Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spylocked - Not Completely Gone (?)


  • Please log in to reply
9 replies to this topic

#1 389

389

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 25 May 2007 - 10:55 PM

First, I know nothing about computers, so I need all this explained to me.
I got Spylocked on my computer. I followed the "Automatic" instructions from the Spylocked guide on this website (uses SmitFraudFix) and it fixed almost everything. However, a McAfee scan found (and couldn't delete) 1 SpyLocked PUP (SpyLocked.Ink) and 2 SmitFraudFix PUPs (PrcViewer and Generic PUP.g). All three are located in C:\System Volume Information\_restore.
Screenshots of each:
SpyLocked.Ink
PrcViewer
Generic PUP.g

Other than that, everything seems to be working fine, other than a red McAfee alert popping up once saying it had blocked SpyLocked.Ink from doing its thing. (this was also located in System Volume Information.)

I apologize if this is in the wrong place, but I'm clueless. Can anyone walk me through what I need to do?

Thanks.

BC AdBot (Login to Remove)

 


#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:09:01 PM

Posted 25 May 2007 - 11:29 PM

There are a few things that you can do to try to finish the cleanup:

download, update and run Rogue Remover, superantispyware, and clean up the restore points

Restore points: Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Download Rogue remover: http://www.malwarebytes.org/rogueremover.php
Download SuperantiSpyware: http://www.supreantispyware.com

The latest version of rogue remover is 1.19, make sure that you update the database, make sure that you do the complete scan for super antispyware, then let it clean everything that it finds. If it needs to restart the computer let it do so.

Follow the instructions exactly for the restore points.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 389

389
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 26 May 2007 - 01:16 AM

I ran Rogue Remover, and SuperAntiSpyware is going. A different McAfee thing just popped up - also called SpyLocked.lnk, but this time it's related to the SuperAntiSpyware process.
screenie

What's going on, and which option should I select?

Also, SAS has so far found 33 Adware.Tracking Cookie, 3 Malware.SpyLocked, 6 Trojan.Media-Codec/V3, and 1 Trojan.SmitFraud Variant. This last one sounds a little disturbing. Is there anything else I should know or do?

thanks again

#4 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:09:01 PM

Posted 26 May 2007 - 02:00 AM

Trust should be what you select then disable mcafee while you are scanning and removing. the smitfraud variant is normally part of the spylocked. when you get spyware on a computer, it can be difficult to remove, and will sometimes re populate itself. post back here when you are done and I will give a link to an online virus scanner.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#5 389

389
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 26 May 2007 - 04:37 AM

It seems to be cleared up; thanks.

#6 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:09:01 PM

Posted 26 May 2007 - 05:24 AM

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#7 389

389
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 26 May 2007 - 03:12 PM

Ok, in the last hour I got three more McAfee SpyLocked.lnk alerts. I'm doing the BitDefender thing right now. Might it be helpful to reinstall Rogue Remover and SuperAntiSpyware and make sure I let McAfee allow their stuff to run?

#8 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:09:01 PM

Posted 26 May 2007 - 03:46 PM

Yes, and make sure that you do the updates and do the system restore reset. It is imperative that you redo your system restore. When you are running the scans make sure that you are disconnected from the net, and that McAfee is disabled. If this does not fix the problem, you will need to post a Hijack this log in the correct forum. Another way to do the system restore reset is:

Navigate to Start, My Computer, R Click, Properties, System restore, Check the turn off System Restore Box., Restart. When the computer is re started, Navigate to Start, My Computer, R Click, Properties, System restore, uncheck the turn off System Restore Box. Immediately make a new, clean system restore point go here for the tutorial: http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/

Edited by oldf@rt, 26 May 2007 - 03:47 PM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#9 389

389
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 26 May 2007 - 10:05 PM

I did everything suggested, and now I do think it's gone. Thanks again!

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:01 AM

Posted 27 May 2007 - 08:03 AM

Also keep in mind that certain files which are part of the smitfraudfix tool (or other specialized tools), such as process.exe, restart.exe, SmiUpdate.exe, and reboot.exe, may at times be detected by some anti-virus as a "RiskTool", "Hacking tool, "Potentially unwanted tool" or even "Spyware-Adware". Anti-virus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Such programs may have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. Anti-virus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. Potentially unwanted does not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users