Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem after Spysheriff removal


  • Please log in to reply
9 replies to this topic

#1 skullypuss

skullypuss

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 29 September 2005 - 02:23 PM

I followed instructions found here to remove Spysheriff and it worked well. I have encountered a problem since though. I cannot set a wallpaper, the usual methods dont work at all. Normally I just use a picture of my son, but now I cant even choose from the list provided. All I can do is choose a solid color. What can I do?

Thanks!

Kelly

BC AdBot (Login to Remove)

 


#2 HappyShiner

HappyShiner

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 29 September 2005 - 03:35 PM

Hi there,

It may be that all the malware wasn't removed correctly, this sometimes happens.

First of all, let's clean out all your temp files where malware likes to hide:

Please download CCleaner from here:
http://www.ccleaner.com
Before first use, check under Cleaner Settings, Windows and ensure "Empty Recycle Bin", "Temporary Files", "Memory Dumps", "Old Prefetch Data", "Cookies" and "Temporary Internet Files", are checked. Please also go in under Options, Advanced and ensure the box next to "Only delete files in Windows Temp folders older then 48 hours" is 'unchecked'.

Then open it and select any other items you wish to clean up. This will remove any malware hiding in your Temporary Folders as well as freeing up a large amount of disc space :thumbsup:

Also, the very nature of malware means that when infected you are seldom infected by one thing only. Therefore, it would be a good idea to ensure there is no other malware on your system. If your system is clean, then there are some steps we can take to fix the issue.

Please perform an online virus scan with at least two of the sites below (more won't hurt):


BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options

Panda ActiveScan
http://www.pandasoftware.com/activescan
Make sure you tick Disinfect automatically under Scan Options

Housecall at TrendMicro
Trend Micro Anti-Spyware-scan
Click the Scan and Clean your PC and save it to your desktop.

* Doubleclick tmas-web-scan.exe-icon on your desktop
* Click agree to accept the terms of the license.
* After loading the definitions, click Start Scan
* When the scan is done, click Scan Results
* Check every item that was found (normally they are checked by default, so make sure they are all checked) and click Clean Threats Now
* A confirmation prompt will appear. Click OK
* Click Exit.

Reboot your computer.
After reboot, you'll see that the tmas-web-scan.exe-icon on your desktop will be gone, but there will be an Antispywarelog instead. It's a textfile.
Copy and paste the entire content of it in your next reply.

eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

RAV Antivirus Online Scan
http://www.ravantivirus.com/scan

Or, if using Firefox,

TRENDMICRO-better for firefox


Trojan Scans:

Please run at least one of the below trojan scans

Sygate Trojan Scan
http://scan.sygatetech.com/pretrojanscan.html

Windowsecurity Trojan Scan
http://windowsecurity.com/trojanscan/

GFI Trojanscan:
http://www.trojanscan.com/trojanscan/

Blackcode Trojan Scan
http://www.blackcode.com/scan/index.php

If one of the scans you opt for is Panda, that would be great. Having run the scans and they reveal anything, please post the log here, the Panda one would be best ;)

Big Smiles

HS

#3 skullypuss

skullypuss
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 29 September 2005 - 11:36 PM

Good news! I had the opportunity to run CCleaner, Panda...which came back clean and Windowsecurity Trojanscan. I was able to put up wallpaper!

One thing however, Trojanscan came up with 2 items:

C:\windows\system32\nostalgia.dll

C:\systemvolumeinformation\_restore{B37680B2-BAOA-4E5D-BF30-83E4


Adware.Newdot and Trojandropper respectively.


I dont know what that means....can you tell me? What do I need to do to take care of this?

I cant thank you enough for your help! Add another notch to your list of fixes!

:thumbsup:


Kelly

#4 HappyShiner

HappyShiner

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 30 September 2005 - 12:58 PM

Hi there,

Glad to hear that has helped things a bit :thumbsup:

Ok, one of the entries isn't something to majorly worry about, it's in your system restore. You can create a new system restore point once you are 'sure' you are clean.

As for Newdot.net:

First, please open Add/Remove programs and uninstall New.Net or NewDotNet from there if listed. If it is not listed, follow these instructions:

From a computer that has Internet access, click on the following link:
http://www.new.net/support/uninstall6_76.exe.
Download and save uninstall6_76.exe to Local Disc C
Click on Start.
Click on Run.
In the Open window type, C:\uninstall6_76.exe.
Click on the OK button.
After removal, you may be prompted to reboot. Please reboot if not prompted.

Then run CCleaner once again.

Lastly, scan once more with Panda and post up the log :flowers:

Big Smiles

HS

Edited by HappyShiner, 30 September 2005 - 01:00 PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:28 AM

Posted 30 September 2005 - 01:57 PM

Hello HS, good to see you here.

I would also add a download and scan with Ewido Security Suite v3.5: http://www.ewido.net/en/download/

Setup & Configuration instructions:
http://broadbandnuts.com/drtweak/index.php...ay;threadid=126

and to Navigate to this folder using Windows Explorer:
C:\Windows\Prefetch <-Delete the entire contents of this folder, not the Prefetch folder itself.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 HappyShiner

HappyShiner

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 30 September 2005 - 05:18 PM

Hi there Quietman, good to see you here too :thumbsup:

Ewido was going to be my next step :flowers:

skullypuss,

If you could follow Quietman's instructions on the download, installation and running of Ewido....then post up the log for it that would be great....as well as the new Panda log...then we can ensure you are clean. How did the Newdot.net removal go?

Big Smiles

HS

#7 ComputerGeek

ComputerGeek

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 21 November 2005 - 12:55 AM

Hm. I solved this problem by simply using regedit and deleting the file that keeps that intact.

1. Go to Start > Run

2 Type in regedit

3. Go to HKEY_CURRENT_USER > Software > Microsoft > Windows > Current Version > Policies > System

4. Click on the second object, and delete it

5. Do NOT mess around unless you know what you are doing. This could cause system failures. This seemed easier to me, than installing some program and scanning stuff.

#8 HappyShiner

HappyShiner

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 21 November 2005 - 09:47 AM

Hi there,

I would say....firstly when doing anything with the registry to back it up first...instructions on doing so here:

http://www.computerhope.com/registry.htm

The other thing, removing items via the registry is really something that should be done when other methods have been tried first and when one is sure they are not also infected by other things. That is why scanners are invaluable.....whilst there are always exceptions....approved scanners will remove items safely whilst at the same time helping to identify if 'other' nasties may be on the system.

Big Smiles

HS

#9 sniegss

sniegss

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 07 December 2005 - 07:41 AM

Where can i get SpySheriff activation code ???

#10 HappyShiner

HappyShiner

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 07 December 2005 - 08:41 AM

Hi there,

Activation code? I think it better that you remove it. To do so I would advise you post a Hijack This log in the relevant forum in this site...after reading all the stickies there.

Big Smiles

HS




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users