Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Trojan-Spy.win32@mx

  1. #1
    gallier Guest

    Default Trojan-Spy.win32@mx



    Have following malware on my pc :trojan-spy.win@32. It changes the homepage address on IE and send unwanted information even when the browser is not active. It also prevents to update the anti-virus database on ZoneAlarm.
    Could anyone supply some usefull information as how to get rid of this pestfile ? Thanks !

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Antivirus
    Software Version:7.0

  2. #2
    naivemelody Guest

    Default Re: Trojan-Spy.win32@mx

    You've got problems. Best thing to do whenever something like this happens, google, the malware and see what's going with it. I googled and found
    - http://precisesecurity.com/adware-spy/aw-tswm.htm
    , which looks like a good solution, it has detailed instructions which you can follow. But, do not link to any of the "Ads Google" ads for spyware removal/scanner/ for free= those are bad. In fact don't link to Ewido antispyware there, type and get Ewido=
    http://www.ewido.net/en/product/

    yourself, install it (by the way Ewido is now AVG Anti-Spyware - free version is 7.5.050). You also mentioned, pop-ups on your pc, do not click them on, no matter how annoying they are now; get rid of the root cause of the pop-ups. Important thing to do, check out - http://www.spywarewarrior.com/rogue_...ware.htm#sites
    =bookmark this site or put it in your 'Favorites' list, this is an invaluable site to have. And check out the chapter ' If your PC is infested w/spyware...
    ' = and follow some of the recommendations there.
    Another nice site to know, is - www.firewallguide.com
    - harden your Windows, read comparitives/test reviews/ etc. Most of my recommendations are on a simplistic and generalized mode, there are more advanced methods and sites; but I'm not too well versed with them. :8}NaiveMelody NYC 2-18-07~10:40pm e.s.t. - Takin' care of business - Bachman-Turner Overdrive

    Message Edited by NaiveMelody on 02-19-200708:11 PM

  3. #3
    gallier Guest

    Default Re: Trojan-Spy.win32@mx



    NaiveMelody Many thanks for all the advises you passed on to me, I"ll store them and surely they will become handy
    one day
    ! In another thread, the one from Greb49er re: websnitch I read earlier some advise to try and let A-Squared loose on the pc, but I had a problem downloading and installing it. Got a reply to my message then that lead to resolving
    my problem. It concerned 2 more url s. I answered then as follows :

    Quote A dialog box should have appeared in order to download and install the Ewido anti-spyware ; but it didn t only got a red cross ? Perhaps the server was down Could install active X though, but only after shutting ZoneAlarm down ! SuperAntiSpyware on the other hand could be downloaded and installed. Several malware was detected, quarantained and deleted. After that the PC rebooted but in Safe Mode only. Decided to scan again in safe mode this timeand now the problem seems to have gone, let s cross fingers the pestfiles won t reinstall. Unquote :8}

    PS: One more questtion ; you mentioned "don't click on the pop-ups, but get rid of the root cause of the pop-ups". Could you tell me how to do that please as now I just closed the pop-ups as soon as I saw them. Thanks again.


  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Trojan-Spy.win32@mx

    First of all, look under the Add and Remove Programs in the Control Panel. It may or maynot be listed and it may even be listed as something else in disguise. Uninstall, but only after tracking it locations first. Use the Search in the windows explorer using the name found in the Control panel and anywhere else to help find more names of files and locations. Delete any remmants after uninstalling.

    Open the C\WINDOWS\Download Program Files and have a look. Any suspicious item, just right click and open the properties. The id value is important. The item can be removed using the uninstall.

    Use the id value in the Find of the registry and delete all, if you are absolutely sure that ID/item is the trouble maker.

    Where does the IE go to or what is the new changed home page? Google this but something like "xxx.com + remove" or just the xxx.com. Usually something shows that can help.

    Open the IE and look under addons in the Tools. Look for addons used and past addons. Anything suspicious? These have a value and these too can be used in the Find of the Registry to be deleted.


    In the registry. look for the software> microsoft> windows> current version> internet settings > zone map and domain could have the malware site listed. remove it.

    Look in the host file for the malware site. (look in C\WINDOWS\system32\drivers\etc\host and open the file with the notepad and remove anything bad.


    Usual location for the malware is in the WINDOWS directory, Program Files directory and in the Documents and Settings. Sometimes even just on the drive itself.


    This is a start. Those are the general instructions.

    A valuable tool is the HJT. Use a HJT forum to trace the issue and get help. These are free. The requirements for the cleanups are very handy and do a good job on their own. Here are two of many..

    http://www.bleepingcomputer.com/foru...lysis-f22.html

    http://forums.majorgeeks.com/showthread.php?t=35407


    Oldsod


    BTW NaiveMeldoy is very correct about the evil google ads for spyware removers. Most of these are spyware themselve and not good removers. They have lots of false positives to convince the user to buy their shady products.

    A good source of bad scanners or rogue scanners is here>

    http://www.spywarewarrior.com/rogue_anti-spyware.htm

    Message Edited by Oldsod on 02-19-2007 02:00 PM
    Best regards.
    oldsod

  5. #5
    naivemelody Guest

    Default Re: Trojan-Spy.win32@mx

    Clarification about the pop-ups: some people out of pure frustration with repeating pop-ups may click on 'yes/agree', thinking it will shut it up, stopping it with little consequences- bad move. In some extreme cases, clicking 'no' or ' x ' out will discreetly mean 'yes' to the malware connected to that pop-up. I've actually seen one of these types of pop-ups on an out-side
    computer system
    (thank goodness it wasn't mine) where everytime you click "x" out,
    the pop-up
    would still reappear and repeat itself in a few minutes. Well, I hope you clear out the infection. Remember that -


    http://www.spywarewarrior.com/rogue_anti-spyware.htm

    ,
    check out the free and trustworthy security chapter, and build a little layer of anti-spyware
    ( if you like, I would like to know what kind of security you had while you got this recent infection- beforehand), two of the better anti-spyware apps, are Webroot SpySweeper and PCTools SpywareDoctor, both for a fee, but only choose one if at all. If you want a little more advanced security, there are dedicated HIPS security software. NaiveMelody NYC 2-19-07~11:45pm e.s.t. - Feelin' stronger every day - Chicago

    Message Edited by NaiveMelody on 02-20-200712:03 AM

  6. #6
    gallier Guest

    Default Re: Trojan-Spy.win32@mx

    NaiveMelody - Will bear your advises in mind ! The malware must have sneeked in to my system whilst I was switching over from anti-virus program AVG to ZoneAlarm I guess. I was advised not to run 2 such programs on the same pc, so I removed AVG (although there are still some files left of that program it seems) before installing ZoneAlarm.

  7. #7
    gallier Guest

    Default Re: Trojan-Spy.win32@mx

    NaiveMelody - Will bear your advises in mind ! The malware must have sneeked in to my system whilst I was switching over from anti-virus program AVG to ZoneAlarm I guess. I was advised not to run 2 such programs on the same pc, so I removed AVG (although there are still some files left of that program it seems) before installing ZoneAlarm. Apart from :trojan-spy.win32@mx I also had SpyDawn offering their "services". All seem to have gone with using SuperAntiSpyware.
    To detect malware I am
    using the free program Hitmanpro2, this program combines several other programs and runs one after the other such as Ad-Aware, SpyBot, SpywareDoctor; etc. But at the time my pc was infected somehow the malware prevented that program to complete its job! I was advised to send a HijackThis log to Spyware Warrior, which I did in the meantime.
    Thanks agian for your help



  8. #8
    gallier Guest

    Default Re: Trojan-Spy.win32@mx

    Hello Oldsod - thanks for the many advises you gave me. I will check my pc as you suggested in order to find out if there are still bad files left on my system. In the meantime I have send a HijackThis logfile to Spyware Warrior, wait and see what that gives. At the time that the malware changed my homepage in IE, I was redirected to a site where I could order the solution to the problem (they apparantly created themselves). I did not note the address down, should have done... B-)

  9. #9
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Trojan-Spy.win32@mx

    Was it something like winfixer?


    http://en.wikipedia.org/wiki/WinFixer


    Oldsod

    Message Edited by Oldsod on 02-21-2007 11:45 AM
    Best regards.
    oldsod

  10. #10
    naivemelody Guest

    Default Re: Trojan-Spy.win32@mx

    Glad to hear things are working out well. Keep an eye on 'Hitmanpro2', it's new and needs to be a proven and trustworthy app, if you ever hear any 'bad feedbacks' from other folks- you know what to do. By the way, if you could do us all a little favor: sign-in, go to the posts of yours in 'Websnitch?' - OhioCutie's post and delete your posts from hers; it confuses the public- go to your post, click on 'Board Options' in top gray bar , and delete, if the option is there; and hopefully Greb49er will do the same. Understand. Safe surfing dude.NaiveMelody NYC 2-21-07~11:34pm e.s.t. - Unwritten - Natasha Bedingfield

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •