Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I can't get rid of this virus.


  • Please log in to reply
No replies to this topic

#1 xxtrojankiller

xxtrojankiller

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 01 December 2008 - 11:46 PM

It's something called Spyware.ISpyNow, where a false security alert pops up and tells you to get some antivirus. I can't go to most sites but it lets me visit google.com, download.com, but not antivirus sites like syntamec and such. I have followed these steps given to me before:
1. Open up Device Manager
2. Click 'View' and select 'Show Hidden Devices'
3. Expand the 'Non-Plug and Play' Drivers category
4. Right-click and 'Disable' clbdriver.sys, tdsserv.sys (or tdssxyz.sys where xyz.sys are random characters), and/or seneka.sys
5. Restart computer to Safe Mode
6. After restart, go back to Device Manager and right-click 'Uninstall' the above drivers
7. Navigate to 'C:\Windows\System32\Drivers' folder and delete these files if they exist (They will be hidden so show hidden files)
8. Navigate to 'C:\Windows\System32\ directory, Sort By Date, and remove any recently modified traces of files that resemble clb*.*, td*.*, and seneka*.* or any suspicious looking *.exe's/*.dll's modified in the past 24 hours
9. Run SDFIX and Combofix(from www.bleepingcomputer.com) in Safe Mode
10. Reboot to Normal mode, install SAS, update, and run a quick scan
12. Run an ESET (NOD32) and/or F-Secure online malware scan..

and I have followed those steps, but I saw no signs of seneka or clb. I only saw files like tdsserv.sys, which I sent to the recycle bin and deleted from the recycle bin. I don't know if that helped because when I rebooted my computer normally, the Spyware.ISpyNow false security alert popped up again. :thumbsup: When I run spyware scans and antivirus scans it does not allow me to delete some files that show up, it just either freezes the computer or tells me that the program (I used Spyware Terminator) has encountered something and needs to close. This is so annoying, and I am not allowed to go to many sites. I cannot download anti-spyware, anti-virus or antimalware from any sites because the virus has 'firewalled' all of them. The only thing I have is download.com. Can someone help me get rid of this? Thank you so much!

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users