Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The Nasty Stuff Before Spysoldier


  • Please log in to reply
3 replies to this topic

#1 Lord

Lord

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 07 February 2007 - 10:28 AM

I am infected with whatever it is thats asking me to download the Spysoldier Anti sofware. My AntiVirus (Norton) does not find it - and Adaware does identify (and deletes) about 22 items, but the next run finds them all over again.

Finding this site with the "win32.trojan.dropper" search got me to the Remove Spysoldier page.... I did follow the instructions - but noted two main things, I cannot start the computer in Safe mode - but more important, do not find the "SpySoldier 1.2" in the add-remove programmes - as have NOT allowed it to be loaded - although every second pop-up screen nags me to do so... since i cant uninstall this - I've not gone ahead in using the smitfraudfix programme as yet either.

So the "Remove SpySoldier" instructions are not really helpful - since there is no programme to remove !!
[I think it will be a little crazy, to let the Spysoldier load - and THEN remove it...]

What I need the help for - is how to get the pesky thing presently getting the free run of my computer OUT.

in anticipation...

Lord

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:51 AM

Posted 07 February 2007 - 12:38 PM

Welcome to BC.

I moved your thread to a more appropriate forum.

Go ahead and follow the instructions for using SmitFraudFix.exe. If you can't use "SAFE MODE", then run the tool in normal mode.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Lord

Lord
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 07 February 2007 - 02:03 PM

Okay - seems like success...

Firstly, I was able to boot and go into Safe Mode through run>msconfig>boot.ini>/SAFEBOOT.

I ran the smitfraudfix programme (without uninstalling the SpySoldier thru add-remove, coz it wasnt there) but the programme did not end like in the instructions ---

During the progress, I had two seperate "this is a potential virus attempt" open up, which i had to close.

Then, the "restart now" window that was to open did not
The Log file, which is to come up AFTER the reboot - opened then
I had to do a manual shutdown - which opened in safe mode again, so i unticked the /SAFEBOOT in msconfig and then started the system....

All good - I additionally ran the "Regestry Mechanic" --- which rectified some 150+ items -- and optimised the regestry some 5%... The reboots after these were fine.

The only hitch --- seems there is some residue : out of the blue, the explorerscreen still goes to the "spysoldier" site... but [u]this is only the visual in the window. (the address line of what site i was working on, remains the same). I have changed the home page to blank, and others... but that does not result in clean usage, coz... Its still around.

I just wonder - whether the problem will remain - and fester there till it crops up again.

Anyway - thanks - I will report if anything amiss still remains....

Lord

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:51 AM

Posted 07 February 2007 - 02:21 PM

Sounds like some stuff is still lurking about.

Download and scan with SUPERAntiSypware Free for Home Users.
If you encounter any problems while downloading the updates, manually download and unzip them from here.

Download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)
Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Finally, download and scan with AVG Anti-Spyware 7.5 in "SAFE MODE".
(This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware.) Be sure to print out and follow the AVG Anti-Spyware Install-Scan Instructions.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users