Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Evil Spyware & Hijackers


  • Please log in to reply
4 replies to this topic

#1 CathyTamar

CathyTamar

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 09 April 2005 - 05:05 PM

Hey there, I have a question if anyone has an opinion please feel free to respond. My other computer is infested with evil trojans named QLowZones-2.gen and Downloader-ME.dr Which in turn they have installed at least 47 (yes 47! at last count) other adware, malware & whatnot on the poor defenseless machine. My fault for it being defenseless.
I did a manual remove in safe mode, but it didn't work. It all just keeps coming back. I used SpyBot, but it still came back. I tried to download Ad-Aware but I keep getting Page Not Found on the good computer.
So my question is - if I reformat will it rid the evil demons? I'll make sure to use a firewall & all this time.

BC AdBot (Login to Remove)

 


#2 buzzworthybum

buzzworthybum

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 10 April 2005 - 12:28 PM

You might want to try some other programs first. I'd recommend trial versions of CounterSpy and SpySweeper. You could also try downloading Ad-Aware from a different website, download.com and majorgeeks.com both have it. If you still don't have a firewall you should download one immediately, even though you're already infected.

#3 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:09:54 AM

Posted 10 April 2005 - 12:56 PM

The surest way to get rid of all of your spyware/malware, is to submit a HijackThis log for examination.

Read the pinned post in the HijackThis forum, here
Please read, and follow, all directions carefully.

Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a couple of days to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#4 CathyTamar

CathyTamar
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 11 April 2005 - 11:30 AM

Ok, thank you both very much! I did finally get Ad Aware and I also ran McAfee virus scan, AVG, Ad Aware, SpyBot, and 2 others that I got from that list thats pinned to the top of this forum. They all found an assortment of problems, I'm amazed at how many, and said they cleaned them, but after re-boot they all just come right on back. Now it has a W32.Kobot.A worm (!!) along with something called Downloader.Small.18.T
I did get McAfee Firewall but a little too late. I'll try that HijackThis and put a log where you guys said, I won't be able to take the time to reformat until next weekend anyway.
Thanks again! :thumbsup:

#5 Trotwood

Trotwood

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 29 April 2005 - 09:55 AM

I was recently infected with the same peice of slime. I got some very good information here and here. Apparently the worm lowers your IE security settings by changing the relevant registry keys and then contacting websites from which other malware is downloaded.

And you're right, even if you clean it out with McAfee, it just seems to come back every time you connect to the internet. The second article seems to indicate that it might be storing a copy of itself in the System Restore folder. So you have to disable the System Restore feature of Windows. The second link contains instructions for this.

Please bear in mind that I don't know how effective this treatment is. I just tried it on my home machine before coming in to work. I'll know whether it worked when I get home tonight.

I'm going to try to write a peice of software that detects registry key changes and halts them. If the worm can't change the internet security settings, it can't download garbage.

HTH,
Trotwood




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users