Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help, Spyware..


  • Please log in to reply
8 replies to this topic

#1 Anonymousone

Anonymousone

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:01:09 AM

Posted 04 December 2006 - 12:51 PM

I tried to do a HiJackThis log, but I can't because it is blocking any site where I try to download any kind of protection.

http://img225.imageshack.us/img225/6344/spywarejw3.jpg

It's even messing with my S&D

http://img225.imageshack.us/img225/2465/spyware2pd3.jpg

Norton/AVG can't find anything. I have absolutely no idea where I can start to remove this..

EDIT: Oh, and I tried System Restore.. either it's not working for the first time in years or the spyware is stopping me from doing that too. Would System Restore work in safe mode?

Edited by Anonymousone, 04 December 2006 - 12:56 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:09 AM

Posted 04 December 2006 - 01:01 PM

What OS (Win XP/2000, etc) are you using? Have you tried doing your scans in "SAFE MODE"?

If your using Win XP or 2000, do this.

First, print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download, install and update AVG Anti-Spyware 7.5. DO NOT perform a scan yet.
Print out the and follow the AVG Anti-Spyware Install-Scan Instructions for installing and upating.
DO NOT perform a scan yet.

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.

Go here and follow the generic instructions for using SmitfraudFix in BC's "How to remove the Smitfraud / Generic Zlob". You will have to extract the zip file to you Desktop. (Click here for information on how to do this if not sure. Win 9x/2000 users click here. A ZIP file requires an unzipping utility. If you need one, download 7zip (its free).

After using the tool as instructed, reboot again in "SAFE MODE" and double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Then scan with AVG Anti-Spyware 7.5 per the instructions you printed out and reboot normally.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Anonymousone

Anonymousone
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:01:09 AM

Posted 04 December 2006 - 04:50 PM

Thank you, but I couldn't finish your instructions. When I got to running SmitfraudFix's command prompt in Safe Mode it gave me an error saying "next is not recognized as an internal or external command.." and closed. I redownloaded it, and tried it again, it still didn't work. I figured I'd do a System Restore in Safe Mode before I bugged you about it.. it worked for maybe 1 minute. The ads and toolbar are all gone, but my computer restarts when I click IE or at random times (it's not memory usage). When I log back in it says "a registry file had to be recovered by use of a log or alternate copy. The recovery was successfull." Hell, I had to write this in a .txt file because it restarted twice at the site. It only used to happen when I went to open Windows Movie Maker, which I always thought was just a memory usage problem..

Also, I can't get into safe mode. Now when I press F8 it asks for my operating system, then asks about Safe Mode.. I press enter and it lists some files too quickly for me to copy them down and does nothing else.

I use XP.

Edited by Anonymousone, 04 December 2006 - 05:29 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:09 AM

Posted 04 December 2006 - 06:02 PM

Although safe mode is recommended you can try running the tool in normal mode. Also download and scan with MS Malicious Software Removal Tool.

Have you tried to download Hijackthis from either of these two sites?
http://www.bleepingcomputer.com/files/hijackthis_sfx.php
http://www.thespykiller.co.uk/files/HJTsetup.exe

If you are able to it let me know and I will give you further instructions on how and where to post a log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Anonymousone

Anonymousone
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:01:09 AM

Posted 04 December 2006 - 06:20 PM

I downloaded and installed HiJack This. I've also installed AVG 7.5 and downloaded SmitfraudFix again. About to scan with MS..

SmitfraudFix is giving me the same error message in normal mode as it did in Safe Mode when I run the .cmd.

My computer hasn't restarted in over 30 minutes, although I still can't open IE/Movie Maker.

Edited by Anonymousone, 04 December 2006 - 07:34 PM.


#6 Anonymousone

Anonymousone
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:01:09 AM

Posted 04 December 2006 - 08:21 PM

Scanned with MS, and this happened:

http://img228.imageshack.us/img228/1411/spyware3um6.jpg

AVG kept popping up during the scan to "heal" some files. About 20 of them the same as the one in the screenshot (just different numbers at the end) got healed. MS scan itself didn't turn up anything.

I'm not sure if I should scan with AVG out of Safe Mode now, and I don't know what to do with SmitfraudFix still.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:09 AM

Posted 04 December 2006 - 08:44 PM

When AVG provides you with options upon detecting malware, you can choose "Move to Vault". Since you were able to download hijackthis follow all instructions[/b] in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log".

When you have done that, post your log in the HijackThis Logs and Analysis Forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log here.

After posting a log you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc.) unless advised by a HJT Team member. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Anonymousone

Anonymousone
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:01:09 AM

Posted 04 December 2006 - 09:02 PM

Thank you very much for all the help. :thumbsup:

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:09 AM

Posted 05 December 2006 - 05:21 AM

Your welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users