Surfairy found as spyware?

  Rhuddlan 01:35 10 Feb 05
Locked

When I scan my system with ad aware and spybot it find Surfairy. Ad aware finds Surfairy and spybot finds Divago Surfairy. Have got these two programs up to date as well as spywareblaster, and my firewall ZA and anti virus software AVG are both up to date, have sp2 on xp home and all the MS updates. Have heared of this before, but can't remember how I got rid of it last time, spybot couldn't fix the problem but will scan the system again at the next startup, anyone help?

  AndySD 02:17 10 Feb 05
  Rhuddlan 15:52 10 Feb 05

Hi there, Andy SD, thanks for the link, but PestPatrol which apprantley can remove it isn't a free program and I'm not paying for it, and when I tried typing the commands in the command promt window, it couldn't find the specified file. Searched the hard drives and found three files, one a PP file, the other settings and dll ones, have deleted the three and ran regseeker, but that found nothing. Also in the registry that key wasn't present, there where no Surfairy key's, any other ideas?

  groundhog 17:29 10 Feb 05

This program is a Browser Help Object
An excellent anti spyware tool for dealing with BHO's and for general info is Hijackthis (free)

try this link click here

  VoG II 17:32 10 Feb 05
  Rhuddlan 20:17 10 Feb 05

Logfile of HijackThis v1.99.0
Scan saved at 20:09:54, on 10/02/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\WGP\wgp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Mathew\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = click here
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - (no file)
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [WinGuard Pro] C:\Program Files\WGP\wgp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=click here
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - click here
O17 - HKLM\System\CCS\Services\Tcpip\..\{582AC6AE-BC04-4753-927D-96544DAA6D68}: NameServer = 195.92.195.95 195.92.195.94
O17 - HKLM\System\CS1\Services\Tcpip\..\{582AC6AE-BC04-4753-927D-96544DAA6D68}: NameServer = 195.92.195.95 195.92.195.94
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server - Unknown - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Any to get rid of?

  Rhuddlan 20:17 10 Feb 05

Thanks for the link VOG, but I have already been on this site and followed the instructions without success

  gudgulf 21:52 10 Feb 05

click here



click here


Removal instructions...remember to look in add/remove programs first.Then try manual removal if there is no entry there (or it doesn't work).

  Nellie2 22:23 10 Feb 05

There is nothing to 'fix' in your hijack log... if gudgulf hadn't already posted those links then that is the way I would have gone with this one too!

  Rhuddlan 22:26 10 Feb 05

Hi, have followed the instructions on the links and again the command promt can't find the specified file, there is no entry in the registry or in add/remove programs. Any other ideas?

  Nellie2 22:35 10 Feb 05

Are you running any software that is designed to stop changes to your system, like Spybots Teatimer. If you are then disable it, then run adaware and spybot again and see if they can fix the problem this time

This thread is now locked and can not be replied to.

Amazon Fire HD 8 review: A brilliant combination of function and value – with one massive caveat

1995-2015: How technology has changed the world in 20 years

How to create an introvert-friendly workplace

Apple Watch 2 review | Apple Watch Series 2 review: New Apple Watch is faster, brighter, water-resit…