skydivepaul
|
| posted on 19/12/05 at 09:31 PM |
|
|
HELP spyware problems, this is a long one
I need help!!!
Around a fortnight ago i was merrily installing / upgrading the lastest version of Norton Internet Security (rather than the renewal) on my PC. In my
error i didnt disconnect my broadband connection as i usually leave it on most of the evening so i can check my e mails. During the installation some
B@stards managed to infect my PC with spyware or suchlike, I know this because I also have system mechanic start up guard running and i had a messgae
to say that a new programme was trying to install itself into the start menu. I blocked this but to no avail. Norton security did not complete the
installation and even after turning off the broadband connection and uninstalling Norton it still will not install.
I then got messages saying [a program has requested connection etc etc from www.ad-aware.com] I did a search for this and found some useful websites
giving information on how to rid the PC of this infection.
To date i have run
spybot
adaware
MS antispyware
CC cleaner
spysweeper
every time i run one of these they always find a bit more crap to clean up.
I still cannot install Norton but i now have installed AVG and zone alarm. In the two weeks i have had it installed zone alarm has blocked 7000
attempts to hijack my PC so something is still out there and i need rid of it.
I am at my last straw now and i've just backed up all my data and i'll be off to CCL to buy a new hard drive tomorrow to reinstall
everything. I dont really want to do this for
1: it will take me bloody ages.
2: The f~#ckers have won
I also started getting pop ups whilst on the internet telling me that my computer was infected with spyware and I should click the ad to fix
it........at great expense
Any help will be greatly appreciated either in helping me fix my PC or and address where these toerags can be found and twatted.
http://www.smartideasuk.com
http://www.smartmapping.co.uk
HD CCTV
3D design solutions and integration
IP security systems
access control systems
|
|
|
|
|
Avoneer
|
| posted on 19/12/05 at 09:41 PM |
|
|
"HiJackThis" and post a log.
Some folk on here are good with the logs and what to delete.
Pat...
No trees were killed in the sending of this message.
However a large number of electrons were terribly inconvenienced.
|
|
|
RazMan
|
| posted on 19/12/05 at 09:41 PM |
|
|
I would recommend giving in up to a point. I had a similar problem a few weeks back and tried all sorts to get rid of some spyware - nothing serious
but I just hate to have to put up with the needless popups, popunders, adverts etc.
In the end I resigned my self to the fact that a format was the only answer. I have over 250Gb of data but luckily that is on a separate partition and
I only needed to reinstall XP along with 20 or so key programs, along with Norton 2006 Internet Security. The result is a spring cleaned, fast and
secure computer which has a new lease of life. I havent done this process for a couple of years and it is suprising how much crap in the form of
redundant programs, drivers, cookies etc that we accumulate over the years and having a spring clean really speeds things up.
NIS is great too - very competent at stopping the buggars!
Go on - you know you want to 
Cheers,
Raz
When thinking outside the box doesn't work any more, it's time to build a new box
|
|
|
ReMan
|
| posted on 20/12/05 at 12:27 AM |
|
|
Do not surrender!
Do make sure you get your important stuff backed up though asap.
I've had many virii spys and hacks over the years, but have never had to trash and reload for that reason alone. There are plenty of tools and
utilitys available for fixing these problems and it sounds like you have some of them loaded and running, but are you sure they ar'nt
conflicting with each other.
There are reasons to start again and you will notice a performance hike while you havent got anything else loaded again and it is nice to rid your
excess baggage but it will soon slow down once you get everything re-established
I would keep at it, delete what you can, particularly internet files and cookies etc, uninstall unessential stuff load up Hijack this as mentioned,
use the online free scanners and cleaners and see if you can beat it on principal if nothing else
Col
www.plusnine.co.uk
|
|
|
jestre
|
| posted on 20/12/05 at 12:49 AM |
|
|
All I can say is run the antispyware scans in SAFE MODE! (press F8 while booting) and check out majorgeeks.com spyware section to remove the real
stubborn ones.
-=too much horsepower is just enough=-
|
|
|
jestre
|
| posted on 20/12/05 at 12:50 AM |
|
|
I am a network tech... I only once formatted a hard drive to remove spyware. and that was only because of the volume of spyware and virus's
on it.
-=too much horsepower is just enough=-
|
|
|
Gernster
|
| posted on 20/12/05 at 09:36 AM |
|
|
Dont panic about the 7000 attempts. Thats just 'port sniffers' Kids download software off the internet that checks for any open ports on
your pcs within given IP ranges. If you have a firewall it throws them out straight away.
The new version of zone alarm has anti spy/gray ware built in, but adaware is pretty good too. Use the free 'housecall' virus search on
trend micro site - www.antivirus.com that should get rid of some of the f@ckers!
Also try this ( all in safe mode as the guy above says):
type msconfig in the run command line (start - run - type in msconfig)
and look on the startup tab to see whats set up to run at start up. Use google to find out what each file is for ( copy & paste the name of the
.exe file into google) if its dodgy then disable it.
Then reboot the PC and then go into task manager ( control+alt+delete) and look at what processes are running. Again use google to indentify the
proceses you dont like the look of and if they are dodgy end them.
Then run adaware/ housecall/ zonealarm spyware check and see what you can delete. Some nasties wont be deleted if they are running, hence the business
above!
finally make sure all virus patterens/ adaware files are uptodate!!
good luck, and if all else fails it only takes a couple of hours to reinstall XP and all your favourite programs!!
FINALLY sack internet explorer off and upgrade to Mozilla Firefox www.mozilla.org its free and is far more secure than IE, thats why you get all these
spywares & trojans, its because IE sucks!!
[Edited on 20/12/05 by Gernster]
[Edited on 20/12/05 by Gernster]
|
|
|
mookaloid
|
| posted on 20/12/05 at 10:05 AM |
|
|
I am not the world's leading expert on this but I tend to recommend using a router for internet access. That way using NAT (network address
translation) the rest of the internet can't see your PC directly and a lot of the problems mentioned just don't exist any more.
Just my two p's worth 
Cheers
Mark
|
|
|
britishtrident
|
| posted on 20/12/05 at 10:48 AM |
|
|
First thing is disable system restore, then boot in safe mode and run Hijackthis make sure it is the real freeware HijackThis and not another product
with a very similar name that is ransomware. clear out as much as you can then run this of the free anti-virus products -- free-antivir, avg.
Once you get it cleared out I strongly advise getting all Norton security product cleaned out of your PC and run free anti-virus software and fire
wall or McAfee.
[Edited on 20/12/05 by britishtrident]
|
|
|
RazMan
|
| posted on 20/12/05 at 10:53 AM |
|
|
quote:
Originally posted by britishtrident
Once you get it cleared out I strongly advise getting all Norton security product cleaned out of your PC and run free anti-virus software and fire
wall or McAfee.
Out of interest, why do you not like NIS? I have used it for years and found it to be perfectly adequate.
Cheers,
Raz
When thinking outside the box doesn't work any more, it's time to build a new box
|
|
|
David Jenkins
|
| posted on 20/12/05 at 01:10 PM |
|
|
I strongly recommend getting a router - they're not expensive these days, especially if you go for 'last year's model'. The
trendy thing at the moment is wireless LAN, so the manufacturers are pushing various packages for that. I bought a 'wired' LAN router
which was on special offer 'cos it wasn't the latest thing.
Either way, they're easy to set up - the CD-ROM usually comes with an installation wizard - and these boxes totally protect your computer from
port scanning. I ran a test against my router, and the result was that my PC is totally invisible to the outside world (apart from when I connect, of
course!).
They won't protect you from bad e-mail attachments or rogue websites, but they do eliminate one huge area of concern.
Have a look on dabs.com for an idea of prices.
rgds,
David
P.S. You could always go for plan B - install Linux!
|
|
|
UncleFista
|
| posted on 20/12/05 at 01:29 PM |
|
|
If you're in the market for a router, RoadkillUK has just bought a new one for himself, dunno what he's doing with his old one (it's
a D-link wi-fi) U2U him and ask ? (he works at CCL so you could collect it).
I only have the one PC connected to my cable modem, but I use a router mainly for security. I've not had a single problem since I started using
one.
PS Next time you're at CCL, if the weather's OK, look in the car park, odds are our Locost will be there
Good luck.
[Edited on 20/12/05 by UncleFista]
Tony Bond / UncleFista
Love is like a snowmobile, speeding across the frozen tundra.
Which suddenly flips, pinning you underneath.
At night the ice-weasels come...
|
|
|
mookaloid
|
| posted on 20/12/05 at 02:18 PM |
|
|
quote:
Originally posted by RazMan
quote:
Originally posted by britishtrident
Once you get it cleared out I strongly advise getting all Norton security product cleaned out of your PC and run free anti-virus software and fire
wall or McAfee.
Out of interest, why do you not like NIS? I have used it for years and found it to be perfectly adequate.
I look after 6 pc's and have a 50:50 split between Norton and McAfee on them - I much prefer Norton as it is seems to just get on with
it's job in the background whereas McAfee seems to need more attention.
For instance if a virus is detected in an email attachment in Norton it just deletes it and pops up a message to let you know it has done it. McAfee
however insists on a full system scan afterwards and then finds instances of the virus it didn't delete when they arrived in the email it was
monitoring in the first place.
So I too would be interested in why so many people have a big downer on NIS as I for one prefer it to McAfee.
Cheers
Mark
|
|
|
pbs
|
| posted on 20/12/05 at 04:34 PM |
|
|
Had this problem last week, system was infected by mssearchnet.exe.
This link will tell you how to remove it. Give yourself a good couple of hours though.
http://www.webuser.co.uk/forums/showflat.php/Cat/0/Number/243514/an/0/page/0
Build your own sports car for £250 my ar5e!!
|
|
|
skydivepaul
|
| posted on 20/12/05 at 08:04 PM |
|
|
Many thanks to all who have posted advice on this, the response as always is fantastic. I am going to try some of the tips but i am getting stuck at
the first hurdle. For some reason i cant start my computer in safe mode, trying F8 on start up but nothing happening just windows starting as
normal???
Any ideas
http://www.smartideasuk.com
http://www.smartmapping.co.uk
HD CCTV
3D design solutions and integration
IP security systems
access control systems
|
|
|
mookaloid
|
| posted on 20/12/05 at 08:07 PM |
|
|
You need to keep pressing F8 as it is booting up.
You should then get a menu to select safe mode from
Cheers
Mark
|
|
|
skydivepaul
|
| posted on 20/12/05 at 08:08 PM |
|
|
Cheers I'll try it now
http://www.smartideasuk.com
http://www.smartmapping.co.uk
HD CCTV
3D design solutions and integration
IP security systems
access control systems
|
|
|
skydivepaul
|
| posted on 20/12/05 at 09:50 PM |
|
|
I can get into safe mode now. I've run up in safe mode and run spybot, adaware and ms antispyware, they found 1 infected virus called alexa,
deleted it and ran windows again. as soon as i connect onto the internet i start getting zone alarm blocking messages so the bugger is still there. I
have posted a log onto hijackthis tomcoyote forum and await any further advice. I am going to try the start up process check using google as well.
I'll be back
http://www.smartideasuk.com
http://www.smartmapping.co.uk
HD CCTV
3D design solutions and integration
IP security systems
access control systems
|
|
|
JoelP
|
| posted on 20/12/05 at 09:58 PM |
|
|
did you disable system restore first? if it active, it can re install viruses as soon as you come out of safe mode.
Beware! Bourettes is binfectious.
|
|
|
skydivepaul
|
| posted on 20/12/05 at 10:08 PM |
|
|
Cheers Unclefiesta,
I have got myself a router last week but havent installed it yet. Think that may be my next job.
I'll take a look at CCL in the summer, i work in Bradford near Dudley Hill so I'll be going to work in the MK in the summer months.
Thanks
Paul
quote:
Originally posted by UncleFista
If you're in the market for a router, RoadkillUK has just bought a new one for himself, dunno what he's doing with his old one (it's
a D-link wi-fi) U2U him and ask ? (he works at CCL so you could collect it).
I only have the one PC connected to my cable modem, but I use a router mainly for security. I've not had a single problem since I started using
one.
PS Next time you're at CCL, if the weather's OK, look in the car park, odds are our Locost will be there
Good luck.
[Edited on 20/12/05 by UncleFista]
http://www.smartideasuk.com
http://www.smartmapping.co.uk
HD CCTV
3D design solutions and integration
IP security systems
access control systems
|
|
|
skydivepaul
|
| posted on 20/12/05 at 10:09 PM |
|
|
quote:
Originally posted by JoelP
did you disable system restore first? if it active, it can re install viruses as soon as you come out of safe mode.
yes system restore was disabled
http://www.smartideasuk.com
http://www.smartmapping.co.uk
HD CCTV
3D design solutions and integration
IP security systems
access control systems
|
|
|
%20(WinCE).JPG)
