Slyck.com
 
Slyck Chatbox - And More

ares warez removal

Discussion about the Ares/Warez P2P program
Forum rules
PLEASE READ BEFORE POSTING: Slyck Forum Rules

ares warez removal

Postby kaiser4902 » Sat Sep 06, 2008 3:15 am

hi

I am trying to remove a box that come up whenever I restart my computer. I tried to install ares, and I seem to have warez. I have tried all that i know to remove it but i still seem to have it. (reg mechanic, XoftSpy)

The bow has a distinctive blue header with white and yellow chinese writing and many questions marks including CPU50% MEEE??2.0.

I would greatly appreciate any help

Cheers

K
kaiser4902
 
Posts: 4
Joined: Sat Sep 06, 2008 2:55 am

Re: ares warez removal

Postby HouseCrowd » Sat Sep 06, 2008 5:07 am

To start with, the best way would be to try to identify what the process is that is running at startup.

Go to Start > Run and type in msconfig. Click Ok, go to the Startup tab and try to identify it in there. If you're not sure which it is, try unselecting items then reboot. Repeat until you find which one it is.

If you find it and are unsure how to remove it permanently, post back with the details.

Alternatively, run Hijackthis and post a log here.
There are 10 types of people in the World; those who understand binary, and those who do not.
User avatar
HouseCrowd
 
Posts: 33862
Joined: Mon Oct 13, 2003 4:18 am
Location: UK

Re: ares warez removal

Postby Lee1001 » Sat Sep 06, 2008 5:26 am

Try resetting your screensaver,and/or run a scan with Malwarebytes
Lee1001
 
Posts: 670
Joined: Tue Mar 07, 2006 6:12 am

Re: ares warez removal

Postby EvilWizardGlick » Sat Sep 06, 2008 6:30 am

Open the RUN box and type in MSCONFIG to see what is loaded at startup. If you don't see it there open Taskmanager and check the processes, if you know what normally loads. If you see a process running you don't recognize go to administrative tools/services and stop the process then disable it.

Dangerous if you don't know what is being loaded.
If that doesn't work, open regedit (RUN box and type in REGEDIT) hkey current user/software/Microsoft/windows/current version/ run (and run once) see what is loading. backup your registry and delete the entry IF you identified it correctly.
Or download HIJAACTHIS and run it. Identify what is being loaded and delete any unwanted entries. Or save the log and post it to one of many Hijaacthis forums.
EvilWizardGlick
 
Posts: 306
Joined: Wed Oct 18, 2006 1:49 pm

Re: ares warez removal

Postby TorrentMama » Sat Sep 06, 2008 12:04 pm

Lee1001 wrote: run a scan with Malwarebytes


+1 - this worked to rid a friend of a similar problem
Lionel Hutz, court-appointed attorney. I'll be defending you on the charge of... Murder One! Wow! Even if I lose, I'll be famous!
User avatar
TorrentMama
 
Posts: 2827
Joined: Wed Aug 16, 2006 3:42 pm

Re: ares warez removal

Postby kaiser4902 » Mon Sep 08, 2008 11:34 am

Hi does this help?

Thanks


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:32:44, on 08/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Asset Services Management\eSMARTUM.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Asset Services Management\ASMAgent.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\Skype\Skype.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ansys JobManager Service V11 (JobManagerService110) - Ansys, Inc - C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Ansys ScriptHost Service V11 (ScriptHostService110) - Ansys, Inc. - C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Stormser - ???? - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 4884 bytes
kaiser4902
 
Posts: 4
Joined: Sat Sep 06, 2008 2:55 am

Re: ares warez removal

Postby Tyranoth » Mon Sep 08, 2008 11:58 am

C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe

I think that might be your problem. Not 100% sure tho, good luck!

http://www.baidumsg.com/Howtoremove/How ... 61917.html
Esoteric Apatheia
User avatar
Tyranoth
 
Posts: 207
Joined: Tue Jan 29, 2008 2:18 pm

Re: ares warez removal

Postby kaiser4902 » Tue Sep 09, 2008 11:49 am

hi.. No I don't think it is. I think that belongs to Ringz Studio. A music player, Stormser.

Does anyone have any further ideas.

Thanks
kaiser4902
 
Posts: 4
Joined: Sat Sep 06, 2008 2:55 am

Re: ares warez removal

Postby TorrentMama » Tue Sep 09, 2008 12:20 pm

already mentioned this --- but did you run malwarebytes? find it one download.com probably...
Lionel Hutz, court-appointed attorney. I'll be defending you on the charge of... Murder One! Wow! Even if I lose, I'll be famous!
User avatar
TorrentMama
 
Posts: 2827
Joined: Wed Aug 16, 2006 3:42 pm

Re: ares warez removal

Postby kaiser4902 » Thu Sep 11, 2008 6:56 am

malware byte seems not too have found anything. I scanned using Mcafee 8.5i again and it has deleted a few trojan files linked to storm codecs... So hopefully that's it.

Thanks very much

K
kaiser4902
 
Posts: 4
Joined: Sat Sep 06, 2008 2:55 am


Return to Ares/Warez P2P

Who is online

Users browsing this forum: No registered users and 1 guest

© 2001-2008 Slyck.com