Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not Sure If It Is Spyware Or Malware Or Something Else.


  • Please log in to reply
9 replies to this topic

#1 lovejoypeace

lovejoypeace

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 06 May 2006 - 03:00 PM

Hi..

I was receiving some 'notification' with a flashing triangle on the taskbar with an exclamation mark, saying that spyware was detected. It directed me to www.securityuptodate.com and then my homepage was somewhat Always set to www.securityuptodate.com, advertising other spyware removal programmes. I can't change it no matter what.
There were also random popups once in a while, about various spyware programmes, and sometimes adult services.
McAfee also notified that a Puper Trojan was detected to have contaminated a certain .tmp file in C:\WINDOWS\SYSTEM32\..... .tmp The file name changes in the many similar notifications by McAfee.

So, I first found the other section of this forum with the HJT stuff and followed the beginning instructions to download Adware and SpyBot, and McAfee Stinger, and I already have McAfee VirusScan. I have scanned several times with each, and the various 'bad' stuff detected were removed, and no more could be detected.
But McAfee continued with the notification even after a few more Restarts before it finally stopped.

So far, the flashing triangle never appeared. The McAfee notification stopped. No popups.
But the homepage problem is still there.
So, I'm not sure if the malware/spyware in my laptop has been removed, and the problem is something else. Or I haven't done it correctly and the malware/spyware thing is still lurking somewhere.

I noticed that some advices include doing everything in Safe Mode, which I didn't do. I'm not sure how to get into it anyway. And I also did turn off the System Restore.

I would appreciate some help.. :thumbsup: Thanks for any in advance!

Edited by lovejoypeace, 06 May 2006 - 03:03 PM.


BC AdBot (Login to Remove)

 


#2 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:12:15 PM

Posted 06 May 2006 - 03:36 PM

Welcome to BC! :thumbsup:

Well, it sounds like you are doing great so far! Making progress, anyway. First let me answer a couple of questions for you:

I noticed that some advices include doing everything in Safe Mode, which I didn't do. I'm not sure how to get into it anyway.

Hit your F8 key while your computer is starting up. You will be presented with a list of different start up options. Choose 'safe mode'. That's about it. Safe mode kind of works like this: It is an alternative way to start your computer with barely a minimum running on your computer to make it work properly. A lot of programs won't work in safe mode. But usually, neither will the malicious software that you are trying to remove. When you boot into real mode, like usual, the malicious software runs and it is difficult to remove something if it is running. This is why you should use safe mode, so you have a higher chance of success.

And I also did turn off the System Restore.

That's good. Now turn it back on! You need to keep it turned on so that restore points will be created automatically occasionally. If a problem develops with your computer you may be able to fix them simply by 'restoring' the computer to a the way it was before the problem developed. But, of course, you need restore points to have this option. So start it back up. It was a good idea to turn it off because sometimes malware can hide within the restore points. Turning it off deletes the old restore points. But turn it back on!

I am going to recommend two things for you. First, run things in safe mode as instructed in the tutorials you have been following.

Then, if you continue to have problems I suggest you post a log in the High Jack This forum here at Bleeping Computer.

First: Read the Preparation Guide found HERE. It is very important that you follow ALL of the instructions found within. (There are many important steps in this guide that may clean your computer.)

Second: Post your system information along with a brief description of the problems you are having, and your HJT log in the HJT forum found HERE.

NOTE: Please, after you post your HJT log DO NOT make another post in the HJT forum until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post there will be 1 reply. The team member glancing over the replies might think someone is already helping you out and will not respond. So, just make your post and let it sit there until a team member responds. The volunteers who work that forum are very busy, so please be patient and wait. It can sometimes take a few days for a response. If after 5 days you still have gotten no response, then post a link to your HJT log HERE.

Third: If, after finishing your work with the folks at the HJT forum you have issues with Windows related to the removal of the infection, then come to the other forums and let us help you get your computer back to normal.

You are in good hands! Good luck!
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:15 PM

Posted 06 May 2006 - 05:26 PM

Puper Trojan was detected to have contaminated a certain .tmp file in...the homepage problem is still there. So, I'm not sure if the malware/spyware in my laptop has been removed, and the problem is something else

These are signs of a smitfraud infection. Before you post a HJT log, you may want to try this:

First, you should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download and install Ewido Anti-Malware v3.5. DO NOT perform a scan yet..
Print out the Ewido Install and Scan Instructions.

Go here and follow the instructions for using SmitfraudFix.
After using the tool reboot again in "SAFE MODE" and

Clean out your Temporary Internet files as follows:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

Then perform a scan with Ewido and reboot back to normal mode. If you still have problems after this, follow Albert Frankenstein's instructions for posting a log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 lovejoypeace

lovejoypeace
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 07 May 2006 - 11:15 AM

Hey! I followed both of your instructions, switched System restore back on, used safe mode and Ewido and all. and apparently the homepage problem is gone!

Being somewhat paranoid, I ran McAfee scan again. It detected 3 Puper.dll Trojan files, with similar file names starting with C:\System Volume Information\_restore{..........
McAfee promptly 'auto-cleaned' it.
So, I then ran AdAware-SE. It detected 3 files which were some Cookies entry thing and another file with a name similar to the above mentioned. Then, they were deleted too.
SpyBot found no immediate threats.
All these were done in Normal mode.

What's going on? Are they going to be supposedly cleaned off each time, but actually still there?
It appears that things are normal. No apparent problems at all.

Should I still post the HJT log?



Thanks alot anyway, to Albert Frankenstein and quietman7!!! I'm SO very relieved that I don't see the securityetcetc.com website anymore. Thanks! :thumbsup:

Hozanna

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:15 PM

Posted 07 May 2006 - 11:23 AM

I can't tell at what point you enabled system restore. If you renabled it too soo, any trojans or spyware you picked up could still have been saved there and can reinfect you. If your system is clean and no further signs of infection are present, then repeat that step now.

1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Check the box that says "Turn off System Restore on all drives" and select "Apply".
3. Click "Yes" when you are prompted to restart the computer.
4. To re-enable System Restore after reboot, repeat these steps but this time uncheck "Turn off System Restore on all drives", select "OK" and then reboot your computer.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 lovejoypeace

lovejoypeace
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 07 May 2006 - 01:29 PM

okiedokie here's what I did:
turned system restore off,
did the 3 scans (AdAware, SpyBot, McAfee)
rebooted
turned system restore back on
scanned again (and getting the hang of it.. )
rebooted again.

Throughout, nothing showed up!
So it means everything's good to go?

#7 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:12:15 PM

Posted 07 May 2006 - 02:04 PM

Clean scans are good! If your symptoms have gone away, then perhaps you are clean.

There may be something to be gained by posting a log, however. I recommend that you do so, briefly describing the problems you have had, along what you have done so far.
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#8 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:12:15 PM

Posted 07 May 2006 - 04:42 PM

LINK to lovejoypeace's HiJackThis log.
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#9 lovejoypeace

lovejoypeace
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 10 May 2006 - 09:37 AM

Thanks for the great help!!

:thumbsup:

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:15 PM

Posted 10 May 2006 - 09:39 AM

Your welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users