it created a bird that used to sit on desktop icons and if you tried to click on it, it would take fright and fly off accross the monitor shitting as it went!!! After a few attempts to capture said bird my screen was covered in bird shit! I rang the bloke that sent it to me and he gave me instructions to close it down, never caused any damage, just was annoying as all get out.


I used to have a small cat, cute as all get up, it would appear through a catdoor on the screen, walk around, and was generally a mild diversion.

And it was spyware. No big deal, probably didn't do any harm - but I'll never know.

Can you delete it through Control Panel - Add/Delete Programs?

Your pc should be secure with what you have. I'd suggest that the children are innocently clicking on things and installing stuff. The Tea Timer in Spybot should stop this - is it active?

I used to have a small cat, cute as all get up, it would appear through a catdoor on the screen, walk around, and was generally a mild diversion.

And it was spyware. No big deal, probably didn't do any harm - but I'll never know.

Can you delete it through Control Panel - Add/Delete Programs?

Your pc should be secure with what you have. I'd suggest that the children are innocently clicking on things and installing stuff. The Tea Timer in Spybot should stop this - is it active?
Configure your kids accounts on the PC to not be admins, that way they cant install shit :-P

Or go overboard like me, install a 2003 server at home, join all the pc's to the domain and use group policy to control your childrens lives.. muhahahaha.

... And once you have this problem sorted go find CyberNanny or a similar service to restrict his future access to porn, music sharing, gambling, chatrooms, or whatever suits; and monitor where your little darling is websurfing to while you're not looking over his shoulder.

CyberNanny isn't foolproof but it seems to be as good as any according to the web search I did when attempting to solve a similar problem. My biggest concern wasn't bandwidth usage, it was virus risk of some of the dodgy sites that teenagers tend to frequent. CyberNanny also gives warnings on the worst risk sites, which definitely includes "Morpheus" if you're interested.

Best of luck,