Results 1 to 4 of 4

Thread: Lost As To Where To Start

  1. #1
    sabyers Guest

    Default Lost As To Where To Start

    I "volunteered" to help my niece by getting spyware off her desktop computer. I see I am in over my head! LOL

    I first scanned with AVG Anti-Spyware and found 85 infections. So I installed Zone Alarm like I use on my computer. It is running now, but the computer rebooted twice since I started running the scan. She had told me that it was frequently restarting with her.

    There is some sort of message with a black screen overlaying the desktop - and blocking her background picture. It has a "notice" with the first line a statement that spyware is installed on the computer and that an effective software to remove spyware should be installed. Then there is text below that stating that the computer had a certain IP address and it had been used to send false messages to other users. The interesting part is that when I took the computer home and installed it on my DSL line, the stated IP address did not change. LOL There is a yellow triangle in the tool bar that when selected brings up an htm file in the windows folder that provides a URL to go to to download software or to update the software if "you are having problems with it". The computer still runs slowly - even after removing the spyware I initially found.

    This all started after 2 events took place in a 3 day period. She installed a anti-virus / anti-spyware software that she bought at Wal-Mart. Plus an ex-boyfriend used her computer while she was gone and she found evidence that he had gone to some porn sites. It seems that the infestation happened in that period of time.

    Do these "symptoms" sound like some known malware package?? How can I track down the program on the computer that is causing this? I have gone through the installed software in Control Panel (Windows XP Package 2) and did not find anything that seemed suspicious.

    Any help appreciated!

    Steve

    Operating System:Windows XP Home Edition
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    naivemelody Guest

    Default Re: Lost As To Where To Start

    Whenever you get any type of pop-up for any "your pc is infected with... please use this 'sleazeware to clean it...or download software/updates" you are still infected with malware/ adware.
    :0
    It is important to write down the exact names and messages that appear - so that you/ we will know what 'malware' is at work. And which methods/ modes are needed to clean them.<hr><p align="left"><a target="_blank"></a>Bogus Security Pages<p align="left">Rogue anti-spyware products have long been known for using aggressive, misleading advertising and marketing, but in the Fall of 2005 a number of these programs began to be pushed on users through incredibly deceptive web pages that were often forced on users through browser hijacks. Many of these pages are deliberately crafted to look like the Windows XP SP2 Security Center, and they may be coupled with flashing tray icons that are designed to look like notices from the Security Center as well as false warnings that malware has been detected on the user's PC.<p align="center"><p align="left">The Sunbelt Blog
    discusses a number of these bogus security pages:<hr>Please see this trustworthy site -
    lots to read - but is worthwhile - http://www.spywarewarrior.com/rogue_...are.htm#online
    .
    Read the rest of the website.<hr>If your PC is already infested with spyware and adware, resist the temptation to succumb to impulse buys of anti-spyware products that you see on the Net, esp. those included in the &quot;rogue/suspect&quot; list on this page or
    advertised on 'Google.' Instead, you can get help online from a corps of savvy volunteers who specialize in busting spyware.

    To get help with a spyware infestation:<div align="center">1. Clean your PC as best you can




    Download and run one (or all) of these free anti-spyware scanners and remove whatever spyware and adware it finds.
    <div align="center">Ad-aware Personal Edition





    AVG Anti-Spyware






    Windows Defender






    Spybot Search &amp; Destroy






    SUPERAntiSpyware

    You should also scan and clean your computer with whatever anti-virus program you happen to have installed on your computer. If you don't have an anti-virus program, you can scan your computer with one of these online anti-virus scanners:<div align="center"><a target="_blank" href="http://www.**bleep**.com/scan/license.php">Bit Def*****
    ScanOnline
    </a>



    Microsoft Malicious Software Removal Tool




    ewido online scan




    Command on Demand





    Panda ActiveScan




    Trend Micro Anti-Spyware for the Web





    eTrust AntiVirus Web Scanner




    Trend Micro HouseCall(ActiveX)
    McAfee FreeScan





    Trend Micro HouseCall(Java)


    ... or download and run one of these free standalone virus removal tools:<div align="center">avast! Virus Cleaner




    Microsoft Malicious Software Removal Tool




    Dr.Web CureIt!






    AVG vcleaner




    Panda PQRemove





    McAfee AVERT Stinger






    Sophos SAV32CLI



    2.


    Visit a spyware removal forum




    Once you've cleaned your PC as best you can, visit one of the following spyware removal forums:<div align="center">SpywareInfo






    Spybot S&amp;D




    Aumha SpywareBeware



    Bleeping Computer




    Spyware Warrior



    CastleCops





    Tech Support Guy

    Cexx.org

    TomCoyote





    <hr>Getting ZA Suite - step in the right direction. BE carefull when &quot;they tell you to click here - to update/ download software&quot; , or give you a IP/ URL to go to
    = this all can be a trick - bad. Always write down the messages and then google - find out more.
    <hr>High recommendation - install and use McAfee SiteAdvisor - www.siteadvisor.com
    and there are other anti-phishing toolbars you can use. http://www.firewallguide.com/phishing.htm
    - browse thru rest of of this very nice site. You can even try out ZA ForceField - http://forums.zonelabs.org/zonelabs/...p;message.id=1
    .<hr>


    You still got some work to do . You should go to one of the 'malware removal forums' for more detailed and expert help in that regard.
    <hr>:8}NaiveMelody NYC 11-1-07 - No No Song/ Skokiaan - Ringo Starr<p align="left">



    Message Edited by NaiveMelody on 11-02-2007 01:17 AM

  3. #3
    jdoliver Guest

    Default Re: Lost As To Where To Start

    Have you tried turning off System Restore? Then boot into Safe Mode and run your scans again.
    Superantispyware is worth trying. So is AVG antispyware.

  4. #4
    wightknight Guest

    Default Re: Lost As To Where To Start

    Been there, done that!
    One can spend entire days cleaning up for a friend.
    Nowadays, malware can embed itself deeply by crosslinking (i.e. one baddie shields another), masquerading as low-level system processes, and actively shutting down clean-up tools.
    So it can sometimes be really difficult to clean an infected system from the inside.
    Baddies keep on rising from the dead.
    The least time-consuming approach is often to make the infected drive a slave on a clean system, and AV scan from there.
    You can then look for any files dating from about the time of infection, without their details being spoofed from you, and can replace any remotely suspicious files in \Windows\System32 or \Windows with known clean versions.
    If your AV identifies particular malware, look on the Internet what it (or something vaguely similar) writes to the Registry, stores as files, etc.
    If obliged to work on the inside, you may need to behave like a scientist, observing the process of rising from the dead, noting what files get written when, logging what Internet connections are made, and painfully discovering what tools the bad guys let you use without shutting down the system.
    Other tools can be downloaded (and if necessary renamed).
    For example Process Explorer can close a process that Task Manager will not, there are lots more registry editors besides Regedit, there are forcible deleters for protected files, and Ztree can list all files by time of creation.
    Happy hunting!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •