Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan-spy.win32@mx


  • Please log in to reply
7 replies to this topic

#1 Filmmaker

Filmmaker

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 16 February 2008 - 08:58 PM

Greetings!

I have picked up a hefty virus(es) and it's kicking my butt! Pop up windows telling me to download anti-spyware (Virus Ranger, Anti Spy Kit, WinSecure Anti Virus, Win PC Doctor, Win Spy Control, Anti Spy Kit). I have the little yellow "caution triangle" flashing in my system tray and a pop-up that tells me that I'm infected with "Trojan Spy.win32@mx".

I can't use Smitfraudfix because I'm running crappy Vista. So far, I've scanned with: Norton, Spybot, Adaware, Adwatch, SD Fix, AVG, Super Antispyware, Kill Box, Rogue Remover and just for kicks, I purchased Kaspersky Internet Security, but it won't let me install, because of some "Data Execution Prevention" (or something) and boots me out of the install.

I've been working on trying to get rid of this for 24 hours (since 8:25 p.m. on FRI night). It keeps trying to hijack my home page, but at least SpyBot is denying that (though it pops up to have me cancel the attempt with every internet window I open).

Any help would be greatly appreciated. I'm completely beaten!

Thanks!

Mark

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:25 PM

Posted 16 February 2008 - 10:01 PM

Have you tried to run Super etc.. from Safe Mode
How to start Windows in Safe Mode
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Filmmaker

Filmmaker
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 16 February 2008 - 11:36 PM

Have you tried to run Super etc.. from Safe Mode
How to start Windows in Safe Mode


Hey Boopme.

I just did and was "clean" for about 3 minutes. It found 109 items to delete/quarantine, but all my pop-ups, flashing icons, etc. are still here, in all their glory. I even tried (last night) to go back to a previous restore point from 48 hours ago, but that didn't do anything either.

I've been given a (possible) solution from another board, so I'm going to try that.

Keeping my fingers crossed. It might just be easier to buy another computer!

Thanks.

Mark

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:25 PM

Posted 17 February 2008 - 12:31 AM

SUPERAntispyware will work in Vista and safe mode, you may have to even try a few scans with stubborn malware.
If all else fails try to post a HiJackThis log in the Security > HijackThis Logs and Malware Removal

Preparation Guide for use before posting a HijackThis Log
If you can't perform or have already used a step skip it and keep moving along.

Good luck and let us know how you do...
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Filmmaker

Filmmaker
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 17 February 2008 - 01:43 PM

Wow. I think the worst is over (I hope and pray).

I tried running Adaware and it wouldn't open. I uninstalled it, reinstalled it and it still wouldn't open. I tried to run Spy Bot and it wouldn't open. I finally had to right click and click on the "run Spybot" menu BEFORE it disappeared (which it vanished very quickly). It finally opened, I scanned and it found no problems - though pops, registry changes, etc. were popping up everywhere.

I then installed and ran Hijack This. I printed out 11 pages of instructions (akin to brain surgery instructions), ran the scan and it found a list of things to delete. I read the info on each item, made an educated guess (which isn't too educated in my case) and hit the "might as well delete, as it can't be any worse than what I'm going through" button.

I then rebooted, and a screen came up that it was "attempting to fix things" and the reboot locked up. I unplugged the computer, threatened to shoot it, plugged it back up and (fingers crossed), it seems to be fine.

Not exactly a text-book fix, but thanks to all who gave me ideas, hints and programs to use. I'll just try to be more careful now!

Have a good weekend. I feel like I've given birth (no offense to mothers).

Mark

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:25 PM

Posted 17 February 2008 - 04:59 PM

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. Then use Disk Cleanup to remove all but newly created Restore Point.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Filmmaker

Filmmaker
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 17 February 2008 - 10:24 PM

That was a good idea. Thanks for the advice. I did just that.

So far, so good!

Mark

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:25 PM

Posted 17 February 2008 - 11:25 PM

Your welcome.

To protect yourself against malware and reduce the potential for re-infection, be sure to read:
"Simple and easy ways to keep your computer safe".
"How did I get infected?, With steps so it does not happen again!".
"Best Practices - Internet Safety for 2008".
"Hardening Windows Security - Part 1 & Part 2".
"IE Recommended Minimal Security Settings".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users