Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help Me Remove Spyware :]


  • This topic is locked This topic is locked
11 replies to this topic

#1 Exclamation

Exclamation

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Location:New York
  • Local time:05:47 PM

Posted 15 August 2007 - 05:25 PM

Hi everybody,

This is my first post at BleepingComputer. :]

Anyways, let me cut to the chase. I've unfortunately been infected with some really bad spyware, and I've tried various methods and can't get rid of it. It also seems to be continually getting worse every day.

The problem seems to be something called win32.trojandownloader.adload, and any help with removing it would be beyond appreciated. :thumbsup:

I've use SpyBot and Ad-Aware several times. They end up removing a lot of problems, but it still won't stop.

Thank you so much in advance for any help!

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,985 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:47 PM

Posted 15 August 2007 - 05:31 PM

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

--------------------------------------------------------------------------------

Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
--------------------------------------------------------------------------------

How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:02:47 PM

Posted 15 August 2007 - 05:36 PM

Hi, and :thumbsup: to bleeping computer, Exclamation. The first program to try and get rid of this with is Superantispyware

Once you have completed the download, double click on the saved file to run the installer. Accept the default options. If the program wants to update, let it. When the update is complete, you may have to double click on the desktop icon to run the program. When the main window comes up, click the scan your computer button. In the next window make sure that you select the complete scan option. Click next to start the scan. Be patient. When the scan is finished, click the next button and allow Super Anti Spyware to remove anything that it finds. If SAS asks to restart the computer, allow it.

EDIT: spelling

Edited by oldf@rt, 15 August 2007 - 05:37 PM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#4 Exclamation

Exclamation
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Location:New York
  • Local time:05:47 PM

Posted 15 August 2007 - 05:49 PM

Hi, thanks for the quick replies, you two. :thumbsup:

I've downloaded SuperAntiSpyware, but for some reason my computer isn't letting me run in safe mode. I've run several computers in safe mode before, and I know I've done this one, too, but it's just not working right now.

Should I just run SuperAntiSpyware and BitDefender in normal mode?

#5 buddy215

buddy215

  • BC Advisor
  • 12,985 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:47 PM

Posted 15 August 2007 - 05:56 PM

Yes, Then try again to go into safe mode. Good luck to you.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#6 buddy215

buddy215

  • BC Advisor
  • 12,985 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:47 PM

Posted 15 August 2007 - 06:07 PM

In the link I provided in the first post for using Safe Mode, about half way down the page you will see a set of instructions which start with the lines below:
Using the System Configuration Tool Method
Note: If you are having trouble entering Safe Mode via the F8 method, you should not use this method to force it to startup into safe mode. For reasons why, you should read this.

IF YOU USE THE METHOD DESCRIBED ABOVE, PAY CLOSE ATTENTION TO STEP #9

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 Exclamation

Exclamation
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Location:New York
  • Local time:05:47 PM

Posted 16 August 2007 - 12:39 AM

I'm still in the process of working this all, but I figured I'd give an update to how things are going. Sorry, I seem to be a little slow when it comes to all of this. :thumbsup:

I tried running SuperAntiSpyware in safe mode, and it took ages, but it found roughly 700 things, and then when I tried to clean them, it told me to reboot - so I did, and then the computer did reboot, but nothing happened. I looked in the quarantine, but found nothing. So then I ran SuperAntiSpyware in normal mode, and it found only around 400 things, but I did quarantine and delete them.

I ran BitDefender, and the process bar was about an hour and a half into it, halfway through, and then a pop-up forced it to close, (they're getting really nasty!) It did manage to delete a lot, since I believe that BitDefender deletes the problems in real-time when they're found, and not at the end in one big swoop. Is that right?

Anyway, I've restarted the BitDefender and I'm going to let it run overnight. Once that finishes up, should I then try to use Hijack This, or try to re-work SuperAntiSpyware in some way? Thanks, guys. :flowers:

Sorry again for all the unusual problems on my side, I'm trying my hardest, though!

#8 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:02:47 PM

Posted 16 August 2007 - 01:22 AM

Thanks for the Update, most posters don't tell us squat. When you are done with the bitdefender scan, update SuperAntiSpyware, and try to scan in safe mode once more. If that does not work, follow the preparation guide For Use Before Posting A Hijack This Log.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#9 Exclamation

Exclamation
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Location:New York
  • Local time:05:47 PM

Posted 17 August 2007 - 04:04 AM

Hi again,

I've had a rather busy day, so I sadly haven't had much of a chance to fight my malware problems, but I've had my computer off to [hopefully] prevent further damages.

I tried running my computer in safe mode, like I did the other day, and it wouldn't work. Even using the msconfig option, safe mode wouldn't open, and I had to do a system restore checkpoint thing to bring my computer back to normal mode. For some reason, I can't access safe mode on a regular or, well, safe basis.

I'm figuring I should just follow the Hijack This instructions? I'm not even sure exactly what Hijack This is, so if anybody could give me a quick explanation, that'd be great.

To recap, I've run Ad-Aware, SpyBot, BitDefender and SuperAntiSpyware at least twice each, and very little seems to have changed, although it seems to vary randomly whether my computer is acting fairly normal or totally chaotic. Thanks again, guys.

#10 buddy215

buddy215

  • BC Advisor
  • 12,985 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:47 PM

Posted 17 August 2007 - 06:49 AM

Yes, post the Hijack This log in the Hijack This Forum. Not in this forum.
Briefly, HJT is a diagnostic and repair tool that should be interpreted by professionals trained in its use.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#11 Exclamation

Exclamation
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Location:New York
  • Local time:05:47 PM

Posted 17 August 2007 - 04:43 PM

Okay, a little while ago I posted the Hijack This information like the instructions said.

#12 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:03:47 PM

Posted 17 August 2007 - 04:48 PM

Exclamation,

Now that you have an open HJT log posted in the HijackThis Logs and Analysis forum, you shouldn't make any changes to your system.
Doing so, could change the results of the posted log, making it difficult to properly clean your system.

At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

I'm closing this topic until you are cleared by the HJT Team.
If, after your log has been cleaned, you still need help, please PM a Moderator and we will re-open this topic.

If you have any questions, don't hesitate to send me a PM.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users